Lucene search
K

4416 matches found

CVE
CVE
added 2026/06/24 4:29 p.m.6 views

CVE-2026-53054

CVE-2026-53054 affects the Linux kernel DRM subsystem for Qualcomm Adreno (MSM) where an incorrect argument in VM_BIND UNMAP locking caused certain objects involved in UNMAP operations to not be consistently locked. The issue could impact system stability, particularly for non-NO_SHARE buffer obj...

7.8CVSS5.7AI score0.00127EPSS
Exploits0References3
NVD
NVD
added 2026/06/24 10:17 a.m.14 views

CVE-2026-52944

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix FSCTL permission bypass by adding a permission check for FSCTLSETSPARSE FSCTLSETSPARSE in fsctlsetsparse modifies the file's sparse attribute and saves it through xattr without any permission checks. This exposes two...

5.5CVSS0.00121EPSS
Exploits0References4
CVE
CVE
added 2026/06/24 9:59 a.m.20 views

CVE-2026-52944

Technical details are not publicly available in the provided documents. The CVE describes a permission bypass in ksmbd/fsctl_set_sparse, but no concrete affected products/versions/fixes are included here. Monitor for updates and vendor advisories.

5.5CVSS5.8AI score0.00121EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/06/24 9:59 a.m.8 views

EUVD-2026-38734

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix FSCTL permission bypass by adding a permission check for FSCTLSETSPARSE FSCTLSETSPARSE in fsctlsetsparse modifies the file's sparse attribute and saves it through xattr without any permission checks. This exposes two...

5.8AI score0.00121EPSS
Exploits0References4
CVE
CVE
added 2026/06/24 6:0 a.m.13 views

CVE-2026-10531

The CVE describes Stored XSS in the WordPress plugin “AI Share & Summarize” prior to version 2.0.4. The root cause is insufficient sanitisation/escaping of shortcode attributes (notably title_style) before output, enabling users with the Contributor role or higher to inject scripts on pages. Affe...

5.4CVSS5.8AI score0.00133EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-52944

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: fix FSCTL permission bypass by adding a permission check for FSCTLSETSPARSE FSCTLSETSPARSE in fsctlsetsparse modifies the file's sparse attribute and sav...

5.5CVSS6AI score0.00121EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-51759

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the Linux kernel, the fsctl set sparse function fails to perform necessary permission checks when processing the FSCTL SET SPARSE operation. This allows a client on a read-only share ...

5.5CVSS6AI score0.00121EPSS
Exploits0References18
NVD
NVD
added 2026/06/23 9:16 p.m.8 views

CVE-2026-47279

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the public shared-view relation endpoints accepted a caller-supplied column ID without verifying that the column was visible in the shared view, so anyone holding a share UUID could read links from any LTAR column on t...

6.9CVSS0.00239EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/23 8:18 p.m.5 views

CVE-2026-47279

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the public shared-view relation endpoints accepted a caller-supplied column ID without verifying that the column was visible in the shared view, so anyone holding a share UUID could read links from any LTAR column on t...

6.9CVSS5.9AI score0.00239EPSS
Exploits0References2Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in gnutls28

A flaw was discovered in gnutls. A use-after-free issue in the client’s sending of the keyshare extension may lead to memory corruption and other related issues...

9.8CVSS6.7AI score0.03751EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/17 5:50 p.m.11 views

CVE-2026-48818 Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows

Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and earlier, StaticFiles on Windows is vulnerable to SSRF. An UNC path such as \attacker.com\share can cause os.path.realpath to initiate an outbound SMB connection before the path is rejected, exposing the service account’s...

7.5CVSS5.3AI score0.00368EPSS
Exploits0References4
CVE
CVE
added 2026/06/17 5:50 p.m.115 views

CVE-2026-48818

CVE-2026-48818 concerns Starlette’s StaticFiles on Windows. In versions up to 1.0.1, when handling UNC paths (for example, \attacker.com\share), os.path.realpath can initiate an outbound SMB connection before the path is rejected, triggering SSRF and exposing the service account’s NTLMv2 credenti...

7.5CVSS5.3AI score0.00368EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2026/06/16 11:55 p.m.9 views

GO-2026-5055 File Browser: Symlink following lets scoped users read, overwrite, and share files outside their filebrowser scope in github.com/filebrowser/filebrowser

File Browser: Symlink following lets scoped users read, overwrite, and share files outside their filebrowser scope in github.com/filebrowser/filebrowser...

7.5CVSS5.3AI score0.0046EPSS
Exploits0References3
NVD
NVD
added 2026/06/16 8:16 p.m.11 views

CVE-2026-48777

FileBrowser Quantum is a free, self-hosted, web-based file manager. Versions prior to 1.3.2-stable, 1.4.0-beta and 1.4.1-beta are vulnerable to Path Traversal through the publicPatchHandler in backend/http/public.go which joins user-controlled fromPath and toPath body fields with the trusted...

9.3CVSS0.00446EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/16 6:40 p.m.47 views

CVE-2026-48777 FileBrowser Quantum: Path Traversal in public share PATCH allows file ops outside shared directory

FileBrowser Quantum is a free, self-hosted, web-based file manager. Versions prior to 1.3.2-stable, 1.4.0-beta and 1.4.1-beta are vulnerable to Path Traversal through the publicPatchHandler in backend/http/public.go which joins user-controlled fromPath and toPath body fields with the trusted...

9.3CVSS0.00446EPSS
Exploits0References3
CVE
CVE
added 2026/06/16 6:40 p.m.31 views

CVE-2026-48777

CVE-2026-48777 — FileBrowser Quantum has a path-traversal in the public share PATCH endpoint. Versions prior to 1.3.2-stable, 1.4.0-beta, and 1.4.1-beta allow an attacker with a public share link that has AllowModify=true to move, copy, or rename files outside the share root by abusing publicPatc...

9.3CVSS5.4AI score0.00446EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/15 9:30 p.m.10 views

EUVD-2026-36783

Incorrect access control in the share-based read endpoints of Sismics Docs Teedy v1.11 allow unauthorized attackers to access sensitive endpoints via a crafted request...

5.2AI score0.00287EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 8:16 p.m.10 views

CVE-2026-50885

Incorrect access control in the share-based read endpoints of Sismics Docs Teedy v1.11 allow unauthorized attackers to access sensitive endpoints via a crafted request...

7.5CVSS0.00287EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.11 views

PT-2026-49326

Name of the Vulnerable Software and Affected Versions Sismics Docs Teedy version 1.11 Description Incorrect access control in the share-based read endpoints allows unauthorized attackers to access sensitive endpoints by sending a crafted request. Recommendations At the moment, there is no...

7.5CVSS5.9AI score0.00287EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/15 12:0 a.m.32 views

CVE-2026-50885

Incorrect access control in the share-based read endpoints of Sismics Docs Teedy v1.11 allow unauthorized attackers to access sensitive endpoints via a crafted request...

0.00287EPSS
Exploits0References1
Rows per page
Query Builder