Lucene search
K

414 matches found

NVD
NVD
added 2026/07/02 8:17 p.m.6 views

CVE-2026-59094

Pathway through 0.31.1, fixed in commit d09722e, document store applies a caller-supplied glob pattern to indexed document paths using a hand-written recursive matcher that branches two ways on each token without memoization, giving exponential worst-case complexity. The filepathglobpattern value...

8.7CVSS0.0047EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/02 7:40 p.m.35 views

CVE-2026-59094 Pathway - Unauthenticated Denial of Service via Exponential Glob Pattern Matching in Document Store

Pathway through 0.31.1, fixed in commit d09722e, document store applies a caller-supplied glob pattern to indexed document paths using a hand-written recursive matcher that branches two ways on each token without memoization, giving exponential worst-case complexity. The filepathglobpattern value...

8.7CVSS0.0047EPSS
Exploits0References4
OSV
OSV
added 2026/07/02 7:40 p.m.19 views

CVE-2026-59094 Pathway - Unauthenticated Denial of Service via Exponential Glob Pattern Matching in Document Store

Pathway through 0.31.1, fixed in commit d09722e, document store applies a caller-supplied glob pattern to indexed document paths using a hand-written recursive matcher that branches two ways on each token without memoization, giving exponential worst-case complexity. The filepathglobpattern value...

8.7CVSS6AI score0.0047EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-53167

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fuse: limit FUSENOTIFYRETRIEVE to uptodate folios FUSENOTIFYRETRIEVE must be limited to uptodate folios; !uptodate folios can contain uninitialized data. Since...

5.5CVSS6AI score0.00122EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/26 8:20 a.m.8 views

CVE-2026-53167

A flaw was found in the Linux kernel's FUSE Filesystem in Userspace component. The FUSENOTIFYRETRIEVE operation did not properly restrict access to up-to-date folios, potentially allowing the exposure of uninitialized data from the page cache. This information disclosure vulnerability could allow...

7CVSS5.8AI score0.00122EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/26 2:11 a.m.8 views

SUSE CVE-2026-53168

In the Linux kernel, the following vulnerability has been resolved: fuse: reject fusenotify pagecache ops on directories The operations FUSENOTIFYSTORE and FUSENOTIFYRETRIEVE allow the FUSE daemon to actively write/read pagecache contents. For directories with FOPENCACHEDIR, the pagecache is used...

5.8AI score0.00122EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 9:16 a.m.7 views

CVE-2026-53167

In the Linux kernel, the following vulnerability has been resolved: fuse: limit FUSENOTIFYRETRIEVE to uptodate folios FUSENOTIFYRETRIEVE must be limited to uptodate folios; !uptodate folios can contain uninitialized data. Since FUSENOTIFYRETRIEVE is intended to only return data that is already in...

5.5CVSS0.00122EPSS
Exploits0References8
NVD
NVD
added 2026/06/25 9:16 a.m.7 views

CVE-2026-53168

In the Linux kernel, the following vulnerability has been resolved: fuse: reject fusenotify pagecache ops on directories The operations FUSENOTIFYSTORE and FUSENOTIFYRETRIEVE allow the FUSE daemon to actively write/read pagecache contents. For directories with FOPENCACHEDIR, the pagecache is used...

5.5CVSS0.00122EPSS
Exploits0References8
OSV
OSV
added 2026/06/25 9:16 a.m.3 views

UBUNTU-CVE-2026-53168

In the Linux kernel, the following vulnerability has been resolved: fuse: reject fusenotify pagecache ops on directories The operations FUSENOTIFYSTORE and FUSENOTIFYRETRIEVE allow the FUSE daemon to actively write/read pagecache contents. For directories with FOPENCACHEDIR, the pagecache is used...

6.9CVSS5.8AI score0.00122EPSS
Exploits0References11
OSV
OSV
added 2026/06/25 9:16 a.m.3 views

UBUNTU-CVE-2026-53167

In the Linux kernel, the following vulnerability has been resolved: fuse: limit FUSENOTIFYRETRIEVE to uptodate folios FUSENOTIFYRETRIEVE must be limited to uptodate folios; !uptodate folios can contain uninitialized data. Since FUSENOTIFYRETRIEVE is intended to only return data that is already in...

6.8CVSS5.7AI score0.00122EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2026/06/25 8:38 a.m.5 views

CVE-2026-53167

In the Linux kernel, the following vulnerability has been resolved: fuse: limit FUSENOTIFYRETRIEVE to uptodate folios FUSENOTIFYRETRIEVE must be limited to uptodate folios; !uptodate folios can contain uninitialized data. Since FUSENOTIFYRETRIEVE is intended to only return data that is already in...

5.5CVSS5.6AI score0.00122EPSS
Exploits0
EUVD
EUVD
added 2026/06/25 8:38 a.m.5 views

EUVD-2026-39258

In the Linux kernel, the following vulnerability has been resolved: fuse: limit FUSENOTIFYRETRIEVE to uptodate folios FUSENOTIFYRETRIEVE must be limited to uptodate folios; !uptodate folios can contain uninitialized data. Since FUSENOTIFYRETRIEVE is intended to only return data that is already in...

5.7AI score0.00122EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 8:38 a.m.21 views

CVE-2026-53167

CVE-2026-53167 affects the Linux kernel’s FUSE path: FUSE_NOTIFY_RETRIEVE must be limited to uptodate folios since !uptodate folios may contain uninitialized data. The vulnerability is scoped to systems without automatic page-alloc zero init (CONFIG_INIT_ON_ALLOC_DEFAULT_ON or init_on_alloc=1). E...

5.5CVSS5.7AI score0.00122EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/06/25 8:38 a.m.2 views

CVE-2026-53167 fuse: limit FUSE_NOTIFY_RETRIEVE to uptodate folios

In the Linux kernel, the following vulnerability has been resolved: fuse: limit FUSENOTIFYRETRIEVE to uptodate folios FUSENOTIFYRETRIEVE must be limited to uptodate folios; !uptodate folios can contain uninitialized data. Since FUSENOTIFYRETRIEVE is intended to only return data that is already in...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.17 views

PT-2026-52264

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the FUSE Filesystem in Userspace implementation where the fuse notify function fails to restrict pagecache operations on directories. Specifically, the operations FUSE...

5.5CVSS5.9AI score0.00122EPSS
Exploits0References22
Snyk
Snyk
added 2026/06/17 3:9 a.m.9 views

Relative Path Traversal

Overview apache-airflow-providers-sftp is a Provider package apache-airflow-providers-sftp for Apache Airflow Affected versions of this package are vulnerable to Relative Path Traversal via the SFTPHook.retrievedirectory and SFTPHook.retrievedirectoryconcurrently functions. An attacker can cause...

9.1CVSS6AI score0.00626EPSS
Exploits0References2
OSV
OSV
added 2026/06/12 1:0 p.m.3 views

CVE-2026-12066 PbootCMS Password MemberController.php retrieve password recovery

A security flaw has been discovered in PbootCMS up to 3.2.12. This vulnerability affects the function retrieve of the file apps/home/controller/MemberController.php of the component Password Handler. The manipulation of the argument username/password/email/checkcode results in weak password...

6.9CVSS6.6AI score0.00288EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/06/12 1:0 p.m.10 views

CVE-2026-12066 PbootCMS Password MemberController.php retrieve password recovery

A security flaw has been discovered in PbootCMS up to 3.2.12. This vulnerability affects the function retrieve of the file apps/home/controller/MemberController.php of the component Password Handler. The manipulation of the argument username/password/email/checkcode results in weak password...

7.5CVSS7.1AI score0.00288EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/12 1:0 p.m.10 views

EUVD-2026-36423

A security flaw has been discovered in PbootCMS up to 3.2.12. This vulnerability affects the function retrieve of the file apps/home/controller/MemberController.php of the component Password Handler. The manipulation of the argument username/password/email/checkcode results in weak password...

7.5CVSS7.1AI score0.00288EPSS
Exploits0References6
CVE
CVE
added 2026/06/12 1:0 p.m.19 views

CVE-2026-12066

CVE-2026-12066 affects PbootCMS up to version 3.2.12. The vulnerability resides in the function retrieve of file apps/home/controller/MemberController.php (Password Handler). Manipulating the arguments username/password/email/checkcode enables weak password recovery; the issue is exploitable remo...

7.5CVSS7.1AI score0.00288EPSS
Exploits0References6
Rows per page
Query Builder