Lucene search
+L

631 matches found

redhatcve
redhatcve
added 2026/06/25 9:55 p.m.8 views

CVE-2026-52993

A flaw was found in the Linux kernel's Transparent Inter-Process Communication TIPC module. This vulnerability, a double-free, occurs when the tipcbufappend function incorrectly handles memory after a socket buffer skb reallocation. An attacker could potentially exploit this to cause system...

9.8CVSS6.2AI score0.00359EPSS
Exploits0References4
astralinux
astralinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: ntb: ntbhwswitchtec: Fixed array-index-out-of-bounds access The number of MW LUTs depends on the NTB configuration and can be set to MAXMWS. This patch prevents invalid index out-of-bounds access to mwsizes. When an invalid acces...

7.1CVSS5.7AI score0.00126EPSS
Exploits0References2
osv
osv
added 2026/06/18 8:10 p.m.8 views

GHSA-CWPP-5962-Q4F6 OpenClaw: Exec allowlist could miss side effects from transparent command wrappers

Summary Exec allowlist could miss side effects from transparent command wrappers. In affected versions, a command request that reaches the exec allowlist path could be evaluated against the inner command while the wrapper invocation still executed. This advisory is scoped to the named feature and...

4.3CVSS5.7AI score0.00185EPSS
Exploits0References4
cvelist
cvelist
added 2026/06/17 7:13 p.m.26 views

CVE-2026-55202 Tinyproxy - Stathost Detection Bypass via Host Header Manipulation

Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly validate the Host header during stathost detection, allowing unauthenticated attackers to access the stats page by injecting a matching Host header or bypass detection via port manipulation. Remote attackers can trigger...

8.8CVSS0.00335EPSS
Exploits0References3
euvd
euvd
added 2026/06/17 7:13 p.m.15 views

EUVD-2026-37786

Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly validate the Host header during stathost detection, allowing unauthenticated attackers to access the stats page by injecting a matching Host header or bypass detection via port manipulation. Remote attackers can trigger...

8.8CVSS5.3AI score0.00335EPSS
Exploits0References3
cve
cve
added 2026/06/16 6:4 p.m.24 views

CVE-2026-53848

OpenClaw CVE-2026-53848 affects OpenClaw prior to 2026.5.26. It describes an exec allowlist bypass where authenticated operators can craft command requests that bypass allowlist validation by using transparent command wrappers to cause wrapper-level side effects outside the intended commands. The...

4.3CVSS5.5AI score0.00185EPSS
Exploits0References2Affected Software1
osv
osv
added 2026/06/16 6:4 p.m.3 views

CVE-2026-53848 OpenClaw < 2026.5.26 - Exec Allowlist Bypass via Transparent Command Wrappers

OpenClaw before 2026.5.26 contains an exec allowlist bypass vulnerability allowing authenticated operators to execute wrapper-level side effects outside allowlisted command intent. Attackers can craft command requests that bypass allowlist validation by leveraging transparent command wrappers to...

2.3CVSS6AI score0.00185EPSS
Exploits0References5
thn
thn
added 2026/06/02 9:5 a.m.12 views

Pakistan-Linked SideCopy Targets Afghanistan Finance Ministry with Xeno RAT

Cybersecurity researchers have disclosed details of a spear-phishing campaign likely undertaken by the Pakistan-aligned SideCopy group targeting Afghanistan's Ministry of Finance with an open-source remote access trojan called Xeno RAT. "The campaign opens with a spear phishing delivery - a ZIP...

6AI score
Exploits0
osv
osv
added 2026/06/01 12:0 a.m.10 views

PUB-A-463414629

In NrmmMsgCodec::DecodeUPUTransparentContext of cnNrmmDecoder.cpp, there is a possible out-of-bounds read due to memory corruption. This could lead to remote denial of service causing a communication processor crash with no additional execution privileges needed. User interaction is not needed fo...

6.5CVSS5.9AI score0.00253EPSS
Exploits0References1
wordfence
wordfence
added 2026/05/29 4:23 p.m.31 views

Wordfence Bug Bounty Program Monthly Report – March 2026

In March 2026, the Wordfence Bug Bounty Program received 1718 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by the Wordfence Threat...

6.2AI score
Exploits0
redhat
redhat
added 2026/05/28 2:21 a.m.15 views

kernel: mm: thp: deny THP for files on anonymous inodes

A flaw was found in the Linux kernel's Transparent Huge Pages THP mechanism. This vulnerability occurs because the filethpenabled function incorrectly allows THP for files on anonymous inodes, which are not designed for this feature. An attacker could potentially exploit this by manipulating...

5.5CVSS5.8AI score0.00119EPSS
Exploits0References5
osv
osv
added 2026/05/28 12:0 a.m.18 views

ALSA-2026:21557 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: can: j1939: j1939sessionnew: fix skb reference counting CVE-2024-56645 kernel: ima: don't clear IMADIGSIG flag when setting or removing non-IMA xattr CVE-2025-68183 kernel: mm: thp: deny...

9.4CVSS6.8AI score0.00591EPSS
Exploits0References38
euvd
euvd
added 2026/05/27 12:56 p.m.12 views

EUVD-2026-32306

In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-epf-ntb: Remove duplicate resource teardown epfntbepcdestroy duplicates the teardown that the caller is supposed to do later. This leads to an oops when .allowlink fails or when .droplink is performed. Remove t...

5.8AI score0.00123EPSS
Exploits0References5
astralinux
astralinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: mm: thp: Deny THP for files on anonymous inodes The filethpenabled function incorrectly allows THP for files on anonymous inodes e.g., guestmemfd and secretmem. These files are created using allocfilepseudo, which does not cal...

5.5CVSS5.9AI score0.00119EPSS
Exploits0References1
astralinux
astralinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm: Prevent poison consumption when splitting THP When performing memory error injection on a THP Transparent Huge Page mapped to user space on an x86 server, the kernel panics with the following trace. The expected behavior woul...

6.2AI score0.00186EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: mm/shmem, swap: fixed the soft lockup issue with mTHP swapin. The following soft lockup can be easily reproduced on my test machine using the following command: echo always...

5.5CVSS6AI score0.00094EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Block devices with logical block size page size will be rejected when THP is disabled. If THP is disabled and there are block devices with logical block size page size, the following nullptrderef panic occurs during boot: 13.2 mK...

5.5CVSS5.3AI score0.00137EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm: khugepaged: skip huge page collapse for special files The read-only THP for file systems will collapse the THP for files that are opened in read-only mode and mapped with VMEXEC. The intended use case is to avoid TLB misses f...

5.5CVSS5.8AI score0.0021EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: NTB: Fixed a possible name leak in ntbregisterdevice. If deviceregister fails in ntbregisterdevice, the device name allocated by devsetname should be freed. According to the comment in deviceregister, callers should use putdevice...

5.5CVSS6.2AI score0.00273EPSS
Exploits0References2
susecve
susecve
added 2026/05/12 3:47 a.m.9 views

SUSE CVE-2025-38241

In the Linux kernel, the following vulnerability has been resolved: mm/shmem, swap: fix softlockup with mTHP swapin Following softlockup can be easily reproduced on my test machine with: echo always /sys/kernel/mm/transparenthugepage/hugepages-64kB/enabled swapon /dev/zram0 zram0 is a 48G swap...

5.5CVSS7.2AI score0.00094EPSS
Exploits0References3
Rows per page
Query Builder