Lucene search
K

4663 matches found

Cvelist
Cvelist
added 2026/06/12 3:54 p.m.26 views

CVE-2026-7387 Mattermost group syncable endpoints allow privilege escalation via scheme_admin

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 Mattermost fails to require role-management authorization when setting the schemeadmin flag on group syncable link and patch endpoints, which allows a user with group-link permissions to escalate themselv...

8.8CVSS0.00298EPSS
Exploits0References1
OSV
OSV
added 2026/06/11 12:0 p.m.26 views

RUSTSEC-2026-0177 Missing `Sync` bound on `PyCFunction::new_closure` closures

PyCFunction::newclosure and the temporary newclosurebound complement in the 0.21–0.22 series required the supplied closure to be Send + 'static but not Sync. The resulting PyCFunction is a Python callable that can be invoked from any Python thread, which means the closure may be called concurrent...

5.5AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/11 8:59 a.m.9 views

CVE-2026-49270

A flaw was found in Apache ActiveMQ. An unauthenticated attacker can exploit this vulnerability when brokers are configured with a network connector with syncDurableSubs set to true. By sending a BrokerInfo command, the attacker can receive a list of all durable topic subscriptions, including...

7.5CVSS5.6AI score0.00328EPSS
Exploits0References5
OSV
OSV
added 2026/06/10 7:33 p.m.6 views

GHSA-QVV5-JQ5G-4CGG Baileys has message upsert / hist sync spoofing and app state corruption when using maliciously crafted protocolMessage payload

Impact Any baileys session under the latest version false in socket config. There are no workarounds for the app state sync jamming...

9.3CVSS5.4AI score0.00018EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/10 7:33 p.m.13 views

Baileys has message upsert / hist sync spoofing and app state corruption when using maliciously crafted protocolMessage payload

Impact Any baileys session under the latest version false in socket config. There are no workarounds for the app state sync jamming...

5.4AI score0.00018EPSS
Exploits0References3Affected Software2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.40 views

PT-2026-48544

Name of the Vulnerable Software and Affected Versions Baileys versions prior to 6.7.22 Baileys versions prior to 7.0.0-rc12 Description An authentication-bypass-by-spoofing flaw allows a remote unauthenticated attacker to send a maliciously crafted protocolMessage payload via the...

9.3CVSS5.7AI score0.00018EPSS
Exploits0References7
Microsoft CVE
Microsoft CVE
added 2026/06/09 2:0 p.m.10 views

Chromium: CVE-2026-11034 Insufficient validation of untrusted input in Tab Group Sync

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

6.1CVSS5.4AI score0.00182EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/06/09 8:1 a.m.10 views

Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in syncchangecounter()

...

7.8CVSS5.4AI score0.0014EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2026/06/09 12:0 a.m.8 views

X.Org Server SyncAwaitFence Use-After-Free Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of...

7.8CVSS6AI score0.00264EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/08 4:17 p.m.11 views

EUVD-2026-35129

A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, enabling denial of service. Additional race conditions in plugin thread lifecycle can cause crashes during...

6.5CVSS5.4AI score0.00244EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:50 p.m.6 views

CVE-2026-46314

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Reject empty multisync extension to prevent infinite loop v3dgetextensions walks a userspace-provided singly-linked list of ioctl extensions without any bound on the chain length. A local user can craft a self-referentia...

5.4AI score0.00157EPSS
Exploits0References5Affected Software1
The Hacker News
The Hacker News
added 2026/06/08 10:27 a.m.16 views

VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances

A China-nexus cyber espionage group has been observed deploying a BSD variant of a known backdoor called BRICKSTORM, as well as two other malware families codenamed PLENET aka GRIMBOLT and AGENTPSD to target Linux systems. The activity has been attributed by Volexity to a threat cluster it tracks...

10CVSS8.1AI score0.13131EPSS
Exploits1
Amazon
Amazon
added 2026/06/08 12:0 a.m.11 views

Important: xorg-x11-server

Issue Overview: A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow during font alias resolution. The server allocates a 256 byte stack buffer but...

7.8CVSS6AI score0.00165EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.10 views

Important: xorg-x11-server-Xwayland

Issue Overview: A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow during font alias resolution. The server allocates a 256 byte stack buffer but...

7.8CVSS6AI score0.00165EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.12 views

PT-2026-47385

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A local user can cause an infinite loop in the kernel context by crafting a self-referential extension where ext-next == &ext with zero in sync count and out sync count. This occurs...

9.8CVSS5.2AI score0.00457EPSS
Exploits1References73
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.13 views

TencentOS Server 4: xorg-x11-server (TSSA-2026:0294)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0294 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

7.8CVSS5.6AI score0.0038EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.10 views

Amazon Linux 2 : xorg-x11-server, --advisory ALAS2-2026-3336 (ALAS-2026-3336)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3336 advisory. A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer...

7.8CVSS7.4AI score0.00485EPSS
Exploits0References20
RedhatCVE
RedhatCVE
added 2026/06/07 8:59 a.m.19 views

CVE-2026-2500

The Quick Playground plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.4. This is due to the qckplydata function passing the user-supplied filename POST parameter directly to filegetcontents without any validation, sanitization, or path restriction. Th...

4.4CVSS5.4AI score0.00315EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/07 4:48 a.m.9 views

CVE-2026-11034

An insufficient validation of untrusted input flaw was found in the Tab Group Sync component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=497934980...

8.1CVSS5.4AI score0.00182EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/06/07 4:47 a.m.9 views

SUSE CVE-2026-11034

Insufficient validation of untrusted input in Tab Group Sync in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via malicious network traffic. Chromium security severity: Medium...

6.1CVSS5.6AI score0.00182EPSS
Exploits0References2
Rows per page
Query Builder