Lucene search
K

1693 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: ep: Only send -ENOTCONN status if the client driver is available. For the STOP and RESET commands, only send the channel disconnect status -ENOTCONN if the client driver is available. Otherwise, it will result in a null...

5.2AI score0.00166EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: In media: iris: gen2, a sanity check for session termination was added. In iriskillsession, inst-state is set to IRISINSTERROR, and sessionclose is executed, which will free memory allocated to insthfigen2-packet. If stopstreamin...

5.5CVSS5.7AI score0.00126EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: kthread: Unpark only parks kthreads. Calling kthreadunpark unconditionally is mostly harmless when the kthread is already unparked. In that case, the wake-up call is simply ignored because the task is not in the TASKPARKED state...

5.5CVSS6.2AI score0.00235EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: vfio: Split migration operations from main device operations The vfio core checks whether the driver sets certain migration operations e.g., setstate/getstate, and accordingly calls those operations. However, currently, the ml...

5.5CVSS6.4AI score0.0014EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 1:0 a.m.12 views

Malicious code in code-tool-langfuse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13591fd81486fc2001b5c998ff87badefcb81f4c396aa43675a7280a6fed23cf The package installs a Claude Code Stop hook and patches OpenCode plugin code so that every future AI session's user prompts, assistant responses, to...

5.8AI score
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.17 views

Linux Distros Unpatched Vulnerability : CVE-2026-43412

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop and start During ADSP stop and start, the kernel crashes due to the order in which ASoC components...

5.5CVSS6AI score0.00123EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.7 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021645)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021645 advisory. In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix a server shutdown leak Fix a race where kthreadstop may prevent the threadfn from eve...

5.5CVSS5.8AI score0.00154EPSS
Exploits0References4
OSV
OSV
added 2026/05/16 1:33 a.m.13 views

CLSA-2026-1778895199 Fix CVE(s): CVE-2024-50602

SECURITY UPDATE: Crash in XMLResumeParser because XMLStopParser can stop/suspend an unstarted parser - debian/patches/CVE-2024-50602.patch: make XMLStopParser refuse to stop/suspend an unstarted parser - CVE-2024-50602...

5.9CVSS5.8AI score0.0104EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/15 7:18 p.m.7 views

CVE-2026-45399 Open WebUI: Low-privilege authenticated users can enumerate and stop global background tasks, causing system-wide chat disruption

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user with low privileges can enumerate active background tasks across the system and stop tasks belonging to other users via the GET /api/tasks and POST...

7.1CVSS5.8AI score0.0027EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 7:18 p.m.12 views

CVE-2026-45399

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user with low privileges can enumerate active background tasks across the system and stop tasks belonging to other users via the GET /api/tasks and POST...

7.1CVSS5.8AI score0.0027EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/05/15 7:18 p.m.29 views

CVE-2026-45399

Open WebUI CVE-2026-45399 describes a broken authorization gap in multi-user deployments: before release 0.9.0, authenticated, low-privilege users could enumerate and stop global background tasks via GET /api/tasks and POST /api/tasks/stop/{task_id}, impacting integrity and availability across us...

7.1CVSS5.8AI score0.0027EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/05/15 7:18 p.m.66 views

CVE-2026-45399 Open WebUI: Low-privilege authenticated users can enumerate and stop global background tasks, causing system-wide chat disruption

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user with low privileges can enumerate active background tasks across the system and stop tasks belonging to other users via the GET /api/tasks and POST...

7.1CVSS0.0027EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.12 views

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of authorization checks in the GET /api/tasks and POST /api/tasks/stop/taskid...

7.1CVSS5.8AI score0.0027EPSS
Exploits1References1
Snyk
Snyk
added 2026/05/14 8:26 p.m.10 views

Missing Authorization

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authorization in the GET /api/tasks and POST /api/tasks/stop/taskid endpoints, which lack proper ownership checks. An attacker can enumerate and terminate background tasks belonging to other users by...

7.1CVSS5.8AI score0.0027EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/05/13 3:34 a.m.10 views

SUSE CVE-2026-43412

In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop and start During ADSP stop and start, the kernel crashes due to the order in which ASoC components are removed. On ADSP stop, the q6apm-audio .remove callback unloads...

5.8AI score0.00123EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/11 11:56 p.m.12 views

Malicious code in @tanstack/router-devtools-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fb87d1d0c584c5a4a5081a2823f9791c367b90702417bfee06d31e57856c1535 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/05/08 10:46 p.m.8 views

CVE-2026-43412

A flaw was found in the Linux kernel's Advanced Linux Sound Architecture ALSA System on Chip ASoC subsystem, specifically within the Qualcomm qcom qdsp6 audio driver. During the stop and start process of the Audio Digital Signal Processor ADSP, an incorrect order of component removal can occur...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/08 3:31 p.m.10 views

EUVD-2026-28611

In the Linux kernel, the following vulnerability has been resolved: USB: dummy-hcd: Fix locking/synchronization error Syzbot testing was able to provoke an addressing exception and crash in the usbgadgetudcreset routine in drivers/usb/gadgets/udc/core.c, resulting from the fact that the routine w...

5.8AI score0.00095EPSS
Exploits0References9
NVD
NVD
added 2026/05/08 3:16 p.m.18 views

CVE-2026-43412

In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop and start During ADSP stop and start, the kernel crashes due to the order in which ASoC components are removed. On ADSP stop, the q6apm-audio .remove callback unloads...

5.5CVSS0.00123EPSS
Exploits0References6
CVE
CVE
added 2026/05/08 2:21 p.m.21 views

CVE-2026-43412

CVE-2026-43412 pertains to the Linux kernel ASoC Qualcomm qdsp6 driver. The root cause is an incorrect removal order during ADSP stop/start, where q6apm-audio teardown can delete RTDs containing q6apm DAI components before their removal pass, leaving components linked to the card and causing a cr...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder