Lucene search
K

244 matches found

EUVD
EUVD
added 5 days ago12 views

EUVD-2026-42883

Capgo before 12.128.2 fails to enforce plan/quota restrictions on the /files/upload/attachments endpoint, allowing plan-blocked apps to create publicly readable R2 objects. Attackers can upload arbitrary attachments using upload-scoped API keys that bypass plan checks, persist outside normal bund...

5.4CVSS6.2AI score0.00259EPSS
Exploits0References2
OSV
OSV
added 5 days ago3 views

CVE-2026-56309 Capgo - Plan Bypass via Unrestricted Attachment Upload Endpoint

Capgo before 12.128.2 fails to enforce plan/quota restrictions on the /files/upload/attachments endpoint, allowing plan-blocked apps to create publicly readable R2 objects. Attackers can upload arbitrary attachments using upload-scoped API keys that bypass plan checks, persist outside normal bund...

5.3CVSS6.2AI score0.00259EPSS
Exploits0References4
OSV
OSV
added 2026/07/07 8:35 p.m.6 views

CVE-2026-55635 DataEase: Authenticated SQL Injection in Chart Quota Filters

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, chart quota and Y-axis filters embed attacker-controlled filter values directly into generated SQL in Quota2SQLObj.getYWheres without applying the SQL literal validation and escaping used by other filter paths,...

8.7CVSS6AI score0.00266EPSS
Exploits0References4
CVE
CVE
added 2026/06/24 4:29 p.m.14 views

CVE-2026-53050

CVE-2026-53050 affects the Linux kernel quota subsystem, where dquot_scan_active() can race with quota deactivation in quota_release_workfn(), potentially causing memory corruption or use-after-free under memory pressure. Verified in multiple sources; the workaround/mitigation is to remove the dq...

7.8CVSS5.7AI score0.00129EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/22 9:4 p.m.25 views

CVE-2026-56255 Capgo - Denial of Service via Unlimited Demo App Creation

Capgo before 12.128.2 contains a denial of service vulnerability in the POST /app/demo endpoint that allows authenticated users with org write permissions to create unlimited demo applications without rate limiting or quota enforcement. Attackers can repeatedly invoke this endpoint to generate...

5.3CVSS0.00272EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/28 3:54 a.m.10 views

SUSE CVE-2026-46020

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: validate damosquotagoal-nid for nodememused,freebp Patch series "mm/damon/core: validate damosquotagoal-nid". nodememcgused,freebp DAMOS quota goals receive the node id. The node id is used for simeminfonode and...

4.4CVSS5.9AI score0.00124EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/27 12:57 p.m.43 views

CVE-2026-46067 mm/damon/core: validate damos_quota_goal->nid for node_memcg_{used,free}_bp

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: validate damosquotagoal-nid for nodememcgused,freebp Users can set damosquotagoal-nid with arbitrary value for nodememcgused,freebp. But DAMON core is using those for NODE-DATA without a validation of the value. Th...

0.00117EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/05/27 12:0 a.m.11 views

CVE-2026-45895

quota: fix livelock between quotactl and freezesuper...

5.8AI score0.00155EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.15 views

PT-2026-42752

Name of the Vulnerable Software and Affected Versions Sync-in versions prior to 2.3 Description An issue exists in the URL download feature where the private IP blocklist regex fails to match IPv4-mapped IPv6 addresses, such as ::ffff:127.0.0.1. On dual-stack systems, Node.js may report a socket'...

7.7CVSS5.5AI score0.00221EPSS
Exploits0References7
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ext4: Turn quotas off if mount fails after enabling quotas Yi discovered during a review of the patch “ext4: Don’t report errors with inconsistent journal features” that when ext4markrecoverycomplete returns an error value, the...

6AI score0.00168EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: f2fs: fixed to avoid NULL pointer dereferencing in f2fscheckquotaconsistency. The syzbot reported the following f2fs bug: Oops: gen 107.736417T5848. Oops: general protection fault, likely due to a non-canonical address...

5.9AI score0.00181EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.7 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021655)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021655 advisory. In the Linux kernel, the following vulnerability has been resolved: ocfs2: free inode when ocfs2getinitinode fails syzbot is reporting busy inodes after unmount, for...

5.5CVSS6AI score0.0025EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.8 views

Fedora 42 : xen (2026-0c9aff64a5)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-0c9aff64a5 advisory. oxenstored keeps quota related use counts across domain destruction XSA-483, CVE-2026-23556 Xenstored DoS via XSRESETWATCHES command XSA-484,...

9.4CVSS5.9AI score0.00191EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/08 12:19 p.m.34 views

CVE-2025-69233 Apache CloudStack: Domain/account resources limits not honored

Due to multiple time-of-check time-of-use race conditions in the resource count check and increment logic, as well as missing validations, users of the platform are able to exceed the allocation limits configured for their accounts/domains. This can be used by an attacker to degrade the...

6.5CVSS0.00433EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.6 views

Fedora 44 : xen (2026-883e88db68)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-883e88db68 advisory. oxenstored keeps quota related use counts across domain destruction XSA-483, CVE-2026-23556 Xenstored DoS via XSRESETWATCHES command XSA-484,...

9.4CVSS5.9AI score0.00191EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/01 12:0 a.m.5 views

Fedora 43 : xen (2026-78cd69d9ae)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-78cd69d9ae advisory. oxenstored keeps quota related use counts across domain destruction XSA-483, CVE-2026-23556 Xenstored DoS via XSRESETWATCHES command XSA-484,...

9.4CVSS5.9AI score0.00191EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/04/26 12:0 a.m.7 views

Unity Linux 20.1060a Security Update: kernel (UTSA-2026-014327)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014327 advisory. In the Linux kernel, the following vulnerability has been resolved: quota: fix warning in dqgrab There's issue as follows when do fault injection: WARNING: CPU: 1...

5.5AI score0.00191EPSS
Exploits0References4
OSV
OSV
added 2026/04/23 4:0 a.m.3 views

CVE-2026-41233 Froxlor has a Reseller Domain Quota Bypass via Unvalidated adminid Parameter in Domains.add()

Froxlor is open source server administration software. Prior to version 2.3.6, in Domains.add, the adminid parameter is accepted from user input and used without validation when the calling reseller does not have the customersseeall permission. This allows a reseller to attribute newly created...

5.4CVSS6AI score0.00264EPSS
Exploits1References5
NVD
NVD
added 2026/04/22 2:16 p.m.7 views

CVE-2026-31458

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: check contexts-nr before accessing contextsarr0 Multiple sysfs command paths dereference contextsarr0 without first verifying that kdamond-contexts-nr == 1. A user can set nrcontexts to 0 via sysfs while DAMON is...

5.5CVSS0.00122EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.10 views

PraisonAI 安全漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.128 contained security vulnerabilities. These vulnerabilities stemmed from the lack of authentication or signature verification for the /media-stream WebSocket endpoint, alo...

7.5CVSS5.8AI score0.00372EPSS
Exploits1References2
Rows per page
Query Builder