Lucene search
K

3953 matches found

EUVD
EUVD
added 2026/06/25 4:33 a.m.5 views

EUVD-2026-39168

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with maintainer-role permissions to make requests to internal network resources through...

5.9AI score0.00153EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 4:33 a.m.42 views

CVE-2026-12635 Reliance on Reverse DNS Resolution for a Security-Critical Action in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with maintainer-role permissions to make requests to internal network resources through...

0.00153EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 4:33 a.m.62 views

CVE-2026-12635

CVE-2026-12635 affects GitLab CE/EE prior to patch versions 18.11.6, 19.0.3, and 19.1.1. The root cause is improper URL validation that could allow an authenticated user with maintainer permissions to request internal network resources via mirror synchronization. The issue is documented across mu...

3.1CVSS5.9AI score0.00153EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.7 views

PT-2026-52199

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 8.3 through 18.11.5 GitLab CE/EE versions 19.0 through 19.0.2 GitLab CE/EE versions 19.1 through 19.1.0 Description Improper URL validation in mirror synchronization allows an authenticated user with maintainer-role...

3.1CVSS5.8AI score0.00153EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.10 views

GitLab 8.3 < 18.11.6 / 19.0 < 19.0.3 / 19.1 < 19.1.1 (CVE-2026-12635)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an...

3.1CVSS5.9AI score0.00153EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/24 6:32 p.m.4 views

EUVD-2026-38892

In the Linux kernel, the following vulnerability has been resolved: greybus: raw: fix use-after-free if write is called after disconnect If a user writes to the chardev after disconnect has been called, the kernel panics with the following trace with CONFIGINITONFREEDEFAULTON=y: BUG: kernel NULL...

5.7AI score0.00129EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 6:32 p.m.3 views

EUVD-2026-38888

In the Linux kernel, the following vulnerability has been resolved: um: Fix potential race condition in TLB sync During the TLB sync, we need to traverse and modify the page table, so we should hold the page table lock. Since full SMP support for threads within the same process is still missing,...

5.8AI score0.0012EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/24 5:52 p.m.12 views

CVE-2026-49980

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until 1.74.3, rclone rcd --rc-serve accepts unauthenticated GET and HEAD requests to paths of the form: /remote:path/object. The remote value is parsed from the URL and passed...

9.8CVSS6AI score0.00701EPSS
Exploits0
NVD
NVD
added 2026/06/24 5:17 p.m.7 views

CVE-2026-54906

concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::ReadWriteLockreleasewritelock does not verify that the calling thread acquired the write lock. Any thread with access to the lock object can release an active write lock held by another thread. A second writer can...

9.8CVSS0.0016EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 5:17 p.m.6 views

CVE-2026-53024

In the Linux kernel, the following vulnerability has been resolved: greybus: raw: fix use-after-free if write is called after disconnect If a user writes to the chardev after disconnect has been called, the kernel panics with the following trace with CONFIGINITONFREEDEFAULTON=y: BUG: kernel NULL...

7.8CVSS0.00129EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 4:29 p.m.7 views

CVE-2026-53024

Summary: CVE-2026-53024 affects the Linux kernel Greybus raw subsystem. A use-after-free can occur when a user writes to a chardev after disconnect, because gb_connection_destroy frees the connection object during disconnect and a subsequent write may access that freed object, potentially trigger...

7.8CVSS5.7AI score0.00129EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.26 views

CVE-2026-53020 um: Fix potential race condition in TLB sync

In the Linux kernel, the following vulnerability has been resolved: um: Fix potential race condition in TLB sync During the TLB sync, we need to traverse and modify the page table, so we should hold the page table lock. Since full SMP support for threads within the same process is still missing,...

7.8CVSS0.0012EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: bpf: There is a race condition where irqwork can be queued in bpfringbufcommit, but the ring buffer is freed before the work executes. In the syzbot reproducer, a BPF program attached to schedswitch triggers bpfringbufcommit, whi...

6AI score0.00161EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.2 views

Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net: stmmac – ensure that ptprate is not set to 0 before configuring EST. If the value of ptprate, which was previously recorded in the driver, happens to be 0, this invalid value will be propagated up to the EST configuration,...

5.5CVSS5.7AI score0.00158EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 8:16 a.m.7 views

CVE-2026-52918

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: serialize acceptq access btsockpoll walks the accept queue without synchronization, while child teardown can unlink the same socket and drop its last reference. The unsynchronized accept queue walk has existed since th...

8.8CVSS0.00266EPSS
Exploits0References8
OSV
OSV
added 2026/06/24 8:16 a.m.5 views

UBUNTU-CVE-2026-52925

In the Linux kernel, the following vulnerability has been resolved: vrf: Fix a potential NPD when removing a port from a VRF RCU readers that identified a net device as a VRF port using netifisl3slave assume that a subsequent call to netdevmasterupperdevgetrcu will return a VRF device. They then...

5.7AI score0.00164EPSS
Exploits0References11
CVE
CVE
added 2026/06/24 7:14 a.m.11 views

CVE-2026-52925

The CVE-2026-52925 entry relates to the Linux kernel VRF handling. The vulnerability arose from a race where an RCU reader identifying a net device as a VRF port could dereference l3mdev operations of a master device (e.g., a bridge) after netdev_master_upper_dev_get_rcu() returned it as a VRF de...

5.8AI score0.00164EPSS
Exploits0References8
CVE
CVE
added 2026/06/24 7:14 a.m.7 views

CVE-2026-52918

The CVE-2026-52918 entry concerns a race in the Linux kernel Bluetooth subsystem. Specifically, bt_sock_poll() traverses the accept_q without proper synchronization, allowing a race between normal polling and child socket teardown which can drop the last reference on the same socket. The advisory...

8.8CVSS5.7AI score0.00266EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.6 views

PT-2026-51885

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists between the pressure write operation and the cgroup file release process. This occurs because the priv member of the struct kernfs open file is not sufficiently...

7.8CVSS5.9AI score0.00104EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51914

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists during Translation Lookaside Buffer TLB synchronization, which is a process used to maintain consistency between the CPU cache and the main memory page tables. Th...

7.8CVSS5.8AI score0.0012EPSS
Exploits0References4
Rows per page
Query Builder