Lucene search
K

2548 matches found

CVE
CVE
added 2026/06/24 3:42 p.m.35 views

CVE-2026-54905

CVE-2026-54905 affects the concurrent-ruby library, specifically Concurrent::ReentrantReadWriteLock. Before version 1.3.7, after a thread acquires the read lock 32,768 times, the local read count overflows into the WRITE_LOCK_HELD bit, causing try_write_lock to treat the thread as if it holds a w...

5.5CVSS5.8AI score0.00106EPSS
Exploits0References1Affected Software1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.12 views

Astra Linux – Vulnerability in Chromium

Integer overflow in Codecs in Google Chrome prior to version 146.0.7680.178 allowed a remote attacker to perform arbitrary read/write operations through a crafted HTML page. Chromium security severity: High...

8.8CVSS6AI score0.00336EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.13 views

Astra Linux – Vulnerability in Chromium

Before version 146.0.7680.153, read and write operations in WebGL in Google Chrome allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6.2AI score0.00324EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 12:5 p.m.4 views

RLSA-2026:28233 Moderate: libpng security update

The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics PNG image format files. Security Fixes: libpng: libpng: Arbitrary code execution due to use-after-free vulnerability CVE-2026-33416 libpng: libpng: Information disclosure and denial of servi...

7.6CVSS6.5AI score0.01052EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-52106

Name of the Vulnerable Software and Affected Versions chrome-devtools-mcp versions 0.24.0 through 1.0.9 Description A workspace-boundary bypass exists because the McpContext.validatePath function fails to canonicalize symbolic links when checking if a path falls under configured root paths. This...

6.1CVSS5.8AI score0.00087EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51723

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ipc/shm component where the shm destroy orphaned function iterates through the shm idr using shm idsns.rwsem, which fails to serialize all fields evaluated by shm...

5.9AI score0.00165EPSS
Exploits0References19
ATTACKERKB
ATTACKERKB
added 2026/06/23 8:13 p.m.7 views

CVE-2026-47385

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated user with base-create permission can attach a SQLite source pointing at an arbitrary file on the NocoDB host, including NocoDB's own internal databases. The SQLite client and the base/integration creat...

5.3CVSS6AI score0.00324EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/23 5:55 p.m.6 views

Moderate: Red Hat Security Advisory: libpng security update

An update for libpng is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

7.6CVSS6.8AI score0.01052EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/06/23 5:55 p.m.10 views

libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion

A flaw was found in libpng. A remote attacker could exploit an out-of-bounds read and write vulnerability in the ARM/AArch64 Neon-optimized palette expansion path. This occurs when processing a final partial chunk of 8-bit paletted rows without verifying sufficient input pixels, leading to...

7.6CVSS6.5AI score0.00585EPSS
Exploits0References7
NVD
NVD
added 2026/06/23 5:16 p.m.6 views

CVE-2026-33760

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow's /api/v1/monitor router exposes 7 endpoints that perform read, write, and delete operations on user-owned resources — messages, sessions, build artifacts, and LLM transaction logs — without...

8.8CVSS0.00291EPSS
Exploits1References1
OSV
OSV
added 2026/06/23 5:3 p.m.2 views

GHSA-WMFG-5P4H-5FW3 Gogs allows users to write to readonly repositories using receive-pack + service=git-upload-pack confusion

Summary Git smart HTTP authorizes POST …/git-receive-pack using the client-supplied service query string so ?service=git-upload-pack is evaluated as read access while routing still runs git receive-pack, allowing push where only read should be allowed. Details Gogs' Git Smart HTTP handler for...

7.1CVSS6.1AI score0.00427EPSS
Exploits0References5
CVE
CVE
added 2026/06/23 4:30 p.m.23 views

CVE-2026-33760

Langflow (pre-1.9.0) exposes an IDOR/BOLA vulnerability in the /api/v1/monitor router. Seven endpoints (including builds, messages, and transactions) allow read, write, and delete actions on user-owned resources without verifying ownership, enabling an attacker to access or modify another user’s ...

8.8CVSS5.9AI score0.00291EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.9 views

PT-2026-51628

Name of the Vulnerable Software and Affected Versions Gogs affected versions not specified Description Gogs contains an authorization bypass in its Git Smart HTTP handler for repository RPCs. The system determines the authorization policy based on the client-supplied service query parameter rathe...

7.1CVSS6AI score0.00427EPSS
Exploits0References9
NVD
NVD
added 2026/06/22 2:16 p.m.12 views

CVE-2026-28381

The Snowflake datasource allows for GET/PUT commands, which can allow any user with access to run queries against the data source to read/write files between the local grafana server and the connected Snowflake host...

9.6CVSS0.00205EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/22 1:43 p.m.9 views

CVE-2026-52908

A flaw was found in the Linux kernel. This vulnerability occurs during the re-registration of a Remote Direct Memory Access RDMA memory region. If the memory's access permissions are changed from read-only to read-write, the system may fail to properly update and secure the underlying user memory...

7.8CVSS5.6AI score0.00129EPSS
Exploits0References4
CVE
CVE
added 2026/06/22 1:20 p.m.27 views

CVE-2026-28381

The CVE affects the Grafana Snowflake data source: GET/PUT commands can enable a user with access to read/write files between the local Grafana server and the connected Snowflake host, potentially impacting confidentiality and integrity (per metrics: HIGH/ HIGH). Root cause and exact vulnerable c...

9.6CVSS5.9AI score0.00205EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/22 3:16 a.m.15 views

CVE-2026-8918

A permissive list of allowed inputs in ASUS Armoury Crate allows a local administrator to perform arbitrary memory read/write operations or cause a system crash BSOD by bypassing the validation mechanism.Refer to the ' Security Update for Armoury Crate App ' section on the ASUS Security Advisory...

7.1CVSS0.00224EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 2:0 a.m.6 views

EUVD-2026-38205

A permissive list of allowed inputs in ASUS Armoury Crate allows a local administrator to perform arbitrary memory read/write operations or cause a system crash BSOD by bypassing the validation mechanism.Refer to the ' Security Update for Armoury Crate App ' section on the ASUS Security Advisory...

7.1CVSS6AI score0.00224EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 2:0 a.m.31 views

CVE-2026-8918

A permissive list of allowed inputs in ASUS Armoury Crate allows a local administrator to perform arbitrary memory read/write operations or cause a system crash BSOD by bypassing the validation mechanism.Refer to the ' Security Update for Armoury Crate App ' section on the ASUS Security Advisory...

7.1CVSS0.00224EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 2:0 a.m.16 views

CVE-2026-8918

The CVE concerns ASUS Armoury Crate. A permissive input validation allows a local administrator to bypass checks and perform arbitrary memory read/write or trigger a system crash (BSOD). Affected software is ASUS Armoury Crate; the underling issue is permissive input validation in the input handl...

7.1CVSS6AI score0.00224EPSS
Exploits0References1
Rows per page
Query Builder