Lucene search
+L

54 matches found

OSV
OSV
added 2026/06/23 4:11 p.m.9 views

MAL-2026-6317 Malicious code in ts-bn-lint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e591f0b407bc22e3abe20da9207df2d2922f75d98ab97aaa62557ca88b8fc349 [email protected] is a credential harvester disguised as a TypeScript/lint utility. index.js defines decodeStr which base64-decodes all operationally...

5.9AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/27 5:16 p.m.13 views

CVE-2026-44521

elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Prior to 2.1.68, an authenticated SQL injection vulnerability in the elFinder MySQL volume driver elFinderVolumeMySQL allows any logged-in user, including users with read-only access to the affected volume, to...

8.8CVSS5.9AI score0.00243EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.15 views

elFinder SQL注入漏洞

ElFinder is an open-source web file manager developed by Studio 42. Versions of ElFinder prior to 2.1.68 contained a SQL injection vulnerability. This vulnerability stemmed from an SQL injection flaw in the MySQL volume driver, allowing any logged-in user to inject SQL statements through a...

8.8CVSS5.9AI score0.00243EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.10 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: target: file: Use kzallocflex for aiocmd The targetcorefile does not initialize the aiocmd-iocb for the kiwritestream. When the writecommand fdexecuterwaio is executed, we may receive an invalid value for kiwritestream,...

7.5CVSS6.3AI score0.00358EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.10 views

Unity Linux 20.1060e / 20.1070e Security Update: glib2 (UTSA-2026-017541)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017541 advisory. An issue was discovered in GNOME GLib before 2.66.8. When gfilereplace is used with GFILECREATEREPLACEDESTINATION to replace a path that is a dangling symlink, it...

5.3CVSS6.8AI score0.02622EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/05/09 2:43 a.m.20 views

SUSE CVE-2026-39819

The "go bug" command writes to two files with predictable names in the system temporary directory for example, "/tmp". An attacker with access to the temporary directory can create a symlink in one of these names, causing "go bug" to overwrite the target of the symlink...

5.3CVSS5.8AI score0.00179EPSS
Exploits0References15
SUSE CVE
SUSE CVE
added 2026/05/06 1:40 a.m.10 views

SUSE CVE-2026-43055

In the Linux kernel, the following vulnerability has been resolved: scsi: target: file: Use kzallocflex for aiocmd The targetcorefile doesn't initialize the aiocmd-iocb for the kiwritestream. When a write command fdexecuterwaio is executed, we may get a bogus kiwritestream value, causing unintend...

7.5CVSS5.7AI score0.00358EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/05 11:25 a.m.8 views

CVE-2026-43529 OpenClaw < 2026.4.10 - Time-of-Check-Time-of-Use (TOCTOU) Race Condition in exec Script Preflight Validator

OpenClaw before 2026.4.10 contains a time-of-check-time-of-use vulnerability in the validateScriptFileForShellBleed function that allows local attackers to bypass workspace boundary checks. An attacker with workspace write access can race-condition swap the target file between validation and...

2.5CVSS5.8AI score0.00079EPSS
Exploits0References3
OSV
OSV
added 2026/05/05 11:25 a.m.5 views

CVE-2026-43529 OpenClaw < 2026.4.10 - Time-of-Check-Time-of-Use (TOCTOU) Race Condition in exec Script Preflight Validator

OpenClaw before 2026.4.10 contains a time-of-check-time-of-use vulnerability in the validateScriptFileForShellBleed function that allows local attackers to bypass workspace boundary checks. An attacker with workspace write access can race-condition swap the target file between validation and...

2CVSS6AI score0.00079EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-43055

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scsi: target: file: Use kzallocflex for aiocmd The targetcorefile doesn't initialize the aiocmd-iocb for the kiwritestream. When a write command fdexecuterwaio ...

7.5CVSS7AI score0.00358EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/01 7:7 p.m.8 views

CVE-2026-43055

A flaw was found in the Linux kernel's SCSI target file module. When a write command is executed, the aiocmd-iocb for the kiwritestream is not initialized. This can lead to an incorrect kiwritestream value, causing unintended write failures in the block device. This vulnerability can result in a...

7.5CVSS5.8AI score0.00358EPSS
Exploits0References4
NVD
NVD
added 2026/05/01 3:16 p.m.6 views

CVE-2026-43055

In the Linux kernel, the following vulnerability has been resolved: scsi: target: file: Use kzallocflex for aiocmd The targetcorefile doesn't initialize the aiocmd-iocb for the kiwritestream. When a write command fdexecuterwaio is executed, we may get a bogus kiwritestream value, causing unintend...

7.5CVSS0.00358EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/01 2:15 p.m.2 views

CVE-2026-43055

In the Linux kernel, the following vulnerability has been resolved: scsi: target: file: Use kzallocflex for aiocmd The targetcorefile doesn't initialize the aiocmd-iocb for the kiwritestream. When a write command fdexecuterwaio is executed, we may get a bogus kiwritestream value, causing unintend...

5.7AI score0.00358EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/05/01 2:15 p.m.5 views

EUVD-2026-26654

In the Linux kernel, the following vulnerability has been resolved: scsi: target: file: Use kzallocflex for aiocmd The targetcorefile doesn't initialize the aiocmd-iocb for the kiwritestream. When a write command fdexecuterwaio is executed, we may get a bogus kiwritestream value, causing unintend...

5.7AI score0.00358EPSS
Exploits0References3
OSV
OSV
added 2026/05/01 2:15 p.m.2 views

CVE-2026-43055 scsi: target: file: Use kzalloc_flex for aio_cmd

In the Linux kernel, the following vulnerability has been resolved: scsi: target: file: Use kzallocflex for aiocmd The targetcorefile doesn't initialize the aiocmd-iocb for the kiwritestream. When a write command fdexecuterwaio is executed, we may get a bogus kiwritestream value, causing unintend...

7.5CVSS6.5AI score0.00358EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/22 4:8 p.m.4 views

CVE-2026-35364 uutils coreutils mv Arbitrary File Overwrite via Cross-Device TOCTOU Race Condition

A Time-of-Check to Time-of-Use TOCTOU race condition exists in the mv utility of uutils coreutils during cross-device operations. The utility removes the destination path before recreating it through a copy operation. A local attacker with write access to the destination directory can exploit thi...

6.3CVSS5.9AI score0.00091EPSS
Exploits1References1
Metasploit
Metasploit
added 2026/01/14 6:54 p.m.319 views

Linux Chmod

Runs chmod on the specified file with specified mode. Module Options msf use payload/linux/armle/chmod msf payloadchmod show actions ...actions... msf payloadchmod set ACTION msf payloadchmod show options ...show and set options... msf payloadchmod run This module requires Metasploit:...

5.8AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/01/14 9:53 a.m.4 views

kernel: smb: client: fix race with concurrent opens in rename(2)

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix race with concurrent opens in rename2 Besides sending the rename request to the server, the rename process also involves closing any deferred close, waiting for outstanding I/O to complete as well as marking all...

4.7CVSS5.7AI score0.00101EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/01/14 12:26 a.m.4 views

kernel: smb: client: fix race with concurrent opens in rename(2)

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix race with concurrent opens in rename2 Besides sending the rename request to the server, the rename process also involves closing any deferred close, waiting for outstanding I/O to complete as well as marking all...

4.7CVSS5.7AI score0.00101EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/01/01 6:11 p.m.180 views

Exploit for Improper Handling of Length Parameter Inconsistency in Mongodb

MongoBleed CVE-2025-14847 – Vulnerability Checker Systemhaus Sc...

8.7CVSS6.7AI score0.83007EPSS
Exploits39
Rows per page
Query Builder