Lucene search
+L

151 matches found

osv
osv
added 2026/06/29 5:40 a.m.5 views

BIT-ENVOY-2026-47221 Envoy: Null pointer deref in internal redirects

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.18.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the router filter contains a null pointer dereference vulnerability when handling HTTP 303 See Other internal redirects for body-less non-GET/HEAD requests...

7.5CVSS6AI score0.00445EPSS
Exploits1References2
euvd
euvd
added 2026/06/12 8:24 p.m.11 views

EUVD-2026-36557

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, the AI "explain" helper only checks cansee? on the post being explained, not its replytopost, so any authenticated user wi...

4.3CVSS5.3AI score0.00189EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/09 8:59 p.m.14 views

CVE-2026-11533

A security vulnerability has been detected in imvks786 studentmanagementsystem up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this vulnerability is an unknown functionality of the file /see.php of the component Student Deletion Endpoint. The manipulation of the argument del leads to...

5.5CVSS5.5AI score0.0023EPSS
Exploits0References1
euvd
euvd
added 2026/06/08 4:30 p.m.12 views

EUVD-2026-35130

A security vulnerability has been detected in imvks786 studentmanagementsystem up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this vulnerability is an unknown functionality of the file /see.php of the component Student Deletion Endpoint. The manipulation of the argument del leads to...

5.5CVSS5.1AI score0.0023EPSS
Exploits0References6
vulnrichment
vulnrichment
added 2026/06/08 4:30 p.m.12 views

CVE-2026-11533 imvks786 student_management_system Student Deletion Endpoint see.php improper authorization

A security vulnerability has been detected in imvks786 studentmanagementsystem up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this vulnerability is an unknown functionality of the file /see.php of the component Student Deletion Endpoint. The manipulation of the argument del leads to...

5.5CVSS5.1AI score0.0023EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/08 12:0 a.m.16 views

PT-2026-47337

A security vulnerability has been detected in imvks786 student management system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this vulnerability is an unknown functionality of the file /see.php of the component Student Deletion Endpoint. The manipulation of the argument del leads t...

5.5CVSS5.1AI score0.0023EPSS
Exploits0References7
freebsd
freebsd
added 2026/06/08 12:0 a.m.23 views

Apache httpd -- Multiple vulnerabilities

The Apache httpd project reports: See links for details...

9.8CVSS5.4AI score0.00805EPSS
Exploits0References1
circl
circl
added 2026/05/28 6:0 p.m.14 views

CVE-2026-6891

creationtimestamp| type| source ---|---|--- 2026-05-28 18:00:00+00:00| seen| https://jvn.jp/en/vu/JVNVU93879027 2026-05-29 01:53:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmxgiqyssb2k...

5.1CVSS5.7AI score0.00123EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.32 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: nsfs: Permission checks for handling opening have been tightened. Even privileged services should not necessarily be able to access the namespaces of other privileged services, so that they cannot leak information to each other...

8.8CVSS6AI score0.00121EPSS
Exploits0References1
susecve
susecve
added 2026/05/11 2:13 p.m.9 views

SUSE CVE-2026-43391

In the Linux kernel, the following vulnerability has been resolved: nsfs: tighten permission checks for handle opening Even privileged services should not necessarily be able to see other privileged service's namespaces so they can't leak information to each other. Use mayseeallnamespaces helper...

8.8CVSS5.7AI score0.00121EPSS
Exploits0References3
euvd
euvd
added 2026/05/08 3:31 p.m.10 views

EUVD-2026-28696

In the Linux kernel, the following vulnerability has been resolved: nstree: tighten permission checks for listing Even privileged services should not necessarily be able to see other privileged service's namespaces so they can't leak information to each other. Use mayseeallnamespaces helper that...

5.7AI score0.00107EPSS
Exploits0References3
euvd
euvd
added 2026/05/08 3:31 p.m.10 views

EUVD-2026-28697

In the Linux kernel, the following vulnerability has been resolved: nsfs: tighten permission checks for handle opening Even privileged services should not necessarily be able to see other privileged service's namespaces so they can't leak information to each other. Use mayseeallnamespaces helper...

5.7AI score0.00121EPSS
Exploits0References3
nvd
nvd
added 2026/05/08 3:16 p.m.8 views

CVE-2026-43391

In the Linux kernel, the following vulnerability has been resolved: nsfs: tighten permission checks for handle opening Even privileged services should not necessarily be able to see other privileged service's namespaces so they can't leak information to each other. Use mayseeallnamespaces helper...

8.8CVSS0.00121EPSS
Exploits0References2
ubuntucve
ubuntucve
added 2026/05/08 3:16 p.m.13 views

CVE-2026-43390

In the Linux kernel, the following vulnerability has been resolved: nstree: tighten permission checks for listing Even privileged services should not necessarily be able to see other privileged service's namespaces so they can't leak information to each other. Use mayseeallnamespaces helper that...

5.5CVSS5.7AI score0.00107EPSS
Exploits0References4
cve
cve
added 2026/05/08 2:21 p.m.25 views

CVE-2026-43403

CVE-2026-43403 concerns the Linux kernel nsfs component. The issue arises from insufficient permission checks in ns iteration ioctls, potentially allowing a privileged service to view information from other privileged services and perform information disclosure. Multiple sources (Red Hat, Debian,...

8.8CVSS5.7AI score0.00129EPSS
Exploits0References4Affected Software1
nvd
nvd
added 2026/04/23 5:16 a.m.9 views

CVE-2026-41233

Froxlor is open source server administration software. Prior to version 2.3.6, in Domains.add, the adminid parameter is accepted from user input and used without validation when the calling reseller does not have the customersseeall permission. This allows a reseller to attribute newly created...

5.4CVSS0.00264EPSS
Exploits1References3
attackerkb
attackerkb
added 2026/04/23 4:0 a.m.4 views

CVE-2026-41233

Froxlor is open source server administration software. Prior to version 2.3.6, in Domains.add, the adminid parameter is accepted from user input and used without validation when the calling reseller does not have the customersseeall permission. This allows a reseller to attribute newly created...

5.4CVSS5.8AI score0.00264EPSS
Exploits1References4Affected Software1
cve
cve
added 2026/04/23 4:0 a.m.15 views

CVE-2026-41233

Froxlor CVE-2026-41233 affects the Domains.add() flow prior to version 2.3.6. The adminid parameter is taken from user input and used without validation when the caller lacks customers_see_all, allowing a reseller to attribute newly created domains to another admin. This bypasses the reseller’s o...

5.4CVSS5.8AI score0.00264EPSS
Exploits1References3Affected Software1
vulnrichment
vulnrichment
added 2026/04/23 4:0 a.m.3 views

CVE-2026-41233 Froxlor has a Reseller Domain Quota Bypass via Unvalidated adminid Parameter in Domains.add()

Froxlor is open source server administration software. Prior to version 2.3.6, in Domains.add, the adminid parameter is accepted from user input and used without validation when the calling reseller does not have the customersseeall permission. This allows a reseller to attribute newly created...

5.4CVSS5.8AI score0.00264EPSS
Exploits1References3
github
github
added 2026/04/16 12:46 a.m.9 views

Froxlor has a Reseller Domain Quota Bypass via Unvalidated adminid Parameter in Domains.add()

Summary In Domains.add, the adminid parameter is accepted from user input and used without validation when the calling reseller does not have the customersseeall permission. This allows a reseller to attribute newly created domains to any other admin, bypassing their own domain quota since the...

5.4CVSS5.9AI score0.00264EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder