Lucene search
K

8 matches found

Vulnrichment
Vulnrichment
added 2026/04/21 5:14 p.m.5 views

CVE-2026-40594 pyLoad: Session Cookie Security Downgrade via Untrusted X-Forwarded-Proto Header Spoofing (Global State Race Condition)

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev98, the setsessioncookiesecure beforerequest handler in src/pyload/webui/app/init.py reads the X-Forwarded-Proto header from any HTTP request without validating that the request originates from a trusted prox...

4.8CVSS5.8AI score0.00171EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.11 views

PT-2026-22009

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.23.0 Description FreeRDP is a free implementation of the Remote Desktop Protocol. Versions before 3.23.0 contain a flaw where the xf SetWindowMinMaxInfo function improperly dereferences a freed xfAppWindow pointer...

10CVSS5.3AI score0.00756EPSS
Exploits18References140
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.5 views

TencentOS Server 3: tang (TSSA-2023:0292)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0292 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

5.3CVSS5.8AI score0.00568EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/12 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2019-9818

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main...

8.3CVSS8AI score0.00954EPSS
Exploits0References2
OSV
OSV
added 2025/04/08 9:15 a.m.10 views

AZL-59907 CVE-2025-22014 affecting package kernel for versions less than 6.6.85.1-2

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pdr: Fix the potential deadlock When some client process A call pdraddlookup to add the look up for the service and does schedule locator work, later a process B got a new server packet indicating locator is up and cal...

5.5CVSS6.6AI score0.00141EPSS
Exploits0References1
OSV
OSV
added 2024/07/01 1:15 p.m.10 views

AZL-43024 CVE-2024-6387 affecting package openssh for versions less than 9.8p1-1

A security regression CVE-2006-5051 was discovered in OpenSSH's server sshd. There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period...

8.1CVSS6.9AI score0.99506EPSS
Exploits68References1
OSV
OSV
added 2023/11/03 11:6 a.m.18 views

OESA-2023-1782 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4040cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open, aka a race...

9.8CVSS7.1AI score0.02937EPSS
Exploits1References19
Mozilla
Mozilla
added 2019/05/21 12:0 a.m.143 views

Security vulnerabilities fixed in Firefox 67 — Mozilla

If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main...

9.8CVSS1AI score0.06175EPSS
Exploits1References22Affected Software1
Rows per page
Query Builder