Lucene search
+L

1109 matches found

osv
osv
added 2026/07/05 12:5 p.m.5 views

RLSA-2026:33124 Moderate: coreutils security update

The coreutils packages contain the GNU Core Utilities and represent a combination of the previously used GNU fileutils, sh-utils, and textutils packages. Security Fixes: coreutils: Heap Buffer Under-Read in GNU Coreutils sort via Key Specification CVE-2025-5278 For more details about the security...

4.4CVSS5.9AI score0.00224EPSS
Exploits0References2
debiancve
debiancve
added 2026/07/01 5:59 p.m.9 views

CVE-2026-53492

containerd is an open-source container runtime. In Versions prior to 2.3.2, 2.2.5 and 2.1.9, the CRI implementation improperly trusts Container Device Interface CDI annotations found within untrusted checkpoint image metadata during container restoration. When restoring a container from a...

9.6CVSS5.9AI score0.00412EPSS
Exploits0
osv
osv
added 2026/06/30 6:20 p.m.5 views

GHSA-M63V-2G9W-2W6V Fission: Environment Runtime.Container and Builder.Container SecurityContext bypass allows privileged pod creation

Summary A follow-up bypass of the round-4 PodSpec hardening GHSA-gx55-f84r-v3r7, GHSA-wmgg-3p4h-48x7, GHSA-v455-mv2v-5g92. Those advisories validate and sanitize the PodSpec spec.runtime.podSpec / spec.builder.podSpec / function.spec.podSpec, but the Environment CRD also exposes...

9.9CVSS5.8AI score0.0029EPSS
Exploits0References6
euvd
euvd
added 2026/06/30 6:18 p.m.12 views

EUVD-2026-36098

Fission Environment CRD PodSpec Injection Leading to Node Escape and Cluster Takeover...

9.9CVSS5.8AI score0.003EPSS
Exploits0References7
osv
osv
added 2026/06/29 11:50 a.m.8 views

PYSEC-2026-446 Code execution in pandasai

GenerateSDFPipeline in syntheticdataframe in PandasAI aka pandas-ai through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language specification of this Python code. NOTE:...

9.8CVSS7.8AI score0.01006EPSS
Exploits1References5
osv
osv
added 2026/06/29 12:0 a.m.11 views

ALSA-2026:33124 Moderate: coreutils security update

The coreutils packages contain the GNU Core Utilities and represent a combination of the previously used GNU fileutils, sh-utils, and textutils packages. Security Fixes: coreutils: Heap Buffer Under-Read in GNU Coreutils sort via Key Specification CVE-2025-5278 For more details about the security...

4.4CVSS5.8AI score0.00224EPSS
Exploits0References4
osv
osv
added 2026/06/25 12:3 p.m.4 views

RLSA-2026:28911 Moderate: coreutils security update

The coreutils packages contain the GNU Core Utilities and represent a combination of the previously used GNU fileutils, sh-utils, and textutils packages. Security Fixes: coreutils: Heap Buffer Under-Read in GNU Coreutils sort via Key Specification CVE-2025-5278 For more details about the security...

4.4CVSS5.9AI score0.00224EPSS
Exploits0References2
euvd
euvd
added 2026/06/24 4:30 p.m.6 views

EUVD-2026-38925

In the Linux kernel, the following vulnerability has been resolved: iommu/riscv: Add IOTINVAL after updating DDT/PDT entries Add riscviommuiodiriotinval to perform required TLB and context cache invalidations after updating DDT or PDT entries, as mandated by the RISC-V IOMMU specification Section...

5.7AI score0.00127EPSS
Exploits0References3
cve
cve
added 2026/06/24 4:30 p.m.8 views

CVE-2026-53057

The CVE-2026-53057 entry describes a Linux kernel IOMMU issue for RISCV: after updating DDT/PDT entries, the system must invalidate TLB and context cache entries. The fix adds riscv_iommu_iodir_iotinval() to perform the required IOTINVAL-based invalidations in accordance with the RISC-V IOMMU spe...

8.8CVSS5.7AI score0.00127EPSS
Exploits0References3
cvelist
cvelist
added 2026/06/24 4:30 p.m.38 views

CVE-2026-53057 iommu/riscv: Add IOTINVAL after updating DDT/PDT entries

In the Linux kernel, the following vulnerability has been resolved: iommu/riscv: Add IOTINVAL after updating DDT/PDT entries Add riscviommuiodiriotinval to perform required TLB and context cache invalidations after updating DDT or PDT entries, as mandated by the RISC-V IOMMU specification Section...

8.8CVSS0.00127EPSS
Exploits0References3
astralinux
astralinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: iio: imu: stlsm6dsx: Fix for iiochanspec for sensors without event detection. The stlsm6dsxaccchannels array within struct iiochanspec contains a eventspec field that is not NULL, indicating that the sensor supports IIO events...

5.8AI score0.00168EPSS
Exploits0References2
osv
osv
added 2026/06/24 12:0 a.m.17 views

ALSA-2026:28911 Moderate: coreutils security update

The coreutils packages contain the GNU Core Utilities and represent a combination of the previously used GNU fileutils, sh-utils, and textutils packages. Security Fixes: coreutils: Heap Buffer Under-Read in GNU Coreutils sort via Key Specification CVE-2025-5278 For more details about the security...

4.4CVSS5.9AI score0.00224EPSS
Exploits0References4
almalinux
almalinux
added 2026/06/24 12:0 a.m.8 views

Moderate: coreutils security update

The coreutils packages contain the GNU Core Utilities and represent a combination of the previously used GNU fileutils, sh-utils, and textutils packages. Security Fixes: coreutils: Heap Buffer Under-Read in GNU Coreutils sort via Key Specification CVE-2025-5278 For more details about the security...

4.4CVSS5.9AI score0.00224EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/06/22 4:57 p.m.5 views

CVE-2026-53537

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, parseoptionsheader parsed Content-Disposition and Content-Type headers with email.message.Message, which transparently applies RFC 2231/5987 decoding. The extended parameter syntax filename=charset'lang'value, name=...,...

3.7CVSS5.9AI score0.00177EPSS
Exploits0References2Affected Software1
github
github
added 2026/06/12 3:4 p.m.13 views

Go-Attestation: Hash injection into trusted measurement list via unskipped SignatureHeaderSize vendor bytes in parseEfiSignatureList()

Summary parseEfiSignatureList in attest/internal/events.go does not skip SignatureHeaderSize vendor bytes before reading EFISIGNATURELIST signature entries, violating UEFI specification section 31.4.1. Impact For hashSHA256SigGUID lists, attacker-controlled vendor header bytes are appended direct...

5.5AI score
Exploits0References5Affected Software1
cvelist
cvelist
added 2026/06/12 2:11 p.m.30 views

CVE-2026-8694 Improper access control on the API documentation endpoint in PowerShell Universal

Improper access control in Devolutions PowerShell Universal 2026.1.7 and earlier allows an unauthenticated remote attacker to obtain the OpenAPI specification of user-defined REST endpoints...

0.00221EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/12 2:11 p.m.9 views

CVE-2026-8694 Improper access control on the API documentation endpoint in PowerShell Universal

Improper access control in Devolutions PowerShell Universal 2026.1.7 and earlier allows an unauthenticated remote attacker to obtain the OpenAPI specification of user-defined REST endpoints...

5.3AI score0.00221EPSS
Exploits0References1
cve
cve
added 2026/06/12 2:11 p.m.22 views

CVE-2026-8694

CVE-2026-8694 involves an improper access control flaw in Devolutions PowerShell Universal up to version 2026.1.7, where an unauthenticated remote attacker can obtain the OpenAPI specification of user-defined REST endpoints. The affected component is the OpenAPI/REST endpoint documentation expose...

5.3CVSS5.4AI score0.00221EPSS
Exploits0References1Affected Software1
euvd
euvd
added 2026/06/12 2:11 p.m.10 views

EUVD-2026-36438

Improper access control in Devolutions PowerShell Universal 2026.1.7 and earlier allows an unauthenticated remote attacker to obtain the OpenAPI specification of user-defined REST endpoints...

5.3CVSS5.3AI score0.00221EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/12 12:0 a.m.17 views

PT-2026-48887

Improper access control in Devolutions PowerShell Universal 2026.1.7 and earlier allows an unauthenticated remote attacker to obtain the OpenAPI specification of user-defined REST endpoints...

5.4AI score0.00221EPSS
Exploits0References2
Rows per page
Query Builder