Lucene search
K

23 matches found

RedhatCVE
RedhatCVE
added 2 days ago6 views

CVE-2026-54516

A flaw was found in jackson-databind. This vulnerability allows a remote attacker to bypass security controls by exploiting an issue in how properties are handled when both @JsonProperty for renaming and @JsonIgnore for ignoring annotations are used. By supplying a specially crafted JSON key, an...

5.3CVSS5.7AI score0.00282EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 3 days ago4 views

kernel: mm/page_alloc: clear page->private in free_pages_prepare()

A flaw was found in the Linux kernel's memory management subsystem. When pages are freed, the page-private field is not properly cleared. If these pages are later reallocated as high-order pages and split, the tail pages can retain stale page-private values. This can lead to a use-after-free...

7.8CVSS7AI score0.0013EPSS
Exploits0References5
OSV
OSV
added 2026/06/23 9:24 p.m.3 views

GHSA-9FXM-VC8V-HJ55 jackson-databind's renamed @JsonIgnore'd setters can deserialize via private fields

Summary POJOPropertiesCollector.renameProperties allows a property with @JsonProperty"renamed" on the getter and @JsonIgnore on the setter to be renamed rather than dropped. With MapperFeature.INFERPROPERTYMUTATORS enabled default, the private backing field is retained; during deserialization...

5.3CVSS5.9AI score0.00282EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/23 8:48 p.m.30 views

CVE-2026-54516 jackson-databind: Renamed @JsonIgnore'd setters can deserialize via private fields

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, POJOPropertiesCollector.renameProperties allows a property with @JsonProperty"renamed" on the getter and @JsonIgnore on the setter to be renamed...

5.3CVSS0.00282EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/28 2:41 a.m.26 views

kernel: mm/page_alloc: clear page->private in free_pages_prepare()

A flaw was found in the Linux kernel's memory management subsystem. When pages are freed, the page-private field is not properly cleared. If these pages are later reallocated as high-order pages and split, the tail pages can retain stale page-private values. This can lead to a use-after-free...

7.8CVSS5.8AI score0.0013EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/08 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2026-43303

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/pagealloc: clear page-private in freepagesprepare Several subsystems slub, shmem, ttm, etc. use page-private but don't clear it before freeing pages. When...

7.8CVSS7.2AI score0.0013EPSS
Exploits0References4
NVD
NVD
added 2025/12/16 2:15 p.m.5 views

CVE-2025-68167

In the Linux kernel, the following vulnerability has been resolved: gpiolib: fix invalid pointer access in debugfs If the memory allocation in gpiolibseqstart fails, the s-private field remains uninitialized and is later dereferenced without checking in gpiolibseqstop. Initialize s-private to NUL...

0.00166EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/12/16 2:15 p.m.3 views

CVE-2025-68167

In the Linux kernel, the following vulnerability has been resolved: gpiolib: fix invalid pointer access in debugfs If the memory allocation in gpiolibseqstart fails, the s-private field remains uninitialized and is later dereferenced without checking in gpiolibseqstop. Initialize s-private to NUL...

5.7AI score0.00166EPSS
Exploits0References10
Cvelist
Cvelist
added 2025/12/16 1:42 p.m.24 views

CVE-2025-68167 gpiolib: fix invalid pointer access in debugfs

In the Linux kernel, the following vulnerability has been resolved: gpiolib: fix invalid pointer access in debugfs If the memory allocation in gpiolibseqstart fails, the s-private field remains uninitialized and is later dereferenced without checking in gpiolibseqstop. Initialize s-private to NUL...

0.00166EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 10:25 p.m.3 views

Malicious code in sonic-ijos-aaaf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67f73621e614fb3c63feaf4177bc8ae9890f8b437d21bae59b357ea17e0a5fda This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 2025/11/12 12:40 a.m.4 views

kernel: fs: fix UAF/GPF bug in nilfs_mdt_destroy

In the Linux kernel, the following vulnerability has been resolved: fs: fix UAF/GPF bug in nilfsmdtdestroy In allocinode, inodeinitalways could return -ENOMEM if securityinodealloc fails, which causes inode-iprivate uninitialized. Then nilfsismetadatafileinode returns true and nilfsfreeinode...

7.8CVSS6.8AI score0.00206EPSS
Exploits0References5
OSV
OSV
added 2025/11/10 5:21 p.m.2 views

MAL-2025-57038 Malicious code in joko-lepet19-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a2f078c27458898d3991f8bcdb86c860c30e5140213db8b9adb256f2c763cae1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/10 5:18 a.m.2 views

MAL-2025-54416 Malicious code in putri-rojak84-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d52308bcc58e389356ea7c635ad0c3d7cb4d1be4644ea7b952183a8009722bd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
CNNVD
CNNVD
added 2025/10/28 12:0 a.m.3 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from accessing rproc-priv before the ISERRORNULL check, which could result in a null pointer dereference...

6.1AI score0.00197EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 3:19 p.m.2 views

EUVD-2025-32762

In the Linux kernel, the following vulnerability has been resolved: perf trace: Really free the evsel-priv area In 3cb4d5e00e037c70 "perf trace: Free syscall tp fields in evsel-priv" it only was freeing if strcmpevsel-tpformat-system, "syscalls" returned zero, while the corresponding initializati...

6AI score0.0018EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 3:55 a.m.10 views

CVE-2023-34235

Strapi is an open-source headless content management system. Prior to version 4.10.8, it is possible to leak private fields if one is using the tnumber prefix. Knex query allows users to change the default prefix. For example, if someone changes the prefix to be the same as it was before or to...

8.6CVSS6.7AI score0.00906EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/08/01 12:0 a.m.2 views

ForgeRock OpenIDM 安全漏洞

ForgeRock OpenIDM is an identity management system from ForgeRock USA. A security vulnerability exists in ForgeRock OpenIDM that stems from improper input validation of query search results for private field data, allowing an attacker to cause an information disclosure through the use of...

2.7CVSS6.2AI score0.00671EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2024/04/05 2:22 a.m.2 views

SUSE CVE-2023-52639

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: vsie: fix race during shadow creation Right now it is possible to see gmap-private being zero in kvms390vsiegmapnotifier resulting in a crash. This is due to the fact that we add gmap-private == kvm after creation:...

5.5CVSS6.2AI score0.00175EPSS
Exploits0References15
OSV
OSV
added 2024/04/03 3:15 p.m.1 views

DEBIAN-CVE-2023-52639

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: vsie: fix race during shadow creation Right now it is possible to see gmap-private being zero in kvms390vsiegmapnotifier resulting in a crash. This is due to the fact that we add gmap-private == kvm after creation:...

4.7CVSS5.4AI score0.00175EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2024/04/03 3:15 p.m.29 views

CVE-2023-52639

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: vsie: fix race during shadow creation Right now it is possible to see gmap-private being zero in kvms390vsiegmapnotifier resulting in a crash. This is due to the fact that we add gmap-private == kvm after creation:...

4.7CVSS6.3AI score0.00175EPSS
Exploits0References23
Rows per page
Query Builder