Lucene search
K

121681 matches found

CNNVD
CNNVD
added 2026/04/22 12:0 a.m.8 views

GitLab CE/EE 跨站请求伪造漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. Versions of GitLab CE/EE prior to 18.9.6, 18.10.4, and 18.11.1 had a...

8.1CVSS5.8AI score0.00178EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.9 views

PT-2026-34284

The Inquiry Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.2. This is due to missing nonce verification in the rd ic settings page function when processing settings form submissions. This makes it possible for unauthenticated...

6.1CVSS5.7AI score0.00243EPSS
Exploits0References19
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.12 views

openSUSE 16 Security Update : qemu (openSUSE-SU-2026:20567-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20567-1 advisory. Update to version 10.0.9. Security issues fixed: - CVE-2026-3196: unbounded memory allocation and host denial-of-service via PCMINFO requests se...

7.4CVSS5.7AI score0.00126EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.5 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013631)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013631 advisory. In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix immediate work request flush to completion queue Correctly set send queue element...

5.5AI score0.00206EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.7 views

PT-2026-34275

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds write exists in ksmbd when processing compound requests, such as READ combined with QUERY INFOSecurity. If the initial command consumes most of the response buffer, ksmb...

8.8CVSS5.9AI score0.00507EPSS
Exploits0References22
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.5 views

PT-2026-34414

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A circular locking dependency exists in the NFC NCI component. The nci close device function flushes rx wq and tx wq while holding the req lock mutex. This creates a conflict because nci...

5.5CVSS5.8AI score0.00095EPSS
Exploits0References20
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.5 views

PT-2026-34320

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...

5.3CVSS5.8AI score0.00606EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.9 views

PT-2026-34445

An attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes said backend to update its configuration to an invalid one, leading to the backend no longer able to run on the next restart, requiring manual operation to fix it...

7.4CVSS5.8AI score0.00383EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.6 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013438)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013438 advisory. In the Linux kernel, the following vulnerability has been resolved: block: don't call rqqosops-donebio if the bio isn't tracked rqqos framework is only applied on...

5.5CVSS5.5AI score0.00222EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.5 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013772)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013772 advisory. In the Linux kernel, the following vulnerability has been resolved: serial: pch: Fix PCI device refcount leak in pchrequestdma As comment of pcigetslot says, it...

5.9AI score0.00227EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.9 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013863)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013863 advisory. In the Linux kernel, the following vulnerability has been resolved: cachefiles: add missing lock protection when polling Add missing lock protection in poll routine...

5.5CVSS6.8AI score0.00165EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-31473

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: mc, v4l2: serialize REINIT and REQBUFS with reqqueuemutex MEDIAREQUESTIOCREINIT can run concurrently with VIDIOCREQBUFS0 queue teardown paths. This can...

7.8CVSS6.6AI score0.00126EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-31513

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix stack-out-of- bounds read in l2capecredconnreq Syzbot reported a KASAN...

8.1CVSS6.7AI score0.00252EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.6 views

PT-2026-34286

Name of the Vulnerable Software and Affected Versions Call To Action Plugin versions prior to 3.1.4 Description The plugin is susceptible to Cross-Site Request Forgery due to missing nonce validation in the cbox options page function, which manages the saving, creation, and deletion of plugin...

4.3CVSS5.7AI score0.00208EPSS
Exploits0References12
Vulnrichment
Vulnrichment
added 2026/04/22 12:0 a.m.3 views

CVE-2026-31192

Insufficient validation of Chrome extension identifiers in Raindrop.io Bookmark Manager Web App 5.6.76.0 allows attackers to obtain sensitive user data via a crafted request...

5.8AI score0.00281EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the concurrent execution of MEDIAGRANT and VIDIOCREQBUFS, potentially leading to reuse after...

7.8CVSS6AI score0.00126EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.8 views

free5GC 安全漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 1.4.3 contained security vulnerabilities. These vulnerabilities stemmed from the HTTPUEContextTransfer handler’s lack of a default scenario in the Content-Type switch statement. When a...

6.9CVSS5.8AI score0.00282EPSS
Exploits1References1
CNVD
CNVD
added 2026/04/22 12:0 a.m.4 views

Oracle MySQL Server InnoDB Denial of Service Vulnerability (CNVD-2026-18432)

Oracle MySQL Server is an open source relational database management system with an InnoDB component that provides transaction-safe storage engine functionality. A denial of service vulnerability exists in Oracle MySQL Server. The vulnerability stems from the InnoDB component failing to properly...

4.9CVSS7.4AI score0.00242EPSS
Exploits0
GitLab Advisory Database
GitLab Advisory Database
added 2026/04/22 12:0 a.m.9 views

actix-http has HTTP/1.1 CL.TE Request Smuggling

A vulnerability in actix-http's HTTP/1.1 request parser allows an unauthenticated remote client to smuggle requests in deployments where a front-end HTTP intermediary and the Actix backend disagree about whether Content-Length or Transfer-Encoding: chunked defines the request body length...

5.8AI score
Exploits0References4Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2026/04/22 12:0 a.m.31 views

VulnCheck KEV: CVE-2026-33626

LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery SSRF vulnerability in LMDeploy's vision-language module. The loadimage function in lmdeploy/vl/utils.py fetches arbitrary URLs without validating...

7.5CVSS5.9AI score0.4525EPSS
In wildExploits2References2
Rows per page
Query Builder