CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

21703 matches found

RedHat Linux•added 2026/06/10 8:9 p.m.•5 views

kernel: smc: Fix use-after-free in tcp_write_timer_handler()

In the Linux kernel, the following vulnerability has been resolved: smc: Fix use-after-free in tcpwritetimerhandler. With Eric's ref tracker, syzbot finally found a repro for use-after-free in tcpwritetimerhandler by kernel TCP sockets. 0 If SMC creates a kernel socket in smccreate, the kernel...

5.3AI score0.00155EPSS

Exploits0References5

NVD•added 2026/06/10 6:17 p.m.•12 views

CVE-2026-49823

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a Fission Function spec carries three reference types — Secret, ConfigMap, and Package. The first two were namespace-validated by...

7.7CVSS0.00265EPSS

Exploits0References3

Cvelist•added 2026/06/10 5:25 p.m.•24 views

CVE-2026-49824 Fission: Cross-namespace Environment reference via unvalidated EnvironmentRef in Function admission webhook

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, the Fission Function admission webhook pkg/webhook/function.go validated that spec.secrets.namespace and spec.configmaps.namespace...

8.5CVSS0.00223EPSS

Exploits0References3

CVE•added 2026/06/10 5:25 p.m.•9 views

CVE-2026-49824

Fission (Kubernetes-native serverless framework) prior to v1.24.0 allowed a cross-namespace environment reference via the Function admission webhook because spec.environment.namespace was not validated, unlike spec.secrets[].namespace and spec.configmaps[].namespace. The issue affects the Functio...

8.5CVSS5.4AI score0.00223EPSS

Exploits0References3

Vulnrichment•added 2026/06/10 5:23 p.m.•6 views

CVE-2026-49823 Fission: Cross-namespace Package read via unvalidated PackageRef in Function admission webhook

7.7CVSS5.4AI score0.00265EPSS

Exploits0References3

EUVD•added 2026/06/10 5:23 p.m.•7 views

EUVD-2026-36096

7.7CVSS5.4AI score0.00265EPSS

Exploits0References3

CVE•added 2026/06/10 5:23 p.m.•15 views

CVE-2026-49823

Summary : CVE-2026-49823 affects Fission (Kubernetes-native serverless framework). Before version 1.24.0, the PackageRef.Namespace in a Fission Function spec was not validated by the admission webhook (unlike Secret/ConfigMap). This allowed cross-namespace access via an unvalidated Package refere...

7.7CVSS5.4AI score0.00265EPSS

Exploits0References3

Cvelist•added 2026/06/10 5:21 p.m.•24 views

CVE-2026-49821 Fission: Cross-namespace Environment reference in Package allows build-time command execution and SA token exfiltration

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's buildermgr controller processed Package CRDs without verifying that Package.spec.environment.namespace matched...

7.7CVSS0.00231EPSS

Exploits0References3

Github Security Blog•added 2026/06/10 1:38 p.m.•9 views

@hulumi/policies has a HULUMI-H5 bypass via decoy sibling resources targeting a different bucket

Affected: @hulumi/policies 1.4.0 — Fixed in: 1.4.0 — Severity: High — CWE-284 Improper Access Control Summary HULUMI-H1 forbids raw aws:s3:Bucket outside of Hulumi's SecureBucket component, with one exemption: a raw bucket that's a child of a SecureBucket is allowed because the component is...

5.4AI score0.00039EPSS

Exploits0References4Affected Software1