Lucene search
K

19 matches found

AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: dmaengine: stm32: dmamux: fix device leak on route allocation Make sure to release the reference taken when looking up the DMA mux platform device during route allocation...

5.5CVSS5.9AI score0.00183EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/12 6:29 p.m.15 views

EUVD-2026-32913

pypdf: Possible long runtimes for zero-only width values in cross-reference streamsuntimes for zero-only width values in cross-reference streams...

5.1CVSS5.1AI score0.00124EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/05/30 1:59 a.m.21 views

SUSE CVE-2026-48156

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams with /W 0 0 0 values and large /Size values. This vulnerability is fixed in 6.12.0...

5.1CVSS5.8AI score0.00124EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.23 views

Linux Distros Unpatched Vulnerability : CVE-2026-48156

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes...

5.1CVSS5.8AI score0.00124EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/05/28 2:50 p.m.12 views

CVE-2026-48156

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams with /W 0 0 0 values and large /Size values. This vulnerability is fixed in 6.12.0...

5.1CVSS5.8AI score0.00124EPSS
Exploits0
NVD
NVD
added 2026/02/18 9:16 p.m.12 views

CVE-2025-1272

The Linux Kernel lockdown mode for kernel versions starting on 6.12 and above for Fedora Linux has the lockdown mode disabled without any warning. This may allow an attacker to gain access to sensitive information such kernel memory mappings, I/O ports, BPF and kprobes. Additionally unsigned...

7.7CVSS0.00231EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/02/15 5:40 p.m.11 views

WordPress AdForest theme <= 6.0.12 - Authentication Bypass vulnerability

Authentication Bypass vulnerability discovered by Phat RiO - BlueRock in WordPress Theme AdForest versions = 6.0.12...

9.8CVSS5.4AI score0.00581EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/12 1:23 a.m.8 views

CVE-2026-1729 AdForest <= 6.0.12 - Authentication Bypass

The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.0.12. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the 'sbloginuserwithotpfun' function. This makes it possible for...

9.8CVSS5.7AI score0.00581EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/01/14 6:16 p.m.2 views

CVE-2026-23477

Rocket.Chat is an open-source, secure, fully customizable communications platform. In Rocket.Chat versions up to 6.12.0, the API endpoint GET /api/v1/oauth-apps.get is exposed to any authenticated user, regardless of their role or permissions. This endpoint returns an OAuth application, as long a...

7.7CVSS5.5AI score0.00306EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.14 views

PT-2026-2940

Rocket.Chat is an open-source, secure, fully customizable communications platform. In Rocket.Chat versions up to 6.12.0, the API endpoint GET /api/v1/oauth-apps.get is exposed to any authenticated user, regardless of their role or permissions. This endpoint returns an OAuth application, as long a...

7.7CVSS6.5AI score0.00306EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2025/11/01 10:54 a.m.4 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: f2fs: Fix to avoid panic in f2fsevict inode As syzbot 1 reported as follows: R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffe17473450 R13: 00007f28b1c10854 R14: 000000000000dae5 R15: 00007ffe17474520 --- End trace:...

5.5CVSS6.1AI score0.00161EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/09/30 12:0 a.m.3 views

NiceHash QuickMiner 安全漏洞

NiceHash QuickMiner is a cryptocurrency miner software open source by NiceHash.com. A security vulnerability exists in NiceHash QuickMiner version 6.12.0 that originates from executing a software update over HTTP without verifying digital signatures or hash checking, which could lead to remote co...

9.8CVSS7.8AI score0.00418EPSS
Exploits2References2
OSV
OSV
added 2025/06/07 12:15 p.m.4 views

CVE-2024-9994

The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the eaelpricingitemtooltipcontent parameter of the Pricing Table Widget in all versions up to, and including, 6.1.12 due...

5.4CVSS5.9AI score0.00174EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/06/07 12:0 a.m.3 views

WordPress plugin Essential Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.4CVSS6AI score0.00174EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/01/19 12:0 a.m.18 views

PT-2025-8844

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.12.0-rc7+ Description A race condition in the Linux kernel's RDMA/mlx5 module can lead to a CQE error, causing the UMR QP to enter an error state. This occurs when the mlx5 ib dereg mr flow and mlx5 ib invalida...

4.7CVSS7.1AI score0.00129EPSS
Exploits0
Cvelist
Cvelist
added 2025/01/06 3:38 p.m.27 views

CVE-2025-21611 tgstation-server's role authorization incorrectly OR'd with user's enabled status

tgstation-server is a production scale tool for BYOND server management. Prior to 6.12.3, roles used to authorize API methods were incorrectly OR'd instead of AND'ed with the role used to determine if a user was enabled. This allows enabled users access to most, but not all, authorized actions...

8.8CVSS0.00461EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/01/17 12:0 a.m.4 views

PT-2023-33139 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.12 Description: The issue is related to a wrong empty schemes assumption under online tuning in the damon sysfs set schemes function. The actual impact and attack plausibility have not yet been proven...

7.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/01/17 12:0 a.m.4 views

PT-2023-33180 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v4.8 through v6.0.11 Description: The issue concerns an out-of-bounds read in the afe4404 read|write raw functions. This problem was introduced in version v4.8 and is fixed in version v6.0.12. The actual impact and attac...

7.1AI score
Exploits0References1
CNNVD
CNNVD
added 2021/11/01 12:0 a.m.4 views

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin WPeMatico RSS Feed Fetcher prior...

4.8CVSS4.9AI score0.00622EPSS
Exploits2References1
Rows per page
Query Builder