Lucene search
K

5771 matches found

AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: Bonding: Annotate the data races around slave-lastrx. slave-lastrx and slave-targetlastarprx... can be read and written without locking. Add READONCE and WRITEONCE annotations. syzbot reported: BUG: KCSAN: Data race in...

4.7CVSS5.8AI score0.00086EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: scsi: target: The ttaskcdb pointer is reset in the error case. If the allocation of cmd-ttaskcdb fails, it remains NULL, but it is later referenced in the ‘err’ path. In case of an error, the NULL ttaskcdb value is reset to point...

5.9AI score0.00173EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 1:10 p.m.6 views

OESA-2026-2702 busybox security update

BusyBox combines tiny versions of many common UNIX utilities into a single small executable. It provides replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc. It provides a fairly complete environment for any small or embedded system. Security Fixes: BusyBox...

6.5CVSS7.1AI score0.00285EPSS
Exploits1References2
OSV
OSV
added 2026/06/24 1:10 p.m.14 views

OESA-2026-2701 busybox security update

BusyBox combines tiny versions of many common UNIX utilities into a single small executable. It provides replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc. It provides a fairly complete environment for any small or embedded system. Security Fixes: BusyBox...

6.5CVSS7.1AI score0.00285EPSS
Exploits1References2
OSV
OSV
added 2026/06/24 1:10 p.m.5 views

OESA-2026-2700 busybox security update

BusyBox combines tiny versions of many common UNIX utilities into a single small executable. It provides replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc. It provides a fairly complete environment for any small or embedded system. Security Fixes: BusyBox...

6.5CVSS7.1AI score0.00285EPSS
Exploits1References2
NVD
NVD
added 2026/06/23 4:17 p.m.23 views

CVE-2026-55568

Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, in certain configurations, traffic expected to be protected by TLS on the hop to the proxy is transmitted in cleartext. Proxy authentication credentials the Proxy-Authorization header, proxy userinfo in the proxy URL, or CURLOPTPROXYUSERPW...

5.9CVSS0.00106EPSS
Exploits0References1
OSV
OSV
added 2026/06/23 4:11 p.m.7 views

MAL-2026-6317 Malicious code in ts-bn-lint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e591f0b407bc22e3abe20da9207df2d2922f75d98ab97aaa62557ca88b8fc349 [email protected] is a credential harvester disguised as a TypeScript/lint utility. index.js defines decodeStr which base64-decodes all operationally...

5.9AI score
Exploits0References2
CVE
CVE
added 2026/06/23 3:35 p.m.14 views

CVE-2026-56694

NanoClaw

5.4CVSS5.9AI score0.00171EPSS
Exploits0References3
OSV
OSV
added 2026/06/22 10:16 p.m.3 views

DEBIAN-CVE-2026-44889

WebOb provides objects for HTTP requests and responses. Prior to 1.8.10, the normalization of the HTTP Location header during a redirect is vulnerable to an open redirect: WebOb joins the redirect target to the request URI using Python's urljoin, and since Python 3.10 the underlying urlsplit stri...

6.1CVSS5.9AI score0.00161EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 9:30 p.m.55 views

CVE-2026-44889

WebOb (HTTP request/response utilities) is affected prior to version 1.8.10 by an open redirect in Location header normalization during redirects. The vulnerability arises from how WebOb uses urljoin/urlsplit to combine the redirect target with the request URL; since Python 3.10, urlsplit strips ...

6.1CVSS5.9AI score0.00161EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/22 9:1 p.m.5 views

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

6.4CVSS7AI score0.00292EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/22 1:41 p.m.4 views

CVE-2026-8823

Mattermost versions 11.7.x = 11.7.0, 10.11.x = 10.11.17 fail to validate bot targets when demoting users to guests which allows a lower-privileged administrator to degrade arbitrary bot accounts via the standard demote-user API.. Mattermost Advisory ID: MMSA-2026-00669...

3.8CVSS6AI score0.00231EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/22 3:17 a.m.8 views

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

6.4CVSS5.8AI score0.00292EPSS
Exploits0References8
Metasploit
Metasploit
added 2026/06/19 7:3 p.m.240 views

Joplin Plugin Persistence

This module installs a malicious Joplin plugin .jpl into the target's Joplin plugin directory. The plugin executes the payload each time Joplin is launched, providing persistent code execution. Joplin can not be running at the time of plugin installation, or it will be overwriten at shutdown. The...

6AI score
Exploits0
NVD
NVD
added 2026/06/19 2:16 p.m.14 views

CVE-2026-9143

There is an incorrect conversion between numeric types vulnerability in NI grpc-device due to missing range checks in CodeGen. This may silently discard high bits if a size value exceeded the target type's range. This affects NI grpc-device 2.17.0 and prior versions...

6.3CVSS0.0018EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux

In the drivers/target/targetcorexcopy.c file within the Linux kernel, prior to version 5.10.7, insufficient identifier checking in the LIO SCSI target code could be exploited by remote attackers to read or write files through directory traversal in an XCOPY request, known as CID-2896c93811e3. For...

8.1CVSS6.6AI score0.06563EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.13 views

PT-2026-51047

Name of the Vulnerable Software and Affected Versions py7zr version 1.1.0 Description An arbitrary file write issue exists when using the extractall function to extract an archive. The software fails to properly restrict the targets of symbolic links, allowing crafted malicious symbolic link chai...

8CVSS6.3AI score0.00404EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/06/19 12:0 a.m.8 views

Oracle Enterprise Manager Cloud Control (June 2026 CSPU)

The 13.5 and 24.1 versions of Enterprise Manager Base Platform installed on the remote host are affected by multiple vulnerabilities as referenced in the June 2026 CSPU advisory. - Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Target...

9.9CVSS6.7AI score0.0086EPSS
Exploits1References22
NVD
NVD
added 2026/06/18 1:25 p.m.14 views

CVE-2026-8811

SEPPmail versions before 15.0.5 allow improper handling of attachment filenames during encrypted PDF generation. An attacker can exploit this to create new files outside the intended directory, potentially placing files in web-accessible locations...

7.1CVSS0.00319EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/18 9:5 a.m.22 views

CVE-2026-8811 Path traversal in PDF generation module

SEPPmail versions before 15.0.5 allow improper handling of attachment filenames during encrypted PDF generation. An attacker can exploit this to create new files outside the intended directory, potentially placing files in web-accessible locations...

7.1CVSS0.00319EPSS
Exploits0References1
Rows per page
Query Builder