Lucene search
K

3057 matches found

AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: cifs: Fixed the locking usage for tcon fields. Previously, we used cifstcpseslock to protect many objects that weren’t just server, ses, or tcon lists. Later, we introduced svrlock, seslock, and tc Lock to protect fields withi...

8.8CVSS5.7AI score0.00298EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 7:14 a.m.10 views

EUVD-2026-38706

In the Linux kernel, the following vulnerability has been resolved: crypto: jitterentropy - replace long-held spinlock with mutex jentkcapirandom serializes the shared jitterentropy state, but it currently holds a spinlock across the jentreadentropy call. That path performs expensive jitter...

5.8AI score0.00156EPSS
Exploits0References5
CVE
CVE
added 2026/06/24 7:14 a.m.9 views

CVE-2026-52936

The CVE-2026-52936 entry describes a Linux kernel fix in crypto/jitterentropy where the jent_kcapi_random() path previously held a spinlock across jent_read_entropy(), causing potential stalls during entropy generation. The vulnerability arises because this spinlock protected an expensive operati...

5.8AI score0.00156EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-52936

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto: jitterentropy - replace long-held spinlock with mutex jentkcapirandom serializes the shared jitterentropy state, but it currently holds a spinlock acros...

5.9AI score0.00156EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.8 views

PT-2026-51638

Name of the Vulnerable Software and Affected Versions mise versions prior to 2026.6.1 Description The HTTP backend in mise improperly handles version strings for non-latest versions when creating install symlinks. Instead of using a sanitized version pathname, it uses the raw resolved version...

5.5CVSS6AI score0.00175EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/22 12:34 p.m.6 views

EUVD-2026-38230

Incorrect default permissions in ArubaSign, affecting versions prior to v4.6.6. The vulnerability is caused by the assignment of inappropriate permissions during the software’s default installation, whereby the main executable and other programme files located in C:\Program Files have excessive...

8.8CVSS6.3AI score0.00122EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 7:38 a.m.9 views

CVE-2026-44914

Apache NiFi 1.12.0 through 2.9.0 are missing authorization when replacing Process Groups that include extension components with specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required, but framework authorization did not...

7.5CVSS5.9AI score0.00393EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/22 7:38 a.m.31 views

CVE-2026-44914 Apache NiFi: Missing Authorization of Restricted Permissions when Replacing Flow Contents

Apache NiFi 1.12.0 through 2.9.0 are missing authorization when replacing Process Groups that include extension components with specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required, but framework authorization did not...

7.5CVSS0.00393EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/19 10:10 p.m.20 views

@jhb.software/payload-cloudinary-plugin: Arbitrary Cloudinary API Parameter Signing

Arbitrary Cloudinary API Parameter Signing in @jhb.software/payload-cloudinary-plugin Summary @jhb.software/payload-cloudinary-plugin v0.3.4 exposes a server-side signing endpoint POST /api/cloudinary-generate-signature that passes attacker-supplied paramsToSign directly to...

6.1AI score
Exploits0References2Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: scsi: mpi3mr: Issues in mpi3mrgetalltgtinfo have been fixed. The function mpi3mrgetalltgtinfo has four issues: 1. It calculates the valid entry length in alltgtinfo assuming that the header part of the struct mpi3mrdevicemapin...

7.8CVSS6AI score0.00141EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.11 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: fixed a use-after-free in twtimerhandler A real-world panic issue was discovered in Linux 5.4. The details of the issue are as follows: - Bug: Unable to handle a page fault for the address: ffffde49a863de28 - Memory layout:...

7.8CVSS6AI score0.00244EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: soc: mediatek: mtk-svs: Enable the IRQ later. If the system does not start from a reset state such as when it is booted via kexec, the peripheral device may trigger an IRQ before the data structures are initialized. 0.227710 Unab...

5.2AI score0.00198EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux

A issue was discovered in netfilter within the Linux kernel before version 5.10. There may be a use-after-free situation in the packet processing context, as the per-CPU sequence count is mishandled during concurrent iptables rule replacements. This vulnerability could be exploited with the...

6.7CVSS6.6AI score0.00444EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: btrfs: dev-replace: Device name buffers passed to the device replace function are properly validated for string termination. This prevents a read out of bounds situation in the getnamekernel function. There is a syzbot report...

7.1CVSS5.9AI score0.00247EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net: hsr: The WARNONCE function was removed from the sendhsrsupervisionframe function. Syzkaller reported 1 that a warning was issued after attempting to allocate resources for skb in hsrinitskb. Since calling WARNONCE does not...

5.5CVSS6.2AI score0.00226EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: nvme: fixed memory allocation in nvmeprreadkeys nvmeprreadkeys takes numkeys from userspace and uses it to calculate the allocation size for rse via structsize. The upper limit is PRKEYSMAX 64K. A malicious or buggy userspace...

7.1CVSS5.4AI score0.00121EPSS
Exploits0References1
OSV
OSV
added 2026/06/17 6:13 p.m.4 views

GHSA-MX8G-39Q3-5C79 webpack-dev-server vulnerable to HMR WebSocket interception via permissive user proxies

Impact When a user-configured proxy on webpack-dev-server has a broad context e.g. / and ws: true, it also intercepts the dev server's own HMR WebSocket and forwards it to the proxy target. This leaks the browser's cookies and Origin header to the backend, bypasses the dev server's Host/Origin...

5.3CVSS5.4AI score0.00163EPSS
Exploits0References7
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.100 views

D-Link Network Attached Storage - Command Injection and Backdoor Account

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nassharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument...

9.8CVSS7.2AI score0.99997EPSS
Exploits8References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 3:1 a.m.9 views

Malicious code in solana-js-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 855cf386497f33e21db48ae8b87c769fd777f52b585f3d8d5f276fd4c9d42628 Package masquerades as a 'Drop-in replacement for @solana/web3.js' and lists its author as 'Solana Labs Maintainers ' to impersonate the legitimate...

5.4AI score
Exploits0References1
OSV
OSV
added 2026/06/16 3:1 a.m.9 views

MAL-2026-5860 Malicious code in solana-js-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 855cf386497f33e21db48ae8b87c769fd777f52b585f3d8d5f276fd4c9d42628 Package masquerades as a 'Drop-in replacement for @solana/web3.js' and lists its author as 'Solana Labs Maintainers ' to impersonate the legitimate...

5.4AI score
Exploits0References1
Rows per page
Query Builder