Lucene search
K

648 matches found

CVE
CVE
added 2026/04/10 4:3 p.m.21 views

CVE-2026-35597

Vikunja prior to 2.3.0 is vulnerable to TOTP brute-forcing because the login failure path writes the account lock status (StatusAccountLocked) on the same DB session that is rolled back after a failed TOTP check. The in-memory counter in HandleFailedTOTPAuth tracks failures, and once it reaches 1...

7.5CVSS5.8AI score0.00296EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/04/10 3:34 p.m.4 views

GHSA-FGFV-PV97-6CMJ Vikunja Vulnerable to TOTP Brute-Force Due to Non-Functional Account Lockout

Summary The TOTP failed-attempt lockout mechanism is non-functional due to a database transaction handling bug. The account lock is written to the same database session that the login handler always rolls back on TOTP failure, so the lockout is triggered but never persisted. This allows unlimited...

5.9CVSS5.9AI score0.00296EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/04/10 3:34 p.m.6 views

Vikunja Vulnerable to TOTP Brute-Force Due to Non-Functional Account Lockout

Summary The TOTP failed-attempt lockout mechanism is non-functional due to a database transaction handling bug. The account lock is written to the same database session that the login handler always rolls back on TOTP failure, so the lockout is triggered but never persisted. This allows unlimited...

7.5CVSS5.9AI score0.00296EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.7 views

PT-2026-31948

Name of the Vulnerable Software and Affected Versions Vikunja versions prior to 2.3.0 Description A flaw exists in Vikunja before version 2.3.0 related to the Time-based One-Time Password TOTP failed-attempt lockout mechanism. A database transaction handling bug prevents the account lockout from...

7.5CVSS5.8AI score0.00296EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.1 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006653)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006653 advisory. In the Linux kernel, the following vulnerability has been resolved: virtionet: Fix error unwinding of XDP initialization When initializing XDP in virtnetopen, some r...

5.5CVSS5.8AI score0.00146EPSS
Exploits0References4
Talos Blog
Talos Blog
added 2026/04/03 5:0 p.m.6 views

Axios NPM supply chain incident

Cisco Talos is actively investigating the March 31, 2026 supply chain attack on the official Axios node package manager npm package during which two malicious versions v1.14.1 and v0.30.4 were deployed. Axios is one of the more popular JavaScript libraries with as many as 100 million downloads pe...

6.1AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/04/02 11:28 p.m.5 views

SUSE CVE-2026-23413

In the Linux kernel, the following vulnerability has been resolved: clsact: Fix use-after-free in init/destroy rollback asymmetry Fix a use-after-free in the clsact qdisc upon init/destroy rollback asymmetry. The latter is achieved by first fully initializing a clsact instance, and then in a seco...

6.4CVSS5.7AI score0.00119EPSS
Exploits0References16
RedhatCVE
RedhatCVE
added 2026/04/02 9:38 p.m.4 views

CVE-2026-23413

A flaw was found in the Linux kernel's clsact qdisc. This use-after-free vulnerability occurs due to an asymmetry in the initialization and destruction rollback process. When a replacement clsact qdisc instance fails during initialization, the destroy callback is triggered without properly...

5.5CVSS5.9AI score0.00119EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/02 12:31 p.m.7 views

EUVD-2026-18192

In the Linux kernel, the following vulnerability has been resolved: clsact: Fix use-after-free in init/destroy rollback asymmetry Fix a use-after-free in the clsact qdisc upon init/destroy rollback asymmetry. The latter is achieved by first fully initializing a clsact instance, and then in a seco...

5.8AI score0.00119EPSS
Exploits0References6
NVD
NVD
added 2026/04/02 12:16 p.m.4 views

CVE-2026-23413

In the Linux kernel, the following vulnerability has been resolved: clsact: Fix use-after-free in init/destroy rollback asymmetry Fix a use-after-free in the clsact qdisc upon init/destroy rollback asymmetry. The latter is achieved by first fully initializing a clsact instance, and then in a seco...

7.8CVSS0.00119EPSS
Exploits0References5
OSV
OSV
added 2026/04/02 12:16 p.m.9 views

UBUNTU-CVE-2026-23413

In the Linux kernel, the following vulnerability has been resolved: clsact: Fix use-after-free in init/destroy rollback asymmetry Fix a use-after-free in the clsact qdisc upon init/destroy rollback asymmetry. The latter is achieved by first fully initializing a clsact instance, and then in a seco...

7.8CVSS5.7AI score0.00119EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/02 11:40 a.m.27 views

CVE-2026-23413 clsact: Fix use-after-free in init/destroy rollback asymmetry

In the Linux kernel, the following vulnerability has been resolved: clsact: Fix use-after-free in init/destroy rollback asymmetry Fix a use-after-free in the clsact qdisc upon init/destroy rollback asymmetry. The latter is achieved by first fully initializing a clsact instance, and then in a seco...

7.8CVSS0.00119EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/02 11:40 a.m.1 views

CVE-2026-23413

In the Linux kernel, the following vulnerability has been resolved: clsact: Fix use-after-free in init/destroy rollback asymmetry Fix a use-after-free in the clsact qdisc upon init/destroy rollback asymmetry. The latter is achieved by first fully initializing a clsact instance, and then in a seco...

5.7AI score0.00119EPSS
Exploits0References6Affected Software1
Debian CVE
Debian CVE
added 2026/04/02 11:40 a.m.2 views

CVE-2026-23413

In the Linux kernel, the following vulnerability has been resolved: clsact: Fix use-after-free in init/destroy rollback asymmetry Fix a use-after-free in the clsact qdisc upon init/destroy rollback asymmetry. The latter is achieved by first fully initializing a clsact instance, and then in a seco...

7.8CVSS5.3AI score0.00119EPSS
Exploits0
CVE
CVE
added 2026/04/02 11:40 a.m.24 views

CVE-2026-23413

The CVE-2026-23413 entry concerns the Linux kernel: a use-after-free in the clsact qdisc during init/destroy rollback caused by asymmetrical initialization between ingress and egress sides. A failed replacement during clsact_init() (e.g., via tcf_block_get_ext()) could leave both ingress and egre...

7.8CVSS5.8AI score0.00119EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.6 views

PT-2026-29720

Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description A use-after-free issue exists in the clsact qdisc during init/destroy rollback asymmetry. This occurs when a clsact instance is fully initialized, and a subsequent replacement fails. The...

5.6AI score0.00119EPSS
Exploits0References261
Veeam
Veeam
added 2026/03/24 12:0 a.m.6 views

How to Safely Perform Snapshot Rollback of Veeam Backup for Microsoft 365

Purpose This article provides step-by-step guidance for performing a snapshot rollback of a Veeam Backup for Microsoft 365 deployment in the event of a disaster. Critical Warning Rolling back to a snapshot is a complex and highly risky process that should only be performed in rare disaster...

5.9AI score
Exploits0Affected Software1
Amazon
Amazon
added 2026/03/05 12:0 a.m.11 views

Important: kernel6.12

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: bpf: Reject narrower access to pointer ctx fields CVE-2025-38591 In the Linux kernel, the following vulnerability has been resolved: schedext: Fix possible deadlock in the deferredirqworkfn CVE-2025-68333 In the...

7.8CVSS5.8AI score0.00468EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/03/03 11:32 p.m.8 views

OpenClaw's serialize sandbox registry writes to prevent races and delete-rollback corruption

Impact Concurrent updateRegistry/removeRegistryEntry operations for sandbox containers and browsers could lose updates or resurrect removed entries under race conditions. The registry writes were read-modify-write in a window with no locking and permissive fallback parsing, so concurrent registry...

4.8CVSS5.9AI score0.00134EPSS
Exploits0References6Affected Software1
Qualys Blog
Qualys Blog
added 2026/02/18 9:35 p.m.13 views

New: AI-Powered Patch Reliability Scoring—Predict Patch Impact Before You Deploy

What do advisory USN-7545-1 and Windows updates KB5065426 , KB5063878 , KB5055523 , and KB5066835 have in common? Based on anonymized Qualys telemetry from 2025, they were among the most frequently rolled-back patches , in other words, patches that had to be undone after deployment. Rollbacks...

5.8AI score
Exploits0
Rows per page
Query Builder