Lucene search
+L

40 matches found

cve
cve
added 2026/06/25 3:48 p.m.19 views

CVE-2026-54030

CVE-2026-54030 affects LibreChat (MCP OAuth flow). Before v0.8.5, the OAuth Protected Resource metadata’s resource parameter is not validated against the MCP server URL, enabling a malicious MCP server to steal access tokens intended for a legitimate server. Affected version range includes pre-0....

9.3CVSS5.9AI score0.00113EPSS
Exploits1References1Affected Software1
cve
cve
added 2026/06/03 3:49 p.m.23 views

CVE-2026-46261

CVE-2026-46261 relates to the Linux kernel wpcm-fiu SPI driver. The issue is a potential NULL pointer dereference when platform_get_resource_byname() returns NULL, if the NULL is dereferenced by resource_size(). The patch moves the fiu->memory_size assignment to occur after the error check for...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References5Affected Software1
cvelist
cvelist
added 2026/05/27 5:55 p.m.40 views

CVE-2026-1402 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an authenticated user to cause denial of service due to insufficient validation...

6.5CVSS0.00471EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/04/29 8:22 a.m.15 views

CVE-2026-42515

This vulnerability exists in e-Sushrut due to improper access control in resource access validation. An authenticated attacker could exploit this vulnerability by manipulating parameter in the API request URL to gain unauthorized access to sensitive information of patients on the targeted system...

7.1CVSS5.3AI score0.00226EPSS
Exploits0References2
redhat
redhat
added 2026/04/28 6:40 a.m.2 views

python: Python pkgutil.get_data(): Path Traversal via improper resource argument validation

A flaw was found in Python's pkgutil.getdata function, which is used to retrieve data from packages. This function did not properly validate the resource argument, allowing a local attacker to perform path traversal attacks. Path traversal enables an attacker to access files and directories store...

6AI score0.00238EPSS
Exploits0References7
redhat
redhat
added 2026/04/23 11:34 a.m.2 views

python: Python pkgutil.get_data(): Path Traversal via improper resource argument validation

A flaw was found in Python's pkgutil.getdata function, which is used to retrieve data from packages. This function did not properly validate the resource argument, allowing a local attacker to perform path traversal attacks. Path traversal enables an attacker to access files and directories store...

6AI score0.00238EPSS
Exploits0References7
redhat
redhat
added 2026/04/11 7:41 p.m.1 views

python: Python pkgutil.get_data(): Path Traversal via improper resource argument validation

A flaw was found in Python's pkgutil.getdata function, which is used to retrieve data from packages. This function did not properly validate the resource argument, allowing a local attacker to perform path traversal attacks. Path traversal enables an attacker to access files and directories store...

6AI score0.00238EPSS
Exploits0References7
osv
osv
added 2026/03/20 9:20 a.m.9 views

BIT-PYTHON-MIN-2026-3479 pkgutil.get_data() does not enforce documented restrictions

pkgutil.getdata did not validate the resource argument as documented, allowing path traversals...

5.8AI score0.00238EPSS
Exploits0References5
cnnvd
cnnvd
added 2026/03/19 12:0 a.m.9 views

BMC FootPrints 代码问题漏洞

BMC FootPrints is an IT service management and ticket tracking system provided by the American company BMC. Versions of BMC FootPrints prior to 20.24.01.001 contained code vulnerabilities. These vulnerabilities stemmed from a flaw in the externalfeed/RSS API component, where blind server-side...

7.1CVSS6.1AI score0.12916EPSS
Exploits1References3
redhatcve
redhatcve
added 2026/01/07 9:44 a.m.8 views

CVE-2017-6921

In Drupal 8 prior to 8.3.4; The file REST resource does not properly validate some fields when manipulating files. A site is only affected by this if the site has the RESTful Web Services rest module enabled, the file REST resource is enabled and allows PATCH requests, and an attacker can get or...

5.9CVSS6.5AI score0.01834EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/11/13 6:0 p.m.5 views

CVE-2025-40110

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix a null-ptr access in the cursor snooper Check that the resource which is converted to a surface exists before trying to use the cursor snooper on it. vmwcmdrescheck allows explicit invalid SVGA3DINVALIDID...

4.7CVSS5.9AI score0.00188EPSS
Exploits0References4
osv
osv
added 2025/11/12 2:15 a.m.2 views

DEBIAN-CVE-2025-40110

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix a null-ptr access in the cursor snooper Check that the resource which is converted to a surface exists before trying to use the cursor snooper on it. vmwcmdrescheck allows explicit invalid SVGA3DINVALIDID...

5.2AI score0.00188EPSS
Exploits0References1
osv
osv
added 2025/11/12 2:15 a.m.8 views

UBUNTU-CVE-2025-40110

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix a null-ptr access in the cursor snooper Check that the resource which is converted to a surface exists before trying to use the cursor snooper on it. vmwcmdrescheck allows explicit invalid SVGA3DINVALIDID...

5.7AI score0.00188EPSS
Exploits0References32
osv
osv
added 2025/11/12 1:7 a.m.4 views

CVE-2025-40110 drm/vmwgfx: Fix a null-ptr access in the cursor snooper

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix a null-ptr access in the cursor snooper Check that the resource which is converted to a surface exists before trying to use the cursor snooper on it. vmwcmdrescheck allows explicit invalid SVGA3DINVALIDID...

6.5AI score0.00188EPSS
Exploits0References10
cve
cve
added 2025/11/12 1:7 a.m.39 views

CVE-2025-40110

The CVE-2025-40110 entry concerns the Linux kernel: for the DRM/vmwgfx component, a null-pointer dereference in the cursor snooper was fixed. The patch adds a validation that the actual surface resource exists before using the cursor snooper, addressing a scenario where SVGA3D_INVALID_ID could be...

6.1AI score0.00188EPSS
Exploits0References7
cvelist
cvelist
added 2025/11/12 1:7 a.m.9 views

CVE-2025-40110 drm/vmwgfx: Fix a null-ptr access in the cursor snooper

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix a null-ptr access in the cursor snooper Check that the resource which is converted to a surface exists before trying to use the cursor snooper on it. vmwcmdrescheck allows explicit invalid SVGA3DINVALIDID...

0.00188EPSS
Exploits0References7
euvd
euvd
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-19726

Malware in sbrugna...

5.5CVSS6.6AI score0.00412EPSS
Exploits0References12
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-13551

Malicious code in bioql PyPI...

7.8CVSS6.6AI score0.00095EPSS
Exploits0References2
susecve
susecve
added 2025/06/19 3:42 a.m.3 views

SUSE CVE-2022-50068

In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Fix dummy res NULL ptr deref bug Check the bo-resource value before accessing the resource memtype. v2: Fix commit description unwrapped warning 40.191227 T184 general protection fault, probably for non-canonical address...

5.5CVSS6.3AI score0.002EPSS
Exploits0References9
redhatcve
redhatcve
added 2025/05/23 12:0 p.m.11 views

CVE-2025-24376

kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. By design, AdmissionPolicy and AdmissionPolicyGroup can evaluate only namespaced resources. The resources to be evaluated are determined by the rules provided by the user when...

6.5CVSS6.7AI score0.00335EPSS
Exploits0References1
Rows per page
Query Builder