Lucene search
K

3946 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: TCP: Timers for kernel sockets are properly terminated. We received various reports from syzbot that indicated that TCP timers would still fire even after the corresponding netns has been dismantled. Fortunately, Josef Bacik was...

5.8CVSS6.1AI score0.00225EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: ftrace: Fixed a use-after-free issue related to dynamic ftraceops. KASAN reported a use-after-free when using ftrace. It was discovered that perf registered two ftrace operations with the same content, both being dynamic. Afte...

7.8CVSS6.2AI score0.00188EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/19 5:3 a.m.6 views

Incorrect Synchronization

Overview Affected versions of this package are vulnerable to Incorrect Synchronization in the doProlog function in xmlparse.c due to improper handling of scaffold backing array reallocation when data structures are shared across multiple parsers. An attacker can achieve arbitrary code execution o...

7.5CVSS6.6AI score0.00088EPSS
Exploits0References2
NVD
NVD
added 2026/06/18 2:17 p.m.10 views

CVE-2026-42487

HVM guest I/O port accesses are subject to either emulation or at least translation. Translations are managed by the device model via XENDOMCTLioportmapping, and hence the linked list used may changed at any time. Traversal of those lists while handling guest I/O port accesses therefore needs...

7.9CVSS0.00095EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/18 1:46 p.m.6 views

CVE-2026-42487

HVM guest I/O port accesses are subject to either emulation or at least translation. Translations are managed by the device model via XENDOMCTLioportmapping, and hence the linked list used may changed at any time. Traversal of those lists while handling guest I/O port accesses therefore needs...

7.9CVSS5.2AI score0.00095EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/18 1:46 p.m.14 views

CVE-2026-42487 x86 HVM I/O port list traversal

HVM guest I/O port accesses are subject to either emulation or at least translation. Translations are managed by the device model via XENDOMCTLioportmapping, and hence the linked list used may changed at any time. Traversal of those lists while handling guest I/O port accesses therefore needs...

0.00095EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/18 1:46 p.m.8 views

CVE-2026-42487

HVM guest I/O port accesses are subject to either emulation or at least translation. Translations are managed by the device model via XENDOMCTLioportmapping, and hence the linked list used may changed at any time. Traversal of those lists while handling guest I/O port accesses therefore needs...

7.9CVSS5.2AI score0.00095EPSS
Exploits0
EUVD
EUVD
added 2026/06/18 1:46 p.m.9 views

EUVD-2026-37888

HVM guest I/O port accesses are subject to either emulation or at least translation. Translations are managed by the device model via XENDOMCTLioportmapping, and hence the linked list used may changed at any time. Traversal of those lists while handling guest I/O port accesses therefore needs...

7.9CVSS5.3AI score0.00095EPSS
Exploits0References1
CVE
CVE
added 2026/06/18 1:46 p.m.47 views

CVE-2026-42487

CVE-2026-42487 concerns the Xen hypervisor’s handling of x86 HVM I/O port list traversal. The root cause stated in the sources is that traversal of the linked list used for guest I/O port accesses requires synchronization with updates to the translation/mapping (XEN_DOMCTL_ioport_mapping), but th...

7.9CVSS5.2AI score0.00095EPSS
Exploits0References3
CVE
CVE
added 2026/06/17 8:33 p.m.16 views

CVE-2026-48821

Shaarli versions ≤ 0.16.1 are affected by a DOM-based XSS in the Thumbnail Synchronizer. The ThumbnailsController::ajaxUpdate backend returns unescaped bookmark titles in JSON via an AJAX response, which are injected into the DOM by thumbnails-update.js using innerHTML. This requires an administr...

5.8CVSS5.3AI score0.0013EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/16 1:39 p.m.7 views

redis: Remote code execution via use-after-free in Lua scripting

A flaw was found in Redis, an in-memory data structure store. An authenticated attacker can exploit a use-after-free vulnerability in redis-server with Lua scripting. This occurs through the master-replica synchronization mechanism on replicas where replica-read-only is disabled or can be disable...

8.8CVSS5.5AI score0.01782EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/15 10:18 a.m.11 views

redis: Remote code execution via use-after-free in Lua scripting

A flaw was found in Redis, an in-memory data structure store. An authenticated attacker can exploit a use-after-free vulnerability in redis-server with Lua scripting. This occurs through the master-replica synchronization mechanism on replicas where replica-read-only is disabled or can be disable...

8.8CVSS5.5AI score0.01782EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2026/06/14 7:26 p.m.80 views

VulnPilot

VulnPilot VulnPilot is an automation framework for vulnerabil...

5.4AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/14 4:27 p.m.67 views

lab-purple-team

Lab Purple Team - Active Directory !screenshots/wazuhsecu...

5.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.13 views

PT-2026-48939

Name of the Vulnerable Software and Affected Versions Mattermost versions 11.6.0 through 11.6.1 Mattermost versions 11.5.0 through 11.5.4 Mattermost versions 10.11.0 through 10.11.16 Description Insufficient sanitization of the FileInfo.Name variable received from federated peers during shared...

7.6CVSS6AI score0.00294EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.13 views

PT-2026-49058

Name of the Vulnerable Software and Affected Versions gorest affected versions not specified Description A race condition exists in the InMemorySecret2FA in-memory 2FA secret store due to the use of a bare Go map without proper synchronization. Multiple HTTP handlers concurrently read from, write...

5.9CVSS5.9AI score0.00051EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.11 views

Xen: x86 HVM I/O Port List Traversal (XSA-491)

HVM guest I/O port accesses are subject to either emulation or at least translation. Translations are managed by the device model via XENDOMCTLioportmapping, and hence the linked list used may changed at any time. Traversal of those lists while handling guest I/O port accesses therefore needs...

7.9CVSS5.8AI score0.00095EPSS
Exploits0References2
RustSec
RustSec
added 2026/06/11 12:0 p.m.9 views

Missing `Sync` bound on `PyCFunction::new_closure` closures

PyCFunction::newclosure and the temporary newclosurebound complement in the 0.21–0.22 series required the supplied closure to be Send + 'static but not Sync. The resulting PyCFunction is a Python callable that can be invoked from any Python thread, which means the closure may be called concurrent...

5.5AI score
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/11 11:44 a.m.11 views

redis: Remote code execution via use-after-free in Lua scripting

A flaw was found in Redis, an in-memory data structure store. An authenticated attacker can exploit a use-after-free vulnerability in redis-server with Lua scripting. This occurs through the master-replica synchronization mechanism on replicas where replica-read-only is disabled or can be disable...

8.8CVSS5.6AI score0.01782EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/11 10:5 a.m.7 views

redis: Remote code execution via use-after-free in Lua scripting

A flaw was found in Redis, an in-memory data structure store. An authenticated attacker can exploit a use-after-free vulnerability in redis-server with Lua scripting. This occurs through the master-replica synchronization mechanism on replicas where replica-read-only is disabled or can be disable...

8.8CVSS5.6AI score0.01782EPSS
Exploits0References6
Rows per page
Query Builder