Lucene search
K

61 matches found

CVE
CVE
added 4 days ago33 views

CVE-2026-43722

CVE-2026-43722 affects Apple OS components (kernel) on macOS Tahoe and related iOS/iPadOS versions. The issue could allow an app to leak sensitive kernel state via malicious content processed locally; attack vector is local with required user interaction and no privileges, and exploitation status...

5.5CVSS5.7AI score0.00147EPSS
Exploits0References2Affected Software3
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-53718

Name of the Vulnerable Software and Affected Versions iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description A kernel issue exists where an application may be able to leak sensitive kernel state. The problem is related to insufficient input...

5.5CVSS6AI score0.00147EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.10 views

libcurl 7.10.6 < 8.21.0 Cross-Origin Digest Auth State Leak

The version of libcurl installed on the remote host is 7.10.6 prior to 8.21.0. It is, therefore, affected by a credential disclosure vulnerability: - Successfully using libcurl with Digest authentication and then changing the origin to a different host for a second transfer, reusing the same...

5.8AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-46705

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, the russh server authentication path keeps internal userauth...

5.3CVSS5.6AI score0.00218EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/01 12:0 a.m.9 views

CVE-2026-37234

FlexRIC v2.0.0 allows a single SCTP connection to bind multiple xappids by sending multiple E42SETUPREQUESTs. On disconnect, only the first registered xappid's resources are cleaned up; subsequent xappids and their subscriptions remain as stale entries. A remote attacker can exploit this to leak...

5.8AI score0.00345EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.14 views

PT-2026-45556

Name of the Vulnerable Software and Affected Versions FlexRIC version 2.0.0 Description A flaw allows a single SCTP connection to bind multiple xapp ids by sending multiple E42 SETUP REQUESTs. Upon disconnection, the system only cleans up resources for the first registered xapp id, leaving...

8.2CVSS5.6AI score0.00345EPSS
Exploits1References4
Microsoft CVE
Microsoft CVE
added 2026/05/14 8:3 a.m.10 views

cross-proxy Digest auth state leak

...

5.3CVSS5.8AI score0.00471EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2026/05/07 2:18 a.m.7 views

SUSE CVE-2026-43104

In the Linux kernel, the following vulnerability has been resolved: drm/vc4: Fix a memory leak in hang state error path When vc4savehangstate encounters an early return condition, it returns without freeing the previously allocated kernelstate, leaking memory. Add the missing kfree calls by...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-43105

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/vc4: Fix memory leak of BO array in hang state The hang state's BO array is allocated separately with kzalloc in vc4savehangstate but never freed in...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/01 12:0 a.m.124 views

libcurl 7.12.0 < 8.20.0 Cross-Proxy Digest Auth State Leak

The version of libcurl installed on the remote host is 7.12.0 prior to 8.20.0. It is, therefore, affected by a cross-proxy digest auth state leak vulnerability: - libcurl improperly handles Digest authentication headers when reusing handles across different HTTP proxies. When a client switches fr...

5.3CVSS5.8AI score0.00471EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/04/29 12:0 a.m.6 views

CVE-2026-7168

Successfully using libcurl to do a transfer over a specific HTTP proxy proxyA with Digest authentication and then changing the proxy host to a second one proxyB for a second transfer, reusing the same handle, makes libcurl wrongly pass on the Proxy-Authorization: header field meant for proxyA, to...

5.3CVSS5.8AI score0.00471EPSS
Exploits1References2
OSV
OSV
added 2026/04/29 12:0 a.m.3 views

UBUNTU-CVE-2026-7168

Successfully using libcurl to do a transfer over a specific HTTP proxy proxyA with Digest authentication and then changing the proxy host to a second one proxyB for a second transfer, reusing the same handle, makes libcurl wrongly pass on the Proxy-Authorization: header field meant for proxyA, to...

5.3CVSS5.8AI score0.00471EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.7 views

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011379)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011379 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Don't leak some plane state Apparently no one noticed that mdp5 plane states leak...

5.5CVSS5.8AI score0.00136EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/26 3:16 p.m.3 views

CVE-2026-28867

This issue was addressed with improved authentication. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to leak sensitive kernel state...

5.8AI score0.00224EPSS
Exploits0References1
NVD
NVD
added 2026/03/25 1:17 a.m.4 views

CVE-2026-28867

This issue was addressed with improved authentication. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to leak sensitive kernel state...

6.2CVSS0.00224EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/03/25 12:31 a.m.3 views

CVE-2026-28867

This issue was addressed with improved authentication. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to leak sensitive kernel state...

5.8AI score0.00224EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/03/25 12:31 a.m.6 views

CVE-2026-28867

This issue was addressed with improved authentication. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to leak sensitive kernel state...

5.8AI score0.00224EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/03/25 12:31 a.m.22 views

CVE-2026-28867

This issue was addressed with improved authentication. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to leak sensitive kernel state...

0.00224EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/03/03 12:39 a.m.6 views

OpenClaw: macOS beta onboarding exposed PKCE verifier via OAuth state

Summary The affected surface is the OpenClaw macOS app onboarding flow, and the macOS app is currently in beta. In that beta onboarding flow, Anthropic OAuth used the PKCE codeverifier value as OAuth state, exposing that secret in front-channel URL state. Affected Packages / Versions - Package:...

5.9AI score
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/03 12:0 a.m.4 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005625)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005625 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Don't leak some plane state Apparently no one noticed that mdp5 plane states leak...

5.5CVSS6.3AI score0.00136EPSS
Exploits0References4
Rows per page
Query Builder