Lucene search
K

158 matches found

OSV
OSV
added 2026/06/23 5:17 p.m.3 views

UBUNTU-CVE-2026-56114

dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a one-byte stack out-of-bounds write vulnerability in dhcp6makemessage in src/dhcp6.c that allows unauthenticated same-link attackers to write beyond a fixed local buffer by serializing an oversized RFC6603 OPTIONPDEXCLUDE option body...

6.5CVSS6AI score0.00175EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/21 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2025-70102

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A NULL pointer dereference occurs in Roy Marples NetworkConfiguration/dhcpcd 10.3.0 while parsing configuration options. In parseoption src/if-options.c:1886, t...

6.3CVSS6AI score0.00169EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Mariadb 10.3

It has been discovered that MariaDB Server v10.6.3 and earlier contain a use-after-free in the VDec::VDec component at /sql/sqltype.cc...

7.5CVSS7.6AI score0.02125EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Mariadb 10.3

It has been discovered that MariaDB Server v10.9 and below contains a segmentation fault through the component sql/itemfunc.cc:148...

7.5CVSS7.5AI score0.02211EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Mariadb 10.3

MariaDB before version 10.6.2 allows an application to crash due to improper handling of a pushdown from a HAVING clause to a WHERE clause...

5.5CVSS7.1AI score0.00391EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Mariadb 10.3

It was discovered that MariaDB v10.7 contains a use-after-poison issue in the interceptormemset function located at /libsanitizer/sanitizercommon/sanitizercommoninterceptors.inc...

7.5CVSS7.4AI score0.02082EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Mariadb 10.3

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. The supported versions affected are 5.7.43 and earlier, 8.0.34 and earlier, and 8.1.0 and earlier. This easily exploitable vulnerability allows a high-privilege attacker with network access via multiple protocols to...

4.9CVSS5.7AI score0.01782EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 4:9 p.m.15 views

EUVD-2026-35496

md-fileserver allows for local viewing of markdown files in a browser. Prior to version 1.10.3, a cross-site scripting XSS vulnerability exists in the application’s Markdown rendering logic. When user-supplied Markdown content is rendered, embedded raw HTML—including tags—is processed and injecte...

7.2CVSS5.4AI score0.00213EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/08 5:43 p.m.14 views

Important: Red Hat Security Advisory: multicluster engine for Kubernetes v2.10.3 security update

The multicluster engine for Kubernetes 2.10 General Availability release images, which add new features and enhancements, bug fixes, and updated container images. The multicluster engine for Kubernetes v2.10 images The multicluster engine for Kubernetes provides the foundational components that a...

10CVSS6.4AI score0.01557EPSS
Exploits7References9
CVE
CVE
added 2026/05/27 5:27 p.m.40 views

CVE-2026-42553

Cinny (Matrix client) before version 4.10.3 is affected by a token-disclosure vulnerability in two parts: (1) EmojiBoard fallback uses an untrusted pack.meta.avatar as a MXC URL, enabling an attacker-controlled HTTP(S) URL in a malicious emote pack; (2) the service worker attaches the user’s Auth...

7.1CVSS5.9AI score0.00302EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.11 views

PT-2026-40315

Pillow is a Python imaging library. From version 10.3.0 to before version 12.2.0, processing a malicious PSD file could lead to memory corruption, potentially resulting in a crash or arbitrary code execution. This issue has been patched in version 12.2.0...

8.6CVSS6AI score0.0015EPSS
Exploits0References6
Fedora
Fedora
added 2026/04/25 1:55 a.m.7 views

[SECURITY] Fedora 44 Update: qt6-qtdatavis3d-6.10.3-1.fc44

Qt Data Visualization module provides multiple graph types to visualize data in 3D space both with C++ and Qt Quick 2...

5.3AI score
Exploits0
UbuntuCve
UbuntuCve
added 2026/04/17 12:0 a.m.8 views

CVE-2026-40192

Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attacks. A specially crafted FITS file could cause unbounded memory consumption, leading to denial of...

8.7CVSS5.7AI score0.00671EPSS
Exploits0References4
NVD
NVD
added 2026/04/15 11:16 a.m.11 views

CVE-2026-30778

The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL. This issue affects Apache SkyWalking: from 9.7.0 through 10.3.0. Users are recommended to upgrade to version 10.4.0, which fixes the issue...

7.5CVSS0.00544EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/15 10:54 a.m.5 views

CVE-2026-30778

The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL. This issue affects Apache SkyWalking: from 9.7.0 through 10.3.0. Users are recommended to upgrade to version 10.4.0, which fixes the issue...

5.8AI score0.00544EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/04/10 4:39 p.m.13 views

CVE-2026-40100

CVE-2026-40100 affects FastGPT prior to version 4.14.10.3. The /api/core/app/mcpTools/runTool endpoint accepts arbitrary URLs without authentication; the internal IP check in isInternalAddress() only blocks private IPs when CHECK_INTERNAL_IP is true (not the default), enabling unauthenticated SSR...

5.3CVSS5.9AI score0.00253EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.4 views

GitLab 12.10 < 18.8.9 / 18.9 < 18.9.5 / 18.10 < 18.10.3 (CVE-2026-1092)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an unauthenticated user to cause...

7.5CVSS7.4AI score0.00552EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/04/02 6:16 p.m.10 views

CVE-2026-35414

OpenSSH before 10.3 mishandles the authorizedkeys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters...

8.1CVSS5.8AI score0.00176EPSS
Exploits0References3
NVD
NVD
added 2026/04/02 5:16 p.m.2 views

CVE-2026-35387

OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms...

6.5CVSS0.00237EPSS
Exploits0References3
OSV
OSV
added 2026/04/02 5:16 p.m.11 views

DEBIAN-CVE-2026-35385

In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O legacy scp protocol and without -p preserve mode...

8.1CVSS5.2AI score0.00419EPSS
Exploits0References1
Rows per page
Query Builder