Lucene search
K

248 matches found

OSV
OSV
added 2026/07/02 8:11 p.m.8 views

GHSA-2GF8-Q9RR-JQ3H zebrad has persistent on-disk corruption of Sapling/Orchard subtree roots after chain fork via pop_tip

Am I affected You are affected if: 1. You run zebrad up to and including v4.4.1. 2. Your node participates in a network where chain forks occur mainnet, testnet, or any network with multiple miners. All default configurations are affected. The corruption persists across restarts because it is...

6.5CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/07/02 4:57 p.m.14 views

GHSA-V8CX-933X-R976 OpenClaw: Fake package roots could influence memory-core artifact loading

Summary Fake package roots could influence memory-core artifact loading. In affected versions, a local package root resolution path influenced by workspace state could select a package root that was not the intended bundled artifact root. This advisory is scoped to the named feature and...

7.8CVSS5.9AI score0.00114EPSS
Exploits0References4
NVD
NVD
added 2026/06/25 8:17 p.m.9 views

CVE-2026-55964

Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA. Intermediate CA certificates are required to have the keyCertSign key usage when a Key Usage extension is present, but chain-supplied temporary CAs WOLFSSLTEMPCA added while building a certificate path were previously exempt...

6.3CVSS0.00118EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 7:30 p.m.18 views

CVE-2026-55964

CVE-2026-55964 describes a change in certificate path validation affecting OpenSSL-compatibility path building (X509_verify_cert / X509_STORE). Previously, chain-supplied temporary CAs (WOLFSSL_TEMP_CA) could be accepted as signing CAs even if the intermediate CA had CA:TRUE but lacked keyCertSig...

6.3CVSS5.9AI score0.00118EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/24 10:16 p.m.8 views

CVE-2026-53766

Chrome DevTools for agents chrome-devtools-mcp lets your coding agent control and inspect a live Chrome browser. From 0.24.0 until 1.1.0, McpContext.validatePath enforces workspace roots by checking whether path.resolvefilePath textually falls under one of the configured root paths. path.resolve...

6.1CVSS0.00087EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/24 9:29 p.m.19 views

CVE-2026-53766 chrome-devtools-mcp: validatePath() does not canonicalize symlinks before enforcing roots

Chrome DevTools for agents chrome-devtools-mcp lets your coding agent control and inspect a live Chrome browser. From 0.24.0 until 1.1.0, McpContext.validatePath enforces workspace roots by checking whether path.resolvefilePath textually falls under one of the configured root paths. path.resolve...

6.1CVSS0.00087EPSS
Exploits1References1
OSV
OSV
added 2026/06/19 3:12 p.m.15 views

GHSA-JV2H-4P9V-WF5W ouroboros-ai: Incomplete fix of CVE-2026-47211: untrusted project .env can still reach RCE via omitted execution-routing keys

Impact The CVE-2026-47211 fix 0.39.0 added UNTRUSTEDENVDENYLIST to stop an untrusted project-directory .env from redirecting execution. The denylist was incomplete — several execution-routing keys of the same RCE class were omitted, so a malicious cloned repo can still reach arbitrary command...

8.6CVSS6.1AI score
Exploits0References2
OSV
OSV
added 2026/06/16 9:31 p.m.7 views

GHSA-4QGR-57JQ-93VH Duplicate Advisory: Workspace .env STATE_DIRECTORY could influence bundled runtime dependency roots

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wc84-j36w-pw4x. This link is maintained to preserve external references. Original Description OpenClaw before 2026.5.2 contains an environment variable injection vulnerability where workspace .env STATEDIRECTORY...

7.1CVSS5.4AI score0.00124EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/12 8:7 p.m.14 views

TYPO3 CMS: Destructive Actions on File Mount Folders

Problem Non-privileged backend users with file mount access were able to perform write operations move, delete, rename on folders representing the root of an active file mount due to missing authorization restrictions. Solution Update to TYPO3 versions 10.4.57 ELTS, 11.5.51 ELTS, 12.4.46 ELTS,...

7.2CVSS5.2AI score0.00238EPSS
Exploits0References7Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 12:40 p.m.13 views

Malicious code in ecto-corsair-whisper-6f3b9 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8695ea17273c804f1a58e6c0b877de280f7472622065964245deb85cc62dae20 The package declares a postinstall lifecycle hook postinstall.js that runs automatically on npm install. The script shells out via curl to the EC2...

5.5AI score
Exploits0References27
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.9 views

CVE-2026-42600

MinIO is a high-performance object storage system. From RELEASE.2022-07-24T01-54-52Z to before RELEASE.2026-04-14T21-32-45Z, A path traversal vulnerability in MinIO's ReadMultiple internode storage-REST endpoint allows a caller holding the cluster root JWT to read files from outside the configure...

6.9CVSS5.5AI score0.08457EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.10 views

CVE-2026-35525

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3, for % include %, % render %, and % layout %, LiquidJS checks whether the candidate path is inside the configured partials or layouts roots before reading it. That check is path-based, not...

8.2CVSS5.4AI score0.00396EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/03 3:49 p.m.7 views

CVE-2026-46251

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix blockgrouptree dirtylist corruption When the incompat flag EXTENTTREEV2 is set, we unconditionally add the block group tree to the switchcommits list before calling switchcommitroots, as we do for the tree root and the...

5.7AI score0.00132EPSS
Exploits0References7Affected Software1
EUVD
EUVD
added 2026/06/03 3:49 p.m.13 views

EUVD-2026-34113

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix blockgrouptree dirtylist corruption When the incompat flag EXTENTTREEV2 is set, we unconditionally add the block group tree to the switchcommits list before calling switchcommitroots, as we do for the tree root and the...

5.7AI score0.00132EPSS
Exploits0References6
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Zap all roots when unmapping gfn range in TDP MMU Both valid and invalid roots are cleared when unmapping a gfn range. KVM must ensure that it does not hold any references to the freed page after the unmapping...

7.8CVSS6.1AI score0.00237EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerabilities have been resolved: btrfs: Fixed leaks in the ulist structure during error paths in the qgroup self tests. In the testnosharedqgroup and testmultiplerefs qgroup self tests, if we fail to add the tree reference, remove the extent item, or remove t...

5.5CVSS6AI score0.00173EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: btrfs: Fixed a race condition when deleting the quota root from the “dirtycowonlyroots” list. When disabling quotas, we delete the quota root from the fsinfo-dirtycowonlyroots list without locking it, which requires the protectio...

5.9AI score0.00172EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in ca-certificates

Certifi is a curated collection of Root Certificates designed to validate the reliability of SSL certificates and verify the identity of TLS hosts. On December 7, 2022, Certifi removed Root Certificates from “TrustCor” from the root store. These certificates are currently being removed from...

7.5CVSS6.5AI score0.00535EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.20 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: btrfs: Fixed a race condition when deleting the free space root from the “dirty cow roots” list. When deleting the free space tree, we are deleting the free space root from the list fsinfo-dirtycowonlyroots, without locking it...

5.9AI score0.00166EPSS
Exploits0References2
OSV
OSV
added 2026/05/13 3:13 p.m.48 views

BIT-MINIO-2026-42600 MinIO: Path Traversal via msgpack Body in `ReadMultiple` Storage-REST Endpoint

MinIO is a high-performance object storage system. From 2022.07.24 to before 2026.04.14, A path traversal vulnerability in MinIO's ReadMultiple internode storage-REST endpoint allows a caller holding the cluster root JWT to read files from outside the configured drive roots, bounded only by the...

6.9CVSS5.8AI score0.08457EPSS
Exploits0References2
Rows per page
Query Builder