Lucene search
K

1601 matches found

EUVD
EUVD
added 6 days ago8 views

EUVD-2026-24992

install: TOCTOU symlink race unlink-then-create without OEXCL allows arbitrary file overwrite...

6.3CVSS6AI score0.00118EPSS
Exploits1References5
OSV
OSV
added 2026/07/02 12:0 a.m.4 views

UBUNTU-CVE-2026-53333

In the Linux kernel, the following vulnerability has been resolved: mm/mincore: handle non-swap entries before !CONFIGSWAP guard mincoreswap also fields migration/hwpoison entries and shmem swapin-error entries, which can exist on !CONFIGSWAP builds when CONFIGMIGRATION or CONFIGMEMORYFAILURE is...

5.7AI score0.00154EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-53333

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/mincore: handle non-swap entries before !CONFIGSWAP guard mincoreswap also fields migration/hwpoison entries and shmem swapin-error entries, which can exist ...

6AI score0.00154EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.3 views

Vim 9.2.0320 < 9.2.0679 Out-of-Bounds Read (GHSA-ww8h-47xp-hp4w)

The version of Vim installed on the remote host is between 9.2.0320 and 9.2.0679 exclusive. It is, therefore, affected by a vulnerability. - A crafted undo or swap file can store a virtual-text property whose offset and length point outside the line's property data. When Vim restores or displays...

6.8CVSS5.9AI score0.00119EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/07/01 8:7 p.m.6 views

CVE-2026-53333

A flaw was found in the Linux kernel's memory management mm/mincore. This vulnerability occurs when handling non-swap memory entries, particularly in systems configured without swap. An issue in the mincorepterange function can cause the system to incorrectly report certain memory pages as...

5.5CVSS5.8AI score0.00154EPSS
Exploits0References4
NVD
NVD
added 2026/07/01 3:16 p.m.6 views

CVE-2026-12374

Improper certificate validation and a time-of-check time-of-use TOCTOU race condition in the PrivilegedHelperTool XPC service in Cato Client before v.5.13.1 on macOS allows a local authenticated attacker to escalate privileges to root via a self-signed certificate that bypasses the XPC caller...

7.3CVSS0.00055EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 2:7 p.m.36 views

CVE-2026-12374

CVE-2026-12374 affects the macOS PrivilegedHelperTool in Cato Client prior to v5.13.1. The issue combines improper XPC caller certificate validation with a TOCTOU race, allowing a local authenticated attacker to escalate to root by using a self-signed certificate that bypasses XPC caller verifica...

7.3CVSS5.8AI score0.00055EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/01 2:7 p.m.5 views

CVE-2026-12374

Improper certificate validation and a time-of-check time-of-use TOCTOU race condition in the PrivilegedHelperTool XPC service in Cato Client before v.5.13.1 on macOS allows a local authenticated attacker to escalate privileges to root via a self-signed certificate that bypasses the XPC caller...

7.3CVSS5.8AI score0.00055EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/07/01 1:32 p.m.7 views

CVE-2026-53333

In the Linux kernel, the following vulnerability has been resolved: mm/mincore: handle non-swap entries before !CONFIGSWAP guard mincoreswap also fields migration/hwpoison entries and shmem swapin-error entries, which can exist on !CONFIGSWAP builds when CONFIGMIGRATION or CONFIGMEMORYFAILURE is...

5.7AI score0.00154EPSS
Exploits0
CVE
CVE
added 2026/07/01 1:32 p.m.14 views

CVE-2026-53333

The CVE-2026-53333 entry describes a Linux kernel vulnerability in mm/mincore where mincore_pte_range() could spuriously WARN and report nonresident pages on !CONFIG_SWAP kernels due to the !IS_ENABLED(CONFIG_SWAP) guard running before certain non-swap entries are checked. The fix moves the guard...

5.8AI score0.00154EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 1:32 p.m.6 views

EUVD-2026-40967

In the Linux kernel, the following vulnerability has been resolved: mm/mincore: handle non-swap entries before !CONFIGSWAP guard mincoreswap also fields migration/hwpoison entries and shmem swapin-error entries, which can exist on !CONFIGSWAP builds when CONFIGMIGRATION or CONFIGMEMORYFAILURE is...

5.8AI score0.00154EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2026/06/30 3:40 p.m.23 views

Silent Swap Crypto Clipper Uses Fake Google Notes Extension to Replace Wallet Addresses

Cybersecurity researchers have flagged an active browser extension campaign that is designed to steal cryptocurrency by stealthily replacing wallet addresses when unsuspecting users initiate a transaction. The cryptocurrency clipper activity has been codenamed Silent Swap by McAfee Labs. "The...

5.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/29 7:50 p.m.5 views

kernel: mm/page_alloc: clear page->private in free_pages_prepare()

A flaw was found in the Linux kernel's memory management subsystem. When pages are freed, the page-private field is not properly cleared. If these pages are later reallocated as high-order pages and split, the tail pages can retain stale page-private values. This can lead to a use-after-free...

7.8CVSS7AI score0.0013EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/27 12:0 a.m.11 views

EulerOS 2.0 SP15 : vim (EulerOS-SA-2026-2513)

According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob function on...

8.2CVSS7.5AI score0.01162EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/06/27 12:0 a.m.9 views

EulerOS 2.0 SP15 : vim (EulerOS-SA-2026-2472)

According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob function on...

8.2CVSS7.5AI score0.01162EPSS
Exploits0References10
NVD
NVD
added 2026/06/26 9:16 p.m.8 views

CVE-2026-52885

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.4, NppCommands.cpp checks the HMAC of the on-disk shortcuts.xml at the moment a user command fires Time-of-Check. However, the command payload is taken from the in-memory userCommands vector, which is populated at application...

7.5CVSS0.00129EPSS
Exploits2References2
Cvelist
Cvelist
added 2026/06/26 8:19 p.m.37 views

CVE-2026-52885 Notepad++ TOCTOU: HMAC Checks Disk, Executes from Memory

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.4, NppCommands.cpp checks the HMAC of the on-disk shortcuts.xml at the moment a user command fires Time-of-Check. However, the command payload is taken from the in-memory userCommands vector, which is populated at application...

7.5CVSS0.00129EPSS
Exploits2References2
CVE
CVE
added 2026/06/26 8:19 p.m.38 views

CVE-2026-52885

Notepad++ Notepad++ v8.9.6.4 fixes a TOCTOU vulnerability (CVE-2026-52885) where the on-disk HMAC of shortcuts.xml is checked at trigger time while the command payload is loaded into memory at startup and never synchronized. An attacker with write access to shortcuts.xml can plant a malicious fil...

7.5CVSS6AI score0.00129EPSS
Exploits2References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/26 5:20 p.m.11 views

CVE-2026-57454

A flaw was found in Vim, an open source command-line text editor. A local attacker could exploit this vulnerability by providing a specially crafted undo or swap file. When Vim processes this file, an out-of-bounds read occurs, which can lead to the disclosure of sensitive information from memory...

6.8CVSS5.7AI score0.00119EPSS
Exploits0References6
OSV
OSV
added 2026/06/25 10:34 p.m.4 views

GO-2026-5668 Docker: Race condition in docker cp allows creation of arbitrary empty files on the host via symlink swap in github.com/docker/docker

Docker: Race condition in docker cp allows creation of arbitrary empty files on the host via symlink swap in github.com/docker/docker...

6.1CVSS6AI score0.00108EPSS
Exploits0References2
Rows per page
Query Builder