Lucene search
+L

1199 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/25 8:39 a.m.8 views

CVE-2026-53266

In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: make ebtsnat ARP rewrite writable The ebtables SNAT target keeps the Ethernet source address rewrite behind skbensurewritableskb, 0. This is intentional: at the bridge ebtables hooks the Ethernet header is...

5.6AI score0.00129EPSS
Exploits0References9Affected Software1
EUVD
EUVD
added 2026/06/25 8:39 a.m.7 views

EUVD-2026-39217

In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: make ebtsnat ARP rewrite writable The ebtables SNAT target keeps the Ethernet source address rewrite behind skbensurewritableskb, 0. This is intentional: at the bridge ebtables hooks the Ethernet header is...

5.7AI score0.00129EPSS
Exploits0References8
OSV
OSV
added 2026/06/25 8:39 a.m.2 views

CVE-2026-53266 netfilter: bridge: make ebt_snat ARP rewrite writable

In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: make ebtsnat ARP rewrite writable The ebtables SNAT target keeps the Ethernet source address rewrite behind skbensurewritableskb, 0. This is intentional: at the bridge ebtables hooks the Ethernet header is...

8.8CVSS5.8AI score0.00129EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2026/06/25 2:19 a.m.11 views

SUSE CVE-2026-52931

In the Linux kernel, the following vulnerability has been resolved: batman-adv: tpmeter: avoid use of uninit sender vars batadvtprecvack and batadvtpstop are only valid for tpvars in the BATADVTPSENDER role. When called with a BATADVTPRECEIVER role, it proceeds to read sender-only members that we...

9.8CVSS5.8AI score0.00404EPSS
Exploits0References3
NVD
NVD
added 2026/06/24 8:16 a.m.13 views

CVE-2026-52931

In the Linux kernel, the following vulnerability has been resolved: batman-adv: tpmeter: avoid use of uninit sender vars batadvtprecvack and batadvtpstop are only valid for tpvars in the BATADVTPSENDER role. When called with a BATADVTPRECEIVER role, it proceeds to read sender-only members that we...

9.8CVSS0.00404EPSS
Exploits0References8
OSV
OSV
added 2026/06/24 8:16 a.m.6 views

UBUNTU-CVE-2026-52931

In the Linux kernel, the following vulnerability has been resolved: batman-adv: tpmeter: avoid use of uninit sender vars batadvtprecvack and batadvtpstop are only valid for tpvars in the BATADVTPSENDER role. When called with a BATADVTPRECEIVER role, it proceeds to read sender-only members that we...

9.8CVSS5.7AI score0.00404EPSS
Exploits0References11
EUVD
EUVD
added 2026/06/24 7:14 a.m.12 views

EUVD-2026-38701

In the Linux kernel, the following vulnerability has been resolved: batman-adv: tpmeter: avoid use of uninit sender vars batadvtprecvack and batadvtpstop are only valid for tpvars in the BATADVTPSENDER role. When called with a BATADVTPRECEIVER role, it proceeds to read sender-only members that we...

5.8AI score0.00404EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/24 7:14 a.m.7 views

CVE-2026-52931

In the Linux kernel, the following vulnerability has been resolved: batman-adv: tpmeter: avoid use of uninit sender vars batadvtprecvack and batadvtpstop are only valid for tpvars in the BATADVTPSENDER role. When called with a BATADVTPRECEIVER role, it proceeds to read sender-only members that we...

9.8CVSS5.7AI score0.00404EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2026/06/24 7:14 a.m.35 views

CVE-2026-52931 batman-adv: tp_meter: avoid use of uninit sender vars

In the Linux kernel, the following vulnerability has been resolved: batman-adv: tpmeter: avoid use of uninit sender vars batadvtprecvack and batadvtpstop are only valid for tpvars in the BATADVTPSENDER role. When called with a BATADVTPRECEIVER role, it proceeds to read sender-only members that we...

9.8CVSS0.00404EPSS
Exploits0References8
CVE
CVE
added 2026/06/24 7:14 a.m.22 views

CVE-2026-52931

CVE-2026-52931 — Linux kernel (batman-adv tp_meter): The vulnerability arises when batadv_tp_recv_ack() or batadv_tp_stop() are invoked with a tp_vars in the BATADV_TP_RECEIVER role. In that case, code paths access sender-only members that were never initialized, causing undefined behavior. The f...

9.8CVSS5.8AI score0.00404EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/06/24 7:14 a.m.3 views

CVE-2026-52931 batman-adv: tp_meter: avoid use of uninit sender vars

In the Linux kernel, the following vulnerability has been resolved: batman-adv: tpmeter: avoid use of uninit sender vars batadvtprecvack and batadvtpstop are only valid for tpvars in the BATADVTPSENDER role. When called with a BATADVTPRECEIVER role, it proceeds to read sender-only members that we...

9.8CVSS5.8AI score0.00404EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.14 views

PT-2026-51724

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the batman-adv module where the functions batadv tp recv ack and batadv tp stop incorrectly process tp vars when the role is set to BATADV TP RECEIVER. In this state,...

9.8CVSS5.7AI score0.00404EPSS
Exploits0References13
Packet Storm
Packet Storm
added 2026/06/22 12:0 a.m.56 views

📄 N-able Mail Assure Authentication Bypass

N-able Mail Assure appears to suffer from a cross-tenant authentication bypass vulnerability via spoofing. CVE-2025-68624: Cross-Tenant Authentication Bypass by Spoofing in N-able Mail Assure CVE ID: CVE-2025-68624 Status: DISPUTED CWE: CWE-290 Authentication Bypass by Spoofing Affected Product:...

5.9AI score
Exploits1
Snyk
Snyk
added 2026/06/19 9:43 p.m.8 views

Directory Traversal

Overview everos is an EverOS — local-first markdown memory framework for AI agents and user chats; lightweight, dev-friendly, small-team Affected versions of this package are vulnerable to Directory Traversal via the senderid field in the POST /api/v1/memory/add endpoint. An attacker can create o...

8.8CVSS6.5AI score0.00356EPSS
Exploits0References2
OSV
OSV
added 2026/06/19 9:43 p.m.17 views

GHSA-C795-2G9C-J48M EverOS: Path traversal in EverOS /api/v1/memory/add via unvalidated sender_id

EverOS versions 1.0.0 and earlier are vulnerable to path traversal in the POST /api/v1/memory/add ingestion endpoint. The per-message senderid field was not validated as a path-safe identifier unlike appid / projectid, which already enforced this. During user-memory extraction, senderid is used a...

8.2CVSS6AI score0.00356EPSS
Exploits0References3
OSV
OSV
added 2026/06/18 8:32 p.m.5 views

GHSA-8J37-5W68-WJ2G OpenClaw: BlueBubbles sender policy could match mutable conversation identifiers

Summary BlueBubbles sender policy could match mutable conversation identifiers. In affected versions, a participant able to influence conversation-level identifiers could match an allowlist entry through conversation metadata rather than a stable sender identity. This advisory is scoped to the...

4.2CVSS5.7AI score0.00171EPSS
Exploits0References4
NVD
NVD
added 2026/06/16 7:17 p.m.13 views

CVE-2026-53860

OpenClaw before 2026.5.7 contains a sender policy bypass vulnerability in BlueBubbles that allows participants to match allowlist entries through conversation metadata rather than stable sender identity. Attackers can influence conversation-level identifiers to receive agent responses intended fo...

5.4CVSS0.00171EPSS
Exploits0References2
CVE
CVE
added 2026/06/16 6:5 p.m.28 views

CVE-2026-53860

OpenClaw

5.4CVSS5.3AI score0.00171EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/16 6:5 p.m.4 views

CVE-2026-53860 OpenClaw < 2026.5.7 - Sender Policy Bypass via Mutable Conversation Identifiers in BlueBubbles

OpenClaw before 2026.5.7 contains a sender policy bypass vulnerability in BlueBubbles that allows participants to match allowlist entries through conversation metadata rather than stable sender identity. Attackers can influence conversation-level identifiers to receive agent responses intended fo...

2.3CVSS6AI score0.00171EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.22 views

PT-2026-49777

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.7 Description A sender policy bypass exists in BlueBubbles where participants can match allowlist entries using conversation metadata instead of a stable sender identity. Attackers capable of influencing...

5.4CVSS5.2AI score0.00171EPSS
Exploits0References5
Rows per page
Query Builder