Lucene search
K

130 matches found

CVE
CVE
added 2026/06/24 4:30 p.m.13 views

CVE-2026-53100

The CVE-2026-53100 entry describes a deadlock in the Linux kernel’s wifi/mt76 path when remain-on-channel is used. Specifically, mt76_remain_on_channel() and mt76_roc_complete() call mt76_set_channel() while dev->mutex is already held; since mt76_set_channel() also acquires dev->mutex, this...

5.7AI score0.00166EPSS
Exploits0References3
OSV
OSV
added 2026/06/23 9:24 p.m.4 views

GHSA-9FXM-VC8V-HJ55 jackson-databind's renamed @JsonIgnore'd setters can deserialize via private fields

Summary POJOPropertiesCollector.renameProperties allows a property with @JsonProperty"renamed" on the getter and @JsonIgnore on the setter to be renamed rather than dropped. With MapperFeature.INFERPROPERTYMUTATORS enabled default, the private backing field is retained; during deserialization...

5.3CVSS5.9AI score0.00282EPSS
Exploits0References6
Snyk
Snyk
added 2026/06/23 9:24 p.m.19 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object...

6.9CVSS6AI score0.00282EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/23 9:24 p.m.8 views

jackson-databind's renamed @JsonIgnore'd setters can deserialize via private fields

Summary POJOPropertiesCollector.renameProperties allows a property with @JsonProperty"renamed" on the getter and @JsonIgnore on the setter to be renamed rather than dropped. With MapperFeature.INFERPROPERTYMUTATORS enabled default, the private backing field is retained; during deserialization...

5.3CVSS5.9AI score0.00282EPSS
Exploits0References6Affected Software2
OSV
OSV
added 2026/06/23 8:48 p.m.1 views

CVE-2026-54516 jackson-databind: Renamed @JsonIgnore'd setters can deserialize via private fields

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, POJOPropertiesCollector.renameProperties allows a property with @JsonProperty"renamed" on the getter and @JsonIgnore on the setter to be renamed...

5.3CVSS6AI score0.00282EPSS
Exploits0References7
OSV
OSV
added 2026/06/22 3:12 p.m.2 views

SUSE-SU-2026:22343-1 Security update for firewalld

This update for firewalld fixes the following issue - CVE-2026-4948: local unprivileged users can modify firewall state due to D-Bus setter mis-authorizations bsc1260903...

5.5CVSS5.8AI score0.00118EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/29 5:38 p.m.37 views

vm2 setup-sandbox.js violates Defense Invariant #11 in stack-trace formatter

Summary defaultSandboxPrepareStackTrace in lib/setup-sandbox.js lines 605, 607 appends to a fresh sandbox-realm lines = via lineslines.length = value. This is the exact invariant-violating pattern that GHSA-9qj6-qjgg-37qq commit ca195f0, 2026-05-01 just patched in neutralizeArraySpeciesBatch and...

5.8AI score
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/29 5:38 p.m.22 views

GHSA-Q3FM-4WCW-G57X vm2 setup-sandbox.js violates Defense Invariant #11 in stack-trace formatter

Summary defaultSandboxPrepareStackTrace in lib/setup-sandbox.js lines 605, 607 appends to a fresh sandbox-realm lines = via lineslines.length = value. This is the exact invariant-violating pattern that GHSA-9qj6-qjgg-37qq commit ca195f0, 2026-05-01 just patched in neutralizeArraySpeciesBatch and...

2.1CVSS5.8AI score
Exploits0References4
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.15 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the cgroup setter in schedext reading scxroot before acquiring a lock. This could lead to reusing...

7CVSS5.8AI score0.0012EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.19 views

PT-2026-42689

Name of the Vulnerable Software and Affected Versions js-cookie versions prior to 3.0.7 Description The internal assign function copies properties using a for...in loop and plain assignment. When a source object is created via JSON.parse, the proto member is treated as an own enumerable property...

7.5CVSS5.5AI score0.00432EPSS
Exploits0References24
OSV
OSV
added 2026/05/16 12:29 a.m.7 views

CLSA-2026-1778891359 libpng: Fix of CVE-2026-34757

CVE-2026-34757: use-after-free in pngsetPLTE, pngsettRNS, pngsethIST, pngsettext, pngsetsPLT and pngsetunknownchunks when the caller passes the pointer returned by the corresponding getter back to the setter...

5.1CVSS5.8AI score0.00195EPSS
Exploits1References1
OSV
OSV
added 2026/05/14 11:59 a.m.10 views

JLSEC-2026-498

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from pnggetPLTE, pnggettRNS, or pnggethIST back into the corresponding setter on the same...

5.1CVSS5.9AI score0.00195EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/05/11 7:4 p.m.13 views

CVE-2026-42874 Microdot: HTTP response splitting in Response.set_cookie()

Microdot is a minimalistic Python web framework. Prior to 2.6.1, the Response.setcookie method does not sanitize its string arguments, and in particular will not detect the presence of the \r\n sequence in them. This can be a potential source of header injection attacks. For a header injection...

3.7CVSS5.8AI score0.00215EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.9 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : libpng vulnerabilities (USN-8251-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8251-1 advisory. It was discovered that libpng incorrectly handled memory when processing certain PNG files. If a user or automated system were tricke...

7.6CVSS6.6AI score0.01052EPSS
Exploits2References4
Snyk
Snyk
added 2026/05/08 3:58 p.m.21 views

Arbitrary Code Injection

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection despite the recently introduced neutralizeArraySpeciesBatch helper in lib/bridge.js. An attacker can execute arbitrary code ...

10CVSS6.2AI score0.00851EPSS
Exploits1References3
Snyk
Snyk
added 2026/05/08 3:58 p.m.8 views

Arbitrary Code Injection

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection despite the recently introduced neutralizeArraySpeciesBatch helper in lib/bridge.js. An attacker can execute...

10CVSS6.5AI score0.00851EPSS
Exploits1References3
Ubuntu
Ubuntu
added 2026/05/07 1:37 p.m.24 views

USN-8251-1: libpng vulnerabilities

It was discovered that libpng incorrectly handled memory when processing certain PNG files. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service, or possibly execute...

7.6CVSS6.5AI score0.01052EPSS
Exploits2
OSV
OSV
added 2026/05/07 1:37 p.m.7 views

USN-8251-1 libpng1.6 vulnerabilities

It was discovered that libpng incorrectly handled memory when processing certain PNG files. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service, or possibly execute...

7.6CVSS6.5AI score0.01052EPSS
Exploits2References4
OSV
OSV
added 2026/05/03 9:56 a.m.6 views

OESA-2026-2149 libpng security update

The libpng package contains libraries used by other programs for reading and writing PNG format files. The PNG format was designed as a replacement for GIF and, to a lesser extent, TIFF, with many improvements and extensions and lack of patent problems. Security Fixes: LIBPNG is a reference libra...

5.1CVSS5.9AI score0.00195EPSS
Exploits1References2
Microsoft CVE
Microsoft CVE
added 2026/05/02 8:1 a.m.16 views

Firewalld: firewalld: local unprivileged user can modify firewall state due to d-bus setter mis-authorization

...

5.5CVSS5.8AI score0.00118EPSS
Exploits0
Rows per page
Query Builder