Lucene search
K

4216 matches found

EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42683

Mockoon provides way to design and run mock APIs. Prior to 9.7.0, Mockoon's admin API in commons-server/src/libs/server/admin-api.ts is mounted on the same Express listener as user-defined mock routes, enabled by default in shipped runtimes, serves Access-Control-Allow-Origin: with write methods...

8.8CVSS6AI score0.00173EPSS
Exploits0References5
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-42550

The Hydra Booking – Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.2.1 via the /wp-json/hydra-booking/v1/booking/details/id REST endpoint. This is due to the getBookingDetails callback only...

4.3CVSS5.9AI score0.00435EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 5 days ago5 views

PT-2026-56906

Name of the Vulnerable Software and Affected Versions Mockoon versions prior to 9.7.0 Description The admin API in commons-server/src/libs/server/admin-api.ts is mounted on the same Express listener as user-defined mock routes and is enabled by default in shipped runtimes. The API lacks...

8.8CVSS6.2AI score0.00173EPSS
Exploits0References9
Cvelist
Cvelist
added last week25 views

CVE-2026-50179 Actual: CSV Formula Injection in Transaction Export via Imported Payee/Notes Fields

Actual is a local-first personal finance tool. Prior to 26.6.0, exportToCSV and exportQueryToCSV in packages/loot-core/src/server/transactions/export/export-to-csv.ts pass user-controlled Payee, Notes, Account, and Category strings to csv-stringify with no cast callback and no formula-prefix...

4.2CVSS0.00286EPSS
Exploits0References3
CVE
CVE
added last week14 views

CVE-2026-50179

CVE-2026-50179 affects Actual Budget prior to version 26.6.0 where exportToCSV/exportQueryToCSV passed user-controlled Payee/Notes/Account/Category strings to csv-stringify without a cast callback, allowing formula prefixes (e.g., =, +, -, @, tab, CR) to survive in CSV cells. When opened in Excel...

4.2CVSS6AI score0.00286EPSS
Exploits0References3
OSV
OSV
added 2026/07/06 8:3 a.m.4 views

PYSEC-2026-783 aptdaemon Information Disclosure via Improper Input Validation in Transaction class

There is no input validation on the Locale property in an apt transaction. An unprivileged user can supply a full path to a writable directory, which lets aptd read a file as root. Having a symlink in place results in an error message if the file exists, and no error otherwise. This way an...

4CVSS6AI score0.0048EPSS
Exploits1References8
OSV
OSV
added 2026/07/02 7:46 p.m.4 views

GHSA-HHM7-QRV5-H4R6 Zebra: Repeated Non-Finalized Shielded Transaction Aborts Zebra Before Duplicate-Nullifier Rejection

Am I affected You are affected if: 1. You run zebrad up to and including v4.4.1. 2. Your node processes blocks past the checkpoint height non-finalized state is active. 3. The network has NU5 or later activated. All default configurations are affected. Summary Chain::push in the non-finalized sta...

5.9CVSS5.7AI score
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/29 1:12 p.m.10 views

CVE-2026-53122

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock between reflink and transaction commit when using flushoncommit When using the flushoncommit mount option, we can have a deadlock between a transaction commit and a reflink operation that copied an inline exte...

5.5CVSS5.8AI score0.00179EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/27 1:54 a.m.8 views

SUSE CVE-2026-53122

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock between reflink and transaction commit when using flushoncommit When using the flushoncommit mount option, we can have a deadlock between a transaction commit and a reflink operation that copied an inline exte...

4.7CVSS5.8AI score0.00179EPSS
Exploits0References9
OSV
OSV
added 2026/06/26 8:17 p.m.2 views

DEBIAN-CVE-2026-53284

In the Linux kernel, the following vulnerability has been resolved: btrfs: only release the dirty pages io tree after successful writes WARNING With extra warning on dirty extent buffers at umount aka, the next patch in the series, test case generic/388 can trigger the following warning about dir...

7.5CVSS5.9AI score0.00432EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 7:40 p.m.6 views

CVE-2026-53284

In the Linux kernel, the following vulnerability has been resolved: btrfs: only release the dirty pages io tree after successful writes WARNING With extra warning on dirty extent buffers at umount aka, the next patch in the series, test case generic/388 can trigger the following warning about dir...

7.5CVSS5.9AI score0.00432EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/26 11:16 a.m.4 views

UBUNTU-CVE-2026-57918

libnfs through 6.0.2 before 935b8db has an xid integer underflow in READIOVEC in rpcreadfromsocket in lib/socket.c during a connection to a crafted NFS server, when the expected pdu size exceeds the absolute pdu size from the xid/record-marker...

7.1CVSS5.8AI score0.00195EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 10:34 p.m.4 views

GO-2026-5667 CoreDNS has TSIG authentication bypass on gRPC and QUIC transports in github.com/coredns/coredns

CoreDNS has TSIG authentication bypass on gRPC and QUIC transports in github.com/coredns/coredns...

9.8CVSS5.8AI score0.0051EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/06/24 4:30 p.m.5 views

CVE-2026-53122

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock between reflink and transaction commit when using flushoncommit When using the flushoncommit mount option, we can have a deadlock between a transaction commit and a reflink operation that copied an inline exte...

5.7AI score0.00179EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/06/24 4:30 p.m.11 views

EUVD-2026-38990

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock between reflink and transaction commit when using flushoncommit When using the flushoncommit mount option, we can have a deadlock between a transaction commit and a reflink operation that copied an inline exte...

5.8AI score0.00179EPSS
Exploits0References4
OSV
OSV
added 2026/06/24 4:30 p.m.4 views

CVE-2026-53122 btrfs: fix deadlock between reflink and transaction commit when using flushoncommit

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock between reflink and transaction commit when using flushoncommit When using the flushoncommit mount option, we can have a deadlock between a transaction commit and a reflink operation that copied an inline exte...

5.8AI score0.00179EPSS
Exploits0References7
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: btrfs: Do not log conflicting inodes if it’s a directory that was moved during the current transaction. We cannot log an conflicting inode if it’s a directory that was moved from one parent directory to another parent directory...

6AI score0.00168EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: btrfs: fixed a deadlock in waitcurrenttrans due to an ignored transaction type When waitcurrenttrans is called during starttransaction, it currently waits for a blocked transaction without considering whether the given transactio...

5.8AI score0.00173EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: Unconditionally sets set-nelems before inserting an element. In the event that the set is full, a new element is inserted and then removed without waiting for the RCU grace period. Meanwhile, the RCU reader m...

7.8CVSS5.8AI score0.00123EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: jfs: Fixed an issue where uninitialized waitqueues were present in the transaction manager. The initialization of the transaction manager in txInit did not properly initialize the TxBlock0.waitor waitqueue. This caused a crash wh...

5.9AI score0.00177EPSS
Exploits0References4
Rows per page
Query Builder