Lucene search
K

1297 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.14 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS : OpenEXR vulnerabilities (USN-8259-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8259-1 advisory. Quang Luong discovered that OpenEXR incorrectly handled sample count accumulation when...

8.8CVSS6.2AI score0.00482EPSS
Exploits4References4
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.28 views

Ubuntu 24.04 LTS : Linux kernel (Xilinx) vulnerabilities (USN-8261-1)

"The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8261-1 advisory. Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the...

9.8CVSS6.7AI score0.00812EPSS
Exploits15References609
Tenable Nessus
Tenable Nessus
added 2026/05/09 12:0 a.m.6 views

Debian dla-4575 : firefox-esr - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4575 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4575-1 [email protected]...

9.8CVSS5.9AI score0.00446EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/05/08 8:23 p.m.16 views

Wagtail has improper permission handling when copying pages

Impact A CMS user with limited access to pages could copy a page they don't have access to to an area of the site they do. Once copied, they'd be able to view its contents, and potentially publish it. Permissions were correctly checked for the copy destination, but not for the source page. Patche...

6.5CVSS5.8AI score0.00201EPSS
Exploits0References4Affected Software1
Debian
Debian
added 2026/05/07 7:59 a.m.12 views

[SECURITY] [DLA 4570-1] libdatetime-timezone-perl new timezone database

------------------------------------------------------------------------- Debian LTS Advisory DLA-4570-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort May 07, 2026 https://wiki.debian.org/LTS -...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.10 views

Debian dla-4569 : tzdata - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4569 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4569-1 [email protected] https://www.debian.org/lts/security/...

5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/06 8:57 p.m.7 views

Cross-site Scripting (XSS)

Overview openmage/magento-lts is a This repository is the home of an unofficial community-driven project. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the run process in the admin panel's import/export data flow profiles. An attacker can execute arbitrary scrip...

6.1CVSS5.8AI score0.00258EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/06 1:41 a.m.11 views

SUSE CVE-2026-43020

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: validate LTK encsize on load Load Long Term Keys stores the user-provided encsize and later uses it to size fixed-size stack operations when replying to LE LTK requests. An encsize larger than the 16-byte key...

5.5CVSS5.9AI score0.00129EPSS
Exploits0References7
OSV
OSV
added 2026/05/05 7:34 p.m.4 views

GHSA-8RM2-7QQF-34QM Prometheus: Remote read endpoint allows denial of service via crafted snappy payload

Impact The remote read endpoint /api/v1/read does not validate the declared decoded length in a snappy-compressed request body before allocating memory. An unauthenticated attacker can send a small payload that causes a huge heap allocation per request. Under concurrent load this can exhaust...

7.5CVSS5.8AI score0.00761EPSS
Exploits0References7
OSV
OSV
added 2026/05/05 3:51 p.m.8 views

JLSEC-2026-453

ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable...

7.8CVSS6.9AI score0.00923EPSS
Exploits1References23
Talos Blog
Talos Blog
added 2026/05/05 10:0 a.m.12 views

UAT-8302 and its box full of malware

Cisco Talos is disclosing UAT-8302, a sophisticated, China-nexus advanced persistent threat APT group targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025. After successful compromises, UAT-8302 deploys multiple custom-made...

8.8CVSS7.4AI score0.28261EPSS
Exploits0
Redos
Redos
added 2026/05/05 12:0 a.m.8 views

ROS-20260505-73-0003

Vulnerability in zabbix7-lts related to argument injection or modification. Exploitation of the vulnerability may allow an attacker to execute arbitrary commands...

6.1CVSS6.1AI score0.00251EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/03 12:0 a.m.7 views

Trojan Hippo: Weaponizing Agent Memory for Data Exfiltration

Memory systems enable otherwise-stateless LLM agents to persist user information across sessions, but also introduce a new attack surface. We characterize the Trojan Hippo attack, a class of persistent memory attacks that operates in a more realistic threat model than prior memory poisoning work:...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-43020

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: MGMT: validate LTK encsize on load Load Long Term Keys stores the user-provided encsize and later uses it to size fixed-size stack operations when...

7.8CVSS7AI score0.00129EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/01 11:17 p.m.8 views

CVE-2026-31773

A flaw was found in the Linux kernel's Bluetooth Security Manager Protocol SMP. The system incorrectly labels a Short Term Key STK as authenticated during legacy pairing, even when Man-in-the-Middle MITM protection was not established. This misrepresentation of the key's authentication status cou...

8.8CVSS5.8AI score0.00282EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/01 4:55 p.m.5 views

CVE-2026-43020

A flaw was found in the Linux kernel's Bluetooth management MGMT component. An attacker could exploit a vulnerability in how Long Term Keys LTK are loaded. By providing an oversized encryption size, a stack buffer overflow can occur, potentially leading to a denial of service...

7.8CVSS6AI score0.00129EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/01 2:15 p.m.32 views

CVE-2026-43020 Bluetooth: MGMT: validate LTK enc_size on load

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: validate LTK encsize on load Load Long Term Keys stores the user-provided encsize and later uses it to size fixed-size stack operations when replying to LE LTK requests. An encsize larger than the 16-byte key...

0.00129EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/01 2:15 p.m.8 views

EUVD-2026-26619

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: validate LTK encsize on load Load Long Term Keys stores the user-provided encsize and later uses it to size fixed-size stack operations when replying to LE LTK requests. An encsize larger than the 16-byte key...

5.9AI score0.00129EPSS
Exploits0References8
CVE
CVE
added 2026/05/01 2:15 p.m.30 views

CVE-2026-43020

CVE-2026-43020 concerns the Linux kernel Bluetooth MGMT path: load-time Long Term Keys can overflow a fixed-size stack buffer if enc_size exceeds the 16-byte key buffer. The root cause is validation of enc_size not rejecting oversized values during management LTK record validation, allowing inval...

7.8CVSS5.9AI score0.00129EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/01 2:15 p.m.6 views

CVE-2026-43020

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: validate LTK encsize on load Load Long Term Keys stores the user-provided encsize and later uses it to size fixed-size stack operations when replying to LE LTK requests. An encsize larger than the 16-byte key...

5.9AI score0.00129EPSS
Exploits0References9Affected Software1
Rows per page
Query Builder