Lucene search
K

426 matches found

OSV
OSV
added 5 days ago4 views

CVE-2026-55882 Tilt: Unauthenticated pprof debug endpoints on the Tilt HUD server

Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.19.5 through 0.37.3, the Tilt HUD server mounts Go net/http/pprof handlers under /debug with no access control. When the HUD or apiserver listener is network-exposed, an unauthenticated caller can read process memor...

8.3CVSS6.2AI score0.00384EPSS
Exploits0References6
CVE
CVE
added 5 days ago38 views

CVE-2026-55882

Summary: Tilt (Tilt HUD server) before v0.37.4 exposes Go pprof endpoints under /debug with no access control, allowing unauthenticated network-accessible listeners to read memory and tokens via /debug/pprof/heap and /debug/pprof/goroutine, and potentially degrade performance via /debug/pprof/pro...

8.3CVSS6.2AI score0.00384EPSS
Exploits0References4
OSV
OSV
added 2026/07/08 11:36 a.m.5 views

BIT-PYTHON-MIN-2026-5713 Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target

The "profiling.sampling" module Python 3.15+ and "asyncio introspection capabilities" 3.14+, "python -m asyncio ps" and "python -m asyncio pstree" features could be used to read and write addresses in a privileged process if that process connected to a malicious or "infected" Python process via t...

5.3CVSS5.7AI score0.00132EPSS
Exploits0References7
OSV
OSV
added 2026/07/08 11:36 a.m.5 views

BIT-PYTHON-2026-5713 Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target

The "profiling.sampling" module Python 3.15+ and "asyncio introspection capabilities" 3.14+, "python -m asyncio ps" and "python -m asyncio pstree" features could be used to read and write addresses in a privileged process if that process connected to a malicious or "infected" Python process via t...

5.3CVSS5.7AI score0.00132EPSS
Exploits0References7
OSV
OSV
added 2026/07/08 11:31 a.m.14 views

BIT-LIBPYTHON-2026-5713 Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target

The "profiling.sampling" module Python 3.15+ and "asyncio introspection capabilities" 3.14+, "python -m asyncio ps" and "python -m asyncio pstree" features could be used to read and write addresses in a privileged process if that process connected to a malicious or "infected" Python process via t...

5.3CVSS5.7AI score0.00132EPSS
Exploits0References7
Fedora
Fedora
added 2026/07/06 2:55 p.m.9 views

[SECURITY] Fedora 44 Update: rust-inferno-0.12.6-3.fc44

Rust port of the FlameGraph performance profiling tool suite...

5.9AI score
Exploits0
Snyk
Snyk
added 2026/07/02 10:18 p.m.4 views

Active Debug Code

Overview Affected versions of this package are vulnerable to Active Debug Code via improper handler registration on the shared http.DefaultServeMux. An attacker can gain unauthorized access to sensitive debug and metrics endpoints by sending crafted requests, potentially exposing process command...

7.7CVSS6AI score0.00266EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/02 10:18 p.m.6 views

Active Debug Code

Overview Affected versions of this package are vulnerable to Active Debug Code via improper handler registration on the shared http.DefaultServeMux. An attacker can gain unauthorized access to sensitive debug and metrics endpoints by sending crafted requests, potentially exposing process command...

7.7CVSS6AI score0.00266EPSS
Exploits0References2
NVD
NVD
added 2026/07/02 8:17 p.m.5 views

CVE-2026-59092

JuiceFS through 1.3.1, fixed in commit a46979c, contains an authentication bypass vulnerability that allows unauthenticated remote attackers to access sensitive debug and metrics endpoints by exploiting improper handler registration on the shared http.DefaultServeMux. Attackers can request the...

7.7CVSS0.00266EPSS
Exploits0References4
Microsoft Secure
Microsoft Secure
added 2026/06/29 4:27 p.m.17 views

Chromium extension uses AI‑related branding to redirect browser search

In this article 1. Extension overview 2. Key indicators of malicious behavior 3. Dynamic analysis findings 4. Mitigation and protection guidance 5. References 6. Learn more Microsoft Threat Intelligence has identified a malicious Chromium-based extension that spoofs the AI-powered answer engine...

6AI score
Exploits0
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: mm/slab: Added alloctaggingslabfreehook for memcgallocabortsingle When CONFIGMEMALLOCPROFILINGDEBUG is enabled, the following warning may be observed: 3959.023862 ------------ Cut here ------------ 3959.023891 alloctag was not...

5.5CVSS5.8AI score0.00112EPSS
Exploits0References2
OSV
OSV
added 2026/06/17 12:0 p.m.7 views

MAL-2026-6153 Malicious code in datapersistence-profiling (npm)

The npm package datapersistence-profiling published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...

5.5AI score
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/06/17 2:22 a.m.6 views

SUSE CVE-2026-23517

Fleet is open source device management software. A broken access control issue in versions prior to 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3 allowed authenticated users to access debug and profiling endpoints regardless of role. As a result, low-privilege users could view internal server...

8.7CVSS5.2AI score0.00246EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/11 5:10 p.m.9 views

Arc: Unauthenticated access to Go debug pprof endpoints leaks runtime state and enables CPU-burn DoS

Summary Arc registers Go's net/http/pprof handlers at /debug/pprof/ via app.Usepprof.New in internal/api/server.go, and /debug/pprof is added to PublicPrefixes in cmd/arc/main.go. The auth middleware short-circuits before the token check on prefix match, so the endpoints are reachable without any...

6.1AI score0.0009EPSS
Exploits0References4Affected Software1
Rapid7 Blog
Rapid7 Blog
added 2026/06/11 1:0 p.m.31 views

Criminal AI-as-a-Service in 2026: How the Underground Market Is Operationalizing Cybercrime

Introduction The underground market for criminally oriented generative AI has moved beyond the early hype surrounding 'malicious chatbots.' The gradual integration of AI as a productivity layer within cybercrime operations has become the dominant story, indicating that while the potential for ful...

6.2AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/06/09 2:21 a.m.15 views

SUSE CVE-2026-46279

In the Linux kernel, the following vulnerability has been resolved: mm/alloctag: clear codetag for pages allocated before pageext initialization Due to initialization ordering, pageext is allocated and initialized relatively late during boot. Some pages have already been allocated and freed befor...

4.4CVSS5.4AI score0.00127EPSS
Exploits0References3
NVD
NVD
added 2026/06/08 5:16 p.m.10 views

CVE-2026-46279

In the Linux kernel, the following vulnerability has been resolved: mm/alloctag: clear codetag for pages allocated before pageext initialization Due to initialization ordering, pageext is allocated and initialized relatively late during boot. Some pages have already been allocated and freed befor...

7.8CVSS0.00127EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/08 3:41 p.m.41 views

CVE-2026-46279 mm/alloc_tag: clear codetag for pages allocated before page_ext initialization

In the Linux kernel, the following vulnerability has been resolved: mm/alloctag: clear codetag for pages allocated before pageext initialization Due to initialization ordering, pageext is allocated and initialized relatively late during boot. Some pages have already been allocated and freed befor...

0.00127EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:41 p.m.8 views

CVE-2026-46279

In the Linux kernel, the following vulnerability has been resolved: mm/alloctag: clear codetag for pages allocated before pageext initialization Due to initialization ordering, pageext is allocated and initialized relatively late during boot. Some pages have already been allocated and freed befor...

5.3AI score0.00127EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/06/08 3:41 p.m.34 views

CVE-2026-46279

CVE-2026-46279 — In the Linux kernel, the issue lies in mm/alloc_tag where pages allocated before page_ext initialization may have an uninitialized codetag, potentially triggering KASAN warnings when later freed. The fix introduces a global array (8192 entries) to track such pages during boot and...

7.8CVSS5.4AI score0.00127EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder