Lucene search
K

121639 matches found

SUSE CVE
SUSE CVE
added 2026/04/23 1:25 a.m.5 views

SUSE CVE-2026-31473

In the Linux kernel, the following vulnerability has been resolved: media: mc, v4l2: serialize REINIT and REQBUFS with reqqueuemutex MEDIAREQUESTIOCREINIT can run concurrently with VIDIOCREQBUFS0 queue teardown paths. This can race request object cleanup against vb2 queue cancellation and lead to...

7CVSS5.6AI score0.00126EPSS
Exploits0References15
SUSE CVE
SUSE CVE
added 2026/04/23 1:25 a.m.4 views

SUSE CVE-2026-31506

In the Linux kernel, the following vulnerability has been resolved: net: bcmasp: fix double free of WoL irq We do not need to free wolirq since it was instantiated with devmrequestirq. So devres will free for us...

5.6AI score0.00129EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/04/23 1:25 a.m.5 views

SUSE CVE-2026-31509

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: fix circular locking dependency in nciclosedevice nciclosedevice flushes rxwq and txwq while holding reqlock. This causes a circular locking dependency because ncirxwork running on rxwq can end up taking reqlock too:...

5.5CVSS5.6AI score0.00095EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/04/23 1:25 a.m.7 views

SUSE CVE-2026-31515

In the Linux kernel, the following vulnerability has been resolved: afkey: validate families in pfkeysendmigrate syzbot was able to trigger a crash in skbput 1 Issue is that pfkeysendmigrate does not check old/new families, and that setipsecrequest @family argument was truncated, thus possibly...

4.4CVSS5.6AI score0.00123EPSS
Exploits0References17
SUSE CVE
SUSE CVE
added 2026/04/23 1:24 a.m.7 views

SUSE CVE-2026-33256

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...

7.5CVSS5.8AI score0.00606EPSS
Exploits0References3
NVD
NVD
added 2026/04/23 12:16 a.m.7 views

CVE-2026-4917

IBM Guardium Data Protection 12.1 could allow an administrative user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to write arbitrary files on the system...

4.9CVSS0.00356EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2026/04/23 12:0 a.m.83 views

📄 SocialEngine 7.8.0 Server-Side Request Forgery

SocialEngine versions 7.8.0 and below suffer from a blind server-side request forgery vulnerability. User input passed through the uri request parameter to the /core/link/preview endpoint is not properly sanitized before being used as URL to send an HTTP request from the web server...

8.5CVSS5.8AI score0.00302EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.8 views

PT-2026-34735

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery SSRF protection bypass vulnerability exists in the Custom Function feature. While the application implements SSRF protection via HTTP DENY LIST for axios and...

7.1CVSS5.8AI score0.00234EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/04/23 12:0 a.m.3 views

CVE-2026-5763

virtio-scsi request size mismatch...

5.7AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.7 views

PT-2026-34659

An API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly perform IP connections, DNS lookups, and HTTP requests. Applications expect to use the WebPage::send-request signal handler to approve or reject all network requests. However, certain types of HTTP request...

4.7CVSS5.8AI score0.00233EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.9 views

WebKitGTK 安全漏洞

WebKitGTK is a full-featured version of theWebKit rendering engine developed by WebKitGTK company. It is suitable for projects that require any type of web integration, including mixed HTML/CSS applications in mature web browsers. It offers all the features of WebKit and is suitable for various...

4.7CVSS5.9AI score0.00233EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.11 views

Microsoft Entra ID Entitlement Management 代码问题漏洞

Microsoft Entra ID Entitlement Management is an identity governance service provided by Microsoft that handles the application, approval, and lifecycle management of access rights. There is a code vulnerability in Microsoft Entra ID Entitlement Management, which stems from server-side request...

10CVSS6AI score0.00511EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.4 views

PT-2026-34762

Name of the Vulnerable Software and Affected Versions Microsoft Entra ID Entitlement Management affected versions not specified Description Server-side request forgery SSRF in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network. This flaw...

10CVSS5.2AI score0.00511EPSS
Exploits0References8
OSV
OSV
added 2026/04/23 12:0 a.m.3 views

UBUNTU-CVE-2026-5763

virtio-scsi request size mismatch...

5.2AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.8 views

openSUSE 16 Security Update : tomcat11 (openSUSE-SU-2026:20595-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20595-1 advisory. - Update to Tomcat 11.0.21 - CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. - CVE-2026-25854: Occasionally open...

9.1CVSS5.8AI score0.15831EPSS
Exploits6References31
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.11 views

SWUpdate 缓冲区错误漏洞

SWUpdate is an embedded Linux system update tool developed by Stefano Babic. SWUpdate has a buffer error vulnerability, which stems from an integer underflow in the multipart upload parser in the mongoosemultipart.c file. This vulnerability allows unauthenticated attackers to cause...

8.2CVSS6AI score0.00316EPSS
Exploits0References4
NVD
NVD
added 2026/04/22 10:16 p.m.5 views

CVE-2026-41171

Squidex is an open source headless content management system and content management hub. Versions prior to 7.23.0 have a Server-Side Request Forgery SSRF vulnerability due to missing SSRF protection on the Jint HTTP client used by scripting engine functions getJSON, request, etc.. An authenticate...

8.6CVSS0.00215EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/22 9:31 p.m.4 views

EUVD-2026-22851

The MetForm Pro plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 3.9.7 This is due to the payment integrations Stripe/PayPal trusting a user-submitted calculation field value without recomputing or validating it against the configured form pric...

5.3CVSS5.8AI score0.00266EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/22 9:24 p.m.4 views

EUVD-2026-25110

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the Squidex Restore API is vulnerable to Blind Server-Side Request Forgery SSRF. The application fails to validate the URI scheme of the user-supplied Url parameter, allowing the use ...

5.5CVSS5.8AI score0.00329EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/22 9:22 p.m.12 views

EUVD-2026-25106

Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, an SSRF vulnerability allows a user with asset upload permission to force the server to fetch arbitrary URLs, including localhost/private network targets, and persist the response as ...

8.6CVSS5.8AI score0.00215EPSS
Exploits0References2
Rows per page
Query Builder