Lucene search
K

2508 matches found

Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.17 views

PT-2026-44206

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'append where sql' parameter in all versions up to, and including, 1.6.11.8 due to insufficient escaping on the user supplied parameter and...

7.5CVSS5.8AI score0.00554EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2026/05/27 9:37 p.m.13 views

CVE-2026-45997

A flaw was found in the Linux kernel's SCSI disk sd driver. When adding a new device, a failure in deviceadd can lead to a resource leak where a gendisk remains referenced but is not properly freed. This missing cleanup, specifically the putdisk call, can result in resource exhaustion. A local...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References4
NVD
NVD
added 2026/05/27 6:16 p.m.23 views

CVE-2026-45717

Budibase is an open-source low-code platform. Prior to 3.38.1, Budibase exposes a REST API for datasource management. The route PUT /api/datasources/:datasourceId is registered in the authorizedRoutes group with TABLE/READ permission. This is the same authorization level as the read endpoint GET...

8.8CVSS0.00251EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/27 5:9 p.m.13 views

EUVD-2026-32601

Budibase is an open-source low-code platform. Prior to 3.38.1, Budibase exposes a REST API for datasource management. The route PUT /api/datasources/:datasourceId is registered in the authorizedRoutes group with TABLE/READ permission. This is the same authorization level as the read endpoint GET...

8.8CVSS6AI score0.00251EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/27 3:35 p.m.8 views

CVE-2026-44318

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's BSF PUT /nbsf-management/v1/subscriptions/subId handler has an unsynchronized write on the global Subscriptions map. The handler first reads the map under RLock via BSFContext.GetSubscriptionsubId, but if t...

6.5CVSS5.9AI score0.00268EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/05/27 3:33 p.m.10 views

EUVD-2026-32285

In the Linux kernel, the following vulnerability has been resolved: of: unittest: fix use-after-free in testdrvprobe The function testdrvprobe retrieves the devicenode from the PCI device, applies an overlay, and then immediately calls ofnodeputdn. This releases the reference held by the PCI core...

5.7AI score0.00163EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/27 3:33 p.m.15 views

EUVD-2026-32265

In the Linux kernel, the following vulnerability has been resolved: s390/cio: Fix device lifecycle handling in cssallocsubchannel cssallocsubchannel calls deviceinitialize before setting up the DMA masks. If dmasetcoherentmask or dmasetmask fails, the error path frees the subchannel structure...

5.7AI score0.00126EPSS
Exploits0References9
EUVD
EUVD
added 2026/05/27 3:33 p.m.13 views

EUVD-2026-32248

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix gssauth kref leak in gssallocmsg error path Commit 5940d1cf9f42 "SUNRPC: Rebalance a kref in authgss.c" added a krefget&gssauth-kref call to balance the gssputauth done in gssreleasemsg, but forgot to add a...

5.8AI score0.0016EPSS
Exploits0References9
EUVD
EUVD
added 2026/05/27 3:33 p.m.10 views

EUVD-2025-209966

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fix ntfsmountoptions leak in ntfsfillsuper In ntfsfillsuper, the fc-fsprivate pointer is set to NULL without first freeing the memory it points to. This causes the subsequent call to ntfsfsfree to skip freeing the...

5.8AI score0.00137EPSS
Exploits0References3
NVD
NVD
added 2026/05/27 2:17 p.m.19 views

CVE-2026-45981

In the Linux kernel, the following vulnerability has been resolved: s390/cio: Fix device lifecycle handling in cssallocsubchannel cssallocsubchannel calls deviceinitialize before setting up the DMA masks. If dmasetcoherentmask or dmasetmask fails, the error path frees the subchannel structure...

5.5CVSS0.00126EPSS
Exploits0References5
OSV
OSV
added 2026/05/27 2:17 p.m.25 views

UBUNTU-CVE-2026-45920

In the Linux kernel, the following vulnerability has been resolved: ext4: fix dirtyclusters double decrement on fs shutdown fstests test generic/388 occasionally reproduces a warning in ext4putsuper associated with the dirty clusters count: WARNING: CPU: 7 PID: 76064 at fs/ext4/super.c:1324...

7.8CVSS5.4AI score0.00146EPSS
Exploits0References3
OSV
OSV
added 2026/05/27 2:17 p.m.17 views

UBUNTU-CVE-2026-45997

In the Linux kernel, the following vulnerability has been resolved: scsi: sd: fix missing putdisk when deviceadd&diskdev fails If deviceadd&sdkp-diskdev fails, putdevice runs scsidiskrelease, which frees the scsidisk but leaves the gendisk referenced. The deviceadddisk error path in sdprobe calls...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References7
OSV
OSV
added 2026/05/27 2:17 p.m.8 views

UBUNTU-CVE-2026-46013

In the Linux kernel, the following vulnerability has been resolved: mm/memfdluo: fix physical address conversion in putfolios cleanup In memfdluoretrievefolios's putfolios cleanup path: 1. khorestorefolio expects a physaddrt physical address but receives a raw PFN pfolio-pfn. This causes...

5.5CVSS5.7AI score0.00107EPSS
Exploits0References7
OSV
OSV
added 2026/05/27 2:17 p.m.9 views

UBUNTU-CVE-2026-46009

In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-epf-ntb: Remove duplicate resource teardown epfntbepcdestroy duplicates the teardown that the caller is supposed to do later. This leads to an oops when .allowlink fails or when .droplink is performed. Remove t...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References7
OSV
OSV
added 2026/05/27 2:17 p.m.9 views

UBUNTU-CVE-2026-46053

In the Linux kernel, the following vulnerability has been resolved: net: rds: fix MR cleanup on copy error rdsrdmamap hands sg/pages ownership to the transport after getmr succeeds. If copying the generated cookie back to user space fails after that point, the error path must not free those...

7.8CVSS5.7AI score0.00129EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/27 12:57 p.m.43 views

CVE-2026-46053 net: rds: fix MR cleanup on copy error

In the Linux kernel, the following vulnerability has been resolved: net: rds: fix MR cleanup on copy error rdsrdmamap hands sg/pages ownership to the transport after getmr succeeds. If copying the generated cookie back to user space fails after that point, the error path must not free those...

7.8CVSS0.00129EPSS
Exploits0References8
CVE
CVE
added 2026/05/27 12:57 p.m.28 views

CVE-2026-46053

CVE-2026-46053 affects the Linux kernel RDS memory-registration cleanup. In net/rds, __rds_rdma_map() transfers ownership of sg/pages after get_mr(); if copying the cookie back to user space fails, resources could be freed more than once. The fix removes a duplicate unpin/free in the put_user() f...

7.8CVSS5.8AI score0.00129EPSS
Exploits0References8Affected Software1
EUVD
EUVD
added 2026/05/27 12:56 p.m.12 views

EUVD-2026-32411

In the Linux kernel, the following vulnerability has been resolved: EDAC/versalnet: Fix devicenode leak in mcprobe ofparsephandle returns a devicenode reference that must be released with ofnodeput. The original code never freed r5corenode on any exit path, causing a memory leak. Fix this by usin...

5.8AI score0.00121EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/27 12:56 p.m.43 views

CVE-2026-46013 mm/memfd_luo: fix physical address conversion in put_folios cleanup

In the Linux kernel, the following vulnerability has been resolved: mm/memfdluo: fix physical address conversion in putfolios cleanup In memfdluoretrievefolios's putfolios cleanup path: 1. khorestorefolio expects a physaddrt physical address but receives a raw PFN pfolio-pfn. This causes...

0.00107EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/05/27 12:56 p.m.8 views

CVE-2026-46013

In the Linux kernel, the following vulnerability has been resolved: mm/memfdluo: fix physical address conversion in putfolios cleanup In memfdluoretrievefolios's putfolios cleanup path: 1. khorestorefolio expects a physaddrt physical address but receives a raw PFN pfolio-pfn. This causes...

5.5CVSS5.7AI score0.00107EPSS
Exploits0
Rows per page
Query Builder