7923 matches found
CVE-2026-35411 Directus is an Open Redirect in Admin 2FA Setup Page
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, Directus is vulnerable to an open redirect via the redirect query parameter on the /admin/tfa-setup page. When an administrator who has not yet configured Two-Factor Authentication 2FA visits a...
CVE-2026-35411
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, Directus is vulnerable to an open redirect via the redirect query parameter on the /admin/tfa-setup page. When an administrator who has not yet configured Two-Factor Authentication 2FA visits a...
CVE-2026-35411 Directus is an Open Redirect in Admin 2FA Setup Page
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, Directus is vulnerable to an open redirect via the redirect query parameter on the /admin/tfa-setup page. When an administrator who has not yet configured Two-Factor Authentication 2FA visits a...
CVE-2026-35411
Directus prior to 11.16.1 is vulnerable to an open redirect on the /admin/tfa-setup page via the redirect parameter. An administrator who has not configured 2FA can be presented with the legitimate 2FA setup page, and after completing setup the app redirects to an attacker‑controlled URL without ...
VulnHive-AI
Pentest Agent AI-powered penetration testing agent using Clau...
CVE-2026-35043
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the cloud deployment path in src/bentoml/internal/cloud/deployment.py was not included in the fix for CVE-2026-33744. Line 1648 interpolates systempackages directly into a...
CVE-2026-35043 BentoML: command injection in cloud deployment setup script (deployment.py)
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the cloud deployment path in src/bentoml/internal/cloud/deployment.py was not included in the fix for CVE-2026-33744. Line 1648 interpolates systempackages directly into a...
CVE-2026-35043
CVE-2026-35043 affects BentoML prior to 1.4.38. The cloud deployment path in bentoml/_internal/cloud/deployment.py interpolates system_packages directly into a shell command in the generated setup.sh, enabling remote code execution on the CI/CD cloud build infrastructure during deployment. The is...
EUVD-2026-19241
A vulnerability was identified in Free5GC 4.2.0. This affects an unknown function of the component NGSetupRequest Handler. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit is publicly available and might be used...
CVE-2026-5661
A vulnerability was identified in Free5GC 4.2.0. This affects an unknown function of the component NGSetupRequest Handler. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit is publicly available and might be used...
CVE-2026-5661 Free5GC NGSetupRequest denial of service
A vulnerability was identified in Free5GC 4.2.0. This affects an unknown function of the component NGSetupRequest Handler. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit is publicly available and might be used...
CVE-2026-5661
The CVE-2026-5661 affects Free5GC 4.2.0, specifically the NGSetupRequest Handler. The vulnerability allows denial of service via remote manipulation of the NGSetupRequest function. The attack can be launched remotely, and a public exploit is available. No remediation details are provided in the s...
CVE-2026-31409
In the Linux kernel, the following vulnerability has been resolved: ksmbd: unset conn-binding on failed binding request When a multichannel SMB2SESSIONSETUP request with SMB2SESSIONREQFLAGBINDING fails ksmbd sets conn-binding = true but never clears it on the error path. This leaves the connectio...
UBUNTU-CVE-2026-31409
In the Linux kernel, the following vulnerability has been resolved: ksmbd: unset conn-binding on failed binding request When a multichannel SMB2SESSIONSETUP request with SMB2SESSIONREQFLAGBINDING fails ksmbd sets conn-binding = true but never clears it on the error path. This leaves the connectio...
kernel: Linux kernel: Local denial of service and memory leak in DAMON sysfs via setup failure
A flaw was found in the Linux kernel's Data Access MONitor DAMON sysfs interface. A local attacker, typically a privileged user, could exploit a cleanup bug during DAMON context setup. If the setup fails after the attrs directory is created, stale sysfs directories are left behind. This can lead ...
CVE-2026-31409
In the Linux kernel, the following vulnerability has been resolved: ksmbd: unset conn-binding on failed binding request When a multichannel SMB2SESSIONSETUP request with SMB2SESSIONREQFLAGBINDING fails ksmbd sets conn-binding = true but never clears it on the error path. This leaves the connectio...
PT-2026-30605
A vulnerability was identified in Free5GC 4.2.0. This affects an unknown function of the component NGSetupRequest Handler. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit is publicly available and might be used...
free5GC 安全漏洞
free5GC is an open-source project for the 5th generation 5G mobile core network. Version 4.2.0 of free5GC contains a security vulnerability, which stems from issues with the NGSetupRequest Handler component and could lead to denial-of-service attacks...
MAL-2026-2494 Malicious code in databasetapes (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d859d21aa59dfad2efc5c2f98253cd1cc808621fb3b7525037c104324e27dfe8 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...
util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup
...