Lucene search
K

310 matches found

NVD
NVD
added 2026/07/05 2:16 p.m.7 views

CVE-2026-14751

A weakness has been identified in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. The impacted element is the function Notescontroller::searchscratchdata of the file application/PHP/objects/notes/searchscratchdata.php. This manipulation of the argument fieldname causes sql...

6.5CVSS0.00204EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/05 1:15 p.m.25 views

CVE-2026-14751 mjperpinosa stumasy search_scratch_data.php search_scratch_data sql injection

A weakness has been identified in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. The impacted element is the function Notescontroller::searchscratchdata of the file application/PHP/objects/notes/searchscratchdata.php. This manipulation of the argument fieldname causes sql...

6.5CVSS0.00204EPSS
Exploits0References6
CVE
CVE
added 2026/07/05 1:15 p.m.14 views

CVE-2026-14751

The vulnerability CVE-2026-14751 targets mjperpinosa stumasy via SQL injection in Notes_controller::search_scratch_data (file application/PHP/objects/notes/search_scratch_data.php). The exploit arises from manipulating the argument field_name, enabling remote execution of SQL. Public exploit is s...

6.5CVSS6.4AI score0.00204EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/05 1:15 p.m.8 views

EUVD-2026-41757

A weakness has been identified in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. The impacted element is the function Notescontroller::searchscratchdata of the file application/PHP/objects/notes/searchscratchdata.php. This manipulation of the argument fieldname causes sql...

6.5CVSS6.4AI score0.00204EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/05 1:15 p.m.10 views

CVE-2026-14751

A weakness has been identified in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. The impacted element is the function Notescontroller::searchscratchdata of the file application/PHP/objects/notes/searchscratchdata.php. This manipulation of the argument fieldname causes sql...

6.5CVSS6.4AI score0.00204EPSS
Exploits0References6
CVE
CVE
added 2026/07/04 11:53 a.m.34 views

CVE-2026-53360

The CVE affects the Linux kernel KVM-SEV/SNP path: when GHCB v2+ is in use, an OOB/heap-privacy flaw arises because end_entry is validated only against VMGEXIT_PSC_MAX_COUNT (253) instead of the actual buffer size, allowing a guest to read/write adjacent kmalloc-cg-32 objects via VMGEXITs. This c...

6AI score0.00267EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/04 11:53 a.m.10 views

CVE-2026-53360

In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Require in-GHCB scratch area if GHCB v2+ is in use As per the GHCB spec, when using GHCB v2+ require the software scratch area to reside in the GHCB's shared buffer. Note, things like Page State Change PSC requests rely...

6AI score0.00267EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/07/04 11:53 a.m.10 views

EUVD-2026-41667

In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Require in-GHCB scratch area if GHCB v2+ is in use As per the GHCB spec, when using GHCB v2+ require the software scratch area to reside in the GHCB's shared buffer. Note, things like Page State Change PSC requests rely...

6AI score0.00267EPSS
Exploits0References4
Fedora
Fedora
added 2026/07/04 1:7 a.m.8 views

[SECURITY] Fedora 43 Update: pdns-5.0.6-1.fc43

The PowerDNS Nameserver is a modern, advanced and high performance authoritative-only name server. It is written from scratch and conforms to all relevant DNS standards documents. Furthermore, PowerDNS interfaces with almost any database...

4.3CVSS5.9AI score0.00479EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/07/04 12:0 a.m.14 views

PT-2026-55698

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the KVM SEV implementation where the software scratch area is not required to reside in the GHCB shared buffer when GHCB v2+ is used. This allows a malicious SNP guest...

6.2AI score0.00267EPSS
Exploits0References6
OSV
OSV
added 2026/06/25 9:16 a.m.3 views

UBUNTU-CVE-2026-53184

In the Linux kernel, the following vulnerability has been resolved: udp: clear skb-dev before running a sockmap verdict On the UDP receive path skb-dev is repurposed as devscratch the truesize/state cache set by udpsetdevscratch, through the union struct netdevice dev; unsigned long devscratch; i...

7.5CVSS5.7AI score0.00506EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/06/25 8:38 a.m.30 views

CVE-2026-53184 udp: clear skb->dev before running a sockmap verdict

In the Linux kernel, the following vulnerability has been resolved: udp: clear skb-dev before running a sockmap verdict On the UDP receive path skb-dev is repurposed as devscratch the truesize/state cache set by udpsetdevscratch, through the union struct netdevice dev; unsigned long devscratch; i...

7.5CVSS0.00506EPSS
Exploits0References6
CVE
CVE
added 2026/06/25 8:38 a.m.13 views

CVE-2026-53184

The CVE-2026-53184 issue affects the Linux kernel UDP sockmap path. On UDP receive, skb->dev is repurposed as dev_scratch; when a SK_SKB verdict program uses BPF socket-lookup helpers (bpf_sk_lookup_tcp/udp, bpf_skc_lookup_tcp), skb->dev may still hold the dev_scratch value, and dev_net(skb...

7.5CVSS5.7AI score0.00506EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/06/25 8:38 a.m.5 views

EUVD-2026-39275

In the Linux kernel, the following vulnerability has been resolved: udp: clear skb-dev before running a sockmap verdict On the UDP receive path skb-dev is repurposed as devscratch the truesize/state cache set by udpsetdevscratch, through the union struct netdevice dev; unsigned long devscratch; i...

5.7AI score0.00506EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.7 views

PT-2026-52280

Name of the Vulnerable Software and Affected Versions Linux kernel version 7.1.0-rc6 Description An issue exists in the UDP receive path where the skb-dev field is repurposed as dev scratch via a union in sk buff. When a UDP socket is in a sockmap, the sk psock verdict recv function runs an...

7.5CVSS6AI score0.00506EPSS
Exploits0References20
Fedora
Fedora
added 2026/06/22 12:51 a.m.6 views

[SECURITY] Fedora 44 Update: buildah-1.43.2-1.fc44

The buildah package provides a command line tool which can be used to create a working container from scratch or create a working container from an image as a starting point mount/umount a working container's root file system for manipulation save container's root file system layer to create a ne...

5.7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/08 7:38 p.m.11 views

CVE-2026-46289

A flaw was found in the Linux kernel's lib/scatterlist component. Incorrect length calculations within the extractkvectosg function, when extracting data from a kvec to a scatterlist, could lead to writing beyond intended page boundaries. Additionally, when extracting a user buffer, the scatterli...

9.8CVSS5.5AI score0.00457EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/xe/vm: Clear the scratchpt pointer in case of an error. Avoid triggering a dereference of an error pointer during cleanup in xevmfreescratch, by clearing any scratchpt error pointers. Cherry-picked from commit...

5.5CVSS6.1AI score0.00145EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/ast: Fixed soft lockup issues. There is a while-loop in astdpsetonoff, which could lead to an infinite loop. This is because the register VGACRI-Dx checked in this API is actually a scratch register controlled by an MCU named...

5.5CVSS6.2AI score0.00171EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fixed possible invalid memory accesses after the FLR Function Level Reset. In the case where the first FLR Function Level Reset is completed correctly, but during the second FLR, the scratch area for the saved...

7.8CVSS5.7AI score0.00127EPSS
Exploits0References1
Rows per page
Query Builder