Lucene search
K

491 matches found

OSV
OSV
added 2026/07/06 9:17 p.m.1 views

CVE-2026-42204 Coolify: Authenticated RCE via SHELL_SAFE_COMMAND_PATTERN regression → host root

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. From 4.0.0-beta.471 through 4.0.0-beta.473, a regression in SHELLSAFECOMMANDPATTERN allowed ampersands in custom Docker Compose build, start, and pre/post-deployment command fields, allowing an...

8.8CVSS6AI score0.00359EPSS
Exploits0References6
Ubuntu
Ubuntu
added 2026/06/16 8:41 a.m.11 views

USN-8432-1: FreeRDP vulnerabilities

It was discovered that FreeRDP incorrectly handled memory under certain circumstances, which could lead to an out-of-bounds heap write. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. CVE-2026-45700 In addition, this update fixes a regression...

9.8CVSS5.6AI score0.0049EPSS
Exploits1References1
OSV
OSV
added 2026/06/16 8:41 a.m.5 views

USN-8432-1 freerdp2, freerdp3 vulnerabilities

It was discovered that FreeRDP incorrectly handled memory under certain circumstances, which could lead to an out-of-bounds heap write. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. CVE-2026-45700 In addition, this update fixes a regression...

9.8CVSS5.7AI score0.0049EPSS
Exploits1References3
Ubuntu
Ubuntu
added 2026/06/10 12:22 p.m.13 views

USN-6455-2: Exim regression

USN-6455-1 fixed vulnerabilities in Exim. The fix for CVE-2023-42117 introduced a regression on Ubuntu 22.04 LTS that resulted in certain connections logging a Taint mismatch error. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered tha...

6AI score
Exploits0References1
OSV
OSV
added 2026/06/03 9:16 a.m.36 views

USN-8344-3 python-pip vulnerability

USN-8344-1 introduced a regression in pip. This update provides a complete fix for this issue.. We apologize for the inconvenience. Original advisory details: It was discovered that pip's bundled urllib3 library improperly handled streaming decompression of highly compressed data. A remote attack...

8.9CVSS6.8AI score0.00633EPSS
Exploits0References2
OSV
OSV
added 2026/05/29 10:47 a.m.13 views

USN-8338-2 apache2 regression

USN-8338-1 fixed vulnerabilities in Apache HTTP Server. The update introduced a regression that prevented modhttp2 from loading on Ubuntu 18.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Apache HTTP Server incorrectly...

5.9AI score
Exploits0References2
Ubuntu
Ubuntu
added 2026/05/21 5:15 a.m.16 views

USN-8202-3: jq regression

USN-8202-1 fixed vulnerabilities in jq. The update caused a regression for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that jq did not correctly handle certain string concatenations. An...

7.5CVSS6AI score0.00366EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: i40e: Fixed the issue where “vf” might be used without initialization in this function. To address the regression introduced by commit 52424f974bc5, which causes servers to hang under very difficult-to-reproduce conditions due...

5.5CVSS6.4AI score0.00247EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: scsi: core: Fixed a regression related to the removal of the procfs host directory. The scsiprochostdirrm function decreases a reference counter; therefore, it should only be called once per host that is removed. This change...

5.5CVSS5.8AI score0.00166EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/dp: Fixed a divide-by-zero regression that occurred when unplugging a StarTech MSTDP122DP DisplayPort 1.2 MST hub using nouveau. Fixed a regression that occurred when using nouveau and unplugging a StarTech MSTDP122DP...

5.5CVSS6.1AI score0.00193EPSS
Exploits0References2
NVD
NVD
added 2026/05/06 12:16 p.m.9 views

CVE-2026-43151

In the Linux kernel, the following vulnerability has been resolved: Revert "media: iris: Add sanity check for stop streaming" This reverts commit ad699fa78b59241c9d71a8cafb51525f3dab04d4. Revert the check that skipped stopstreaming when the instance was in IRISINSTERROR, as it caused multiple...

5.5CVSS0.00126EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/05 6:33 p.m.17 views

OpenStack Horizon has Incorrect Behavior Order

An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix...

5.3CVSS5.8AI score0.00365EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/05/05 12:0 a.m.35 views

CVE-2026-43002

An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix...

5.3CVSS0.00365EPSS
Exploits0References3
CVE
CVE
added 2026/05/05 12:0 a.m.18 views

CVE-2026-43002

CVE-2026-43002 (OpenStack Horizon) affects Horizon 25.6 and 25.7 prior to 25.7.3. A write operation to the session storage backend occurs before authentication, allowing unauthenticated requests to exhaust storage. This is a regression of CVE-2014-8124. Impact: potential denial of service due to ...

5.3CVSS5.8AI score0.00365EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.18 views

SUSE SLES16 : Recommended update for python-urllib3 (SUSE-SU-SUSE-RU-2026:21430-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-SUSE-RU-2026:21430-1 advisory. This update for python-urllib3 fixes the following issue: - Fix regression in CVE-2025-66471.patch bsc1254867 Tenable has extracted...

8.9CVSS5.9AI score0.00633EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.16 views

openSUSE 16 : Recommended update for python-urllib3 (SUSE-SU-openSUSE-RU-2026:20649-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU- openSUSE-RU-2026:20649-1 advisory. This update for python-urllib3 fixes the following issue: - Fix regression in CVE-2025-66471.patch bsc1254867 Tenable has extracted the precedin...

8.9CVSS5.9AI score0.00633EPSS
Exploits0References3
Debian
Debian
added 2026/05/01 2:34 p.m.8 views

[SECURITY] [DSA 6197-3] dovecot regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-6197-3 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 01, 2026 https://www.debian.org/security/faq -...

5.3CVSS5.7AI score0.00427EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2026/05/01 1:56 p.m.2 views

CVE-2026-31713

In the Linux kernel, the following vulnerability has been resolved: fuse: abort on fatal signal during sync init When sync init is used and the server exits for some reason error, crash while processing FUSEINIT, the filesystem creation will hang. The reason is that while all other threads will...

5.8AI score0.00115EPSS
Exploits0References4Affected Software1
Ubuntu
Ubuntu
added 2026/04/28 12:52 p.m.14 views

USN-8136-2: Dovecot regression

USN-8136-1 fixed vulnerabilities in Dovecot. The update caused a regression on Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Dovecot incorrectly handled invalid base64 SASL data. An...

5.3CVSS5.9AI score0.00427EPSS
Exploits1References1
NVD
NVD
added 2026/04/24 3:16 p.m.8 views

CVE-2026-31538

In the Linux kernel, the following vulnerability has been resolved: smb: server: make use of smbdirectsocket.recvio.credits.available The logic off managing recv credits by counting posted recvio and granted credits is racy. That's because the peer might already consumed a credit, but between...

7.5CVSS0.00426EPSS
Exploits0References3
Rows per page
Query Builder