Lucene search
+L

524 matches found

NVD
NVD
added 2026/07/09 6:16 p.m.11 views

CVE-2026-15195

A weakness has been identified in apidevtools json-schema-ref-parser up to 15.3.5. This impacts the function Refs.set/Pointer.set in the library lib/pointer.ts. Executing a manipulation can lead to improperly controlled modification of object prototype attributes. The attack can be launched...

6.5CVSS0.00262EPSS
Exploits0References8
EUVD
EUVD
added 2026/07/09 5:15 p.m.7 views

EUVD-2026-42651

A weakness has been identified in apidevtools json-schema-ref-parser up to 15.3.5. This impacts the function Refs.set/Pointer.set in the library lib/pointer.ts. Executing a manipulation can lead to improperly controlled modification of object prototype attributes. The attack can be launched...

6.5CVSS6.3AI score0.00262EPSS
Exploits0References8
CVE
CVE
added 2026/07/09 5:15 p.m.12 views

CVE-2026-15195

The CVE affects the apidevtools json-schema-ref-parser package up to version 15.3.5. The vulnerability targets the Refs.set/Pointer.set paths in lib/pointer.ts, enabling remote modification of object prototype attributes (prototype pollution) as described. Impact is described as remote exploitati...

6.5CVSS6.3AI score0.00262EPSS
Exploits0References8
OSV
OSV
added 2026/07/08 5:17 p.m.2 views

DEBIAN-CVE-2026-59928

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a Markdown document containing many repeated or distinct reference-link definitions causes quadratic work in src/mistune/blockparser.py and the reflinks environment dictionary handling, allowing denial of service...

7.5CVSS6.1AI score0.00366EPSS
Exploits1References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/08 4:20 p.m.15 views

Malicious code in @luminarycloudinternal/frodo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58ed68e675b2b6cde30e6b7c8e34077eda805a4bde64ca7cd2c68c6f4370ee5f Package published under a scope shadowing internal Luminary Cloud packages @luminarycloudinternal at version 9999.0.1 — the canonical...

5.9AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.8 views

PT-2026-56261

Name of the Vulnerable Software and Affected Versions FastGPT versions prior to 4.15.0-beta4 Description The HTTP-tool OpenAPI schema importer validates only the top-level URL before passing it to SwaggerParser.bundle. The remote reference resolver within this bundle fetches $ref URLs without...

7.7CVSS6.1AI score0.00238EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/07/06 8:27 p.m.36 views

CVE-2026-54765 Traefik: Gateway HTTPRoute backendRef filters can leak backend context across routes sharing a Service:port

Traefik is an open source HTTP reverse proxy and load balancer. From v3.7.0 prior to v3.7.6, Traefik's Kubernetes Gateway API provider may resolve two accepted HTTPRoutes that target the same backend Service:port but configure different backendRef filters to the same child service and apply only...

6.3CVSS0.00346EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 5:17 p.m.5 views

CVE-2026-52973

In the Linux kernel, the following vulnerability has been resolved: futex: Drop CLONETHREAD requirement for private default hash alloc Currently needfutexhashallocatedefault depends on strict pthread semantics, abusing CLONETHREAD. This breaks the non-concurrency assumptions when doing the...

7.8CVSS0.00134EPSS
Exploits0References6
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.11 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: btrfs: Fix for invalid leaf access in btrfsquotaenable if the ref key is not found. If btrfssearchslotforread returns 1, it means that we did not find any key that is greater than or equal to the key we requested. This means that...

5.5CVSS5.7AI score0.00128EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 7:14 a.m.35 views

CVE-2026-52933 io_uring/poll: fix signed comparison in io_poll_get_ownership()

In the Linux kernel, the following vulnerability has been resolved: iouring/poll: fix signed comparison in iopollgetownership iopollgetownership uses a signed comparison to check whether pollrefs has reached the threshold for the slowpath: if unlikelyatomicread&req-pollrefs = IOPOLLREFBIAS...

7.8CVSS0.0012EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/17 8:5 p.m.22 views

CVE-2026-32682 NGINX Gateway Fabric vulnerability

When NGINX Gateway Fabric is configured using GRPCRoutes, an authenticated, remote attacker with permission to create or modify GRPCRoute resources can cause the NGINX Gateway Fabric control plane to terminate by sending undisclosed GRPCRoute configurations containing backendRef filters. Note:...

7.1CVSS0.00292EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 2:52 p.m.37 views

CVE-2026-12398 Galaxy_ng: shell injection in legacy role import via unsanitized git ref names

A command injection vulnerability was found in galaxyng. The dogitcheckout function in the legacy role import API v1 interpolates unsanitized git ref names branch/tag names into shell commands executed via subprocess.run with shell=True. An authenticated user who controls a git repository can...

7.5CVSS0.00889EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/16 2:52 p.m.10 views

CVE-2026-12398 Galaxy_ng: shell injection in legacy role import via unsanitized git ref names

A command injection vulnerability was found in galaxyng. The dogitcheckout function in the legacy role import API v1 interpolates unsanitized git ref names branch/tag names into shell commands executed via subprocess.run with shell=True. An authenticated user who controls a git repository can...

7.5CVSS6.3AI score0.00889EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/09 2:21 a.m.13 views

SUSE CVE-2026-46277

In the Linux kernel, the following vulnerability has been resolved: mm/zonedevice: do not touch device folio after calling -foliofree The contents of a device folio can immediately change after calling -foliofree, as the folio may be reallocated by a driver with a different order. Instead of...

5.5CVSS5.3AI score0.0012EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/08 8:59 p.m.15 views

CVE-2026-44422

A flaw was found in FreeRDP. A malicious server can exploit a heap use-after-free or double-free vulnerability in the FreeRDP client's RDPEAR authentication-redirection path. This occurs because the RDPEAR NDR parser incorrectly handles pointer reference IDs, leading to the same heap object being...

8.8CVSS6.3AI score0.00384EPSS
Exploits1References4
NVD
NVD
added 2026/06/08 5:16 p.m.14 views

CVE-2026-46277

In the Linux kernel, the following vulnerability has been resolved: mm/zonedevice: do not touch device folio after calling -foliofree The contents of a device folio can immediately change after calling -foliofree, as the folio may be reallocated by a driver with a different order. Instead of...

7.8CVSS0.0012EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/08 3:41 p.m.13 views

EUVD-2026-35142

In the Linux kernel, the following vulnerability has been resolved: mm/zonedevice: do not touch device folio after calling -foliofree The contents of a device folio can immediately change after calling -foliofree, as the folio may be reallocated by a driver with a different order. Instead of...

5.4AI score0.0012EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/08 3:41 p.m.48 views

CVE-2026-46277 mm/zone_device: do not touch device folio after calling ->folio_free()

In the Linux kernel, the following vulnerability has been resolved: mm/zonedevice: do not touch device folio after calling -foliofree The contents of a device folio can immediately change after calling -foliofree, as the folio may be reallocated by a driver with a different order. Instead of...

7.8CVSS0.0012EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.15 views

PT-2026-47349

Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description An issue exists in the mm/zone device component where the system accesses a device folio after the folio free function has been called. Because a folio can be immediately reallocated by ...

9.8CVSS5.2AI score0.03663EPSS
Exploits42References336
OSV
OSV
added 2026/06/05 4:2 p.m.6 views

OPENSUSE-SU-2026:20914-1 Security update for ffmpeg-4

This update for ffmpeg-4 fixes the following issues: Changes in ffmpeg-4: - CVE-2026-30997: avcodec/av1dec: check that primaryrefframe is within range bsc1262047...

7.5CVSS5.5AI score0.00337EPSS
Exploits1References2
Rows per page
Query Builder