Lucene search
K

1310 matches found

EUVD
EUVD
added 2026/04/24 2:42 p.m.5 views

EUVD-2026-25515

In the Linux kernel, the following vulnerability has been resolved: NFC: digital: Bounds check NFC-A cascade depth in SDD response handler The NFC-A anti-collision cascade in digitalinrecvsddres appends 3 or 4 bytes to target-nfcid1 on each round, but the number of cascade rounds is controlled...

5.4AI score0.00281EPSS
Exploits0References4
CVE
CVE
added 2026/04/24 2:42 p.m.40 views

CVE-2026-31622

Summary (CVE-2026-31622): In the Linux kernel NFC digital subsystem, the NFC‑A cascade depth handling in digital_in_recv_sdd_res() could allow a malicious peer to keep sending cascade responses, causing writes past the allocated nfc_target buffer (heap overflow) by exceeding the cascade depth. Th...

8.8CVSS5.4AI score0.00281EPSS
Exploits0References9Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.8 views

PT-2026-34974

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the NFC-A anti-collision cascade within the digital in recv sdd res function. The process appends 3 or 4 bytes to target-nfcid1 during each round, but the number of roun...

8.8CVSS5.8AI score0.00281EPSS
Exploits0
CVE
CVE
added 2026/04/22 4:8 p.m.21 views

CVE-2026-35371

CVE-2026-35371 concerns the id utility in the uutils coreutils package. The vulnerability arises in the pretty print mode, where the tool incorrectly uses the effective GID instead of the effective UID when performing a name lookup for the effective user. This causes the output to misreport the i...

3.3CVSS5.8AI score0.00123EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/10 6:15 p.m.4 views

CVE-2026-33702

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an Insecure Direct Object Reference IDOR vulnerability in the Learning Path progress saving endpoint. The file lpajaxsaveitem.php accepts a uid user ID parameter directly from $REQUEST and uses it t...

7.1CVSS5.8AI score0.00238EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/04/10 6:15 p.m.3 views

EUVD-2026-21541

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an Insecure Direct Object Reference IDOR vulnerability in the Learning Path progress saving endpoint. The file lpajaxsaveitem.php accepts a uid user ID parameter directly from $REQUEST and uses it t...

7.1CVSS5.8AI score0.00238EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/10 3:34 p.m.6 views

Vikunja Missing Authorization on CalDAV Task Read

Summary The CalDAV GetResource and GetResourcesByList methods fetch tasks by UID from the database without verifying that the authenticated user has access to the task's project. Any authenticated CalDAV user who knows or guesses a task UID can read the full task data from any project on the...

4.3CVSS5.9AI score0.00216EPSS
Exploits1References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/10 12:0 a.m.7 views

SUSE SLED15 / SLES15 / openSUSE 15 : Recommended update for shadow (SUSE-SU-SUSE-RU-2026:1228-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-SUSE-RU-2026:1228-1 advisory. shadow is updated to 4.17.2 to bring lots of features and bug fixes. - util-linux-2.41...

5.5CVSS7.3AI score0.00308EPSS
Exploits0References19
Cvelist
Cvelist
added 2026/04/08 1:55 p.m.21 views

CVE-2025-58713 Rhpam: privilege escalation via excessive /etc/passwd permissions

A container privilege escalation flaw was found in certain Red Hat Process Automation Manager images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected containe...

6.4CVSS0.00145EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/08 1:55 p.m.1 views

CVE-2025-57854

A container privilege escalation flaw was found in certain OpenShift Update Service OSUS images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, ev...

6.4CVSS6AI score0.00145EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/08 1:55 p.m.3 views

CVE-2025-57853 Web-terminal: privilege escalation via excessive /etc/passwd permissions

A container privilege escalation flaw was found in certain Web Terminal images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root...

6.4CVSS6.1AI score0.00158EPSS
Exploits0References2
CVE
CVE
added 2026/04/08 1:55 p.m.12 views

CVE-2025-57854

The CVE-2025-57854 issue affects OpenShift Update Service (OSUS) images where the /etc/passwd file is created with group-writable permissions during build. Under certain conditions, a non-root user who can run commands in an affected container could leverage membership in the root group to modify...

6.4CVSS6AI score0.00145EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/08 1:55 p.m.2 views

CVE-2025-57851

A container privilege escalation flaw was found in certain Multicluster Engine for Kubernetes images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected containe...

6.4CVSS6.1AI score0.00113EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/08 1:55 p.m.3 views

CVE-2025-57851 Mce: privilege escalation via excessive /etc/passwd permissions

A container privilege escalation flaw was found in certain Multicluster Engine for Kubernetes images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected containe...

6.4CVSS6.1AI score0.00113EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/02 8:26 a.m.27 views

CVE-2026-29133 UID Regex Bypass

SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to upload PGP keys with UIDs that do not match their email address...

5.3CVSS0.00232EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/26 7:24 p.m.1 views

CVE-2026-33528

GoDoxy is a reverse proxy and container orchestrator for self-hosters. Prior to version 0.27.5, the file content API endpoint at /api/v1/file/content is vulnerable to path traversal. The filename query parameter is passed directly to path.Joincommon.ConfigBasePath, filename where ConfigBasePath =...

6.5CVSS5.8AI score0.00502EPSS
Exploits1References4Affected Software1
The Hacker News
The Hacker News
added 2026/03/17 5:23 a.m.6 views

CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added a medium-severity security flaw impacting Wing FTP to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerability, CVE-2025-47813 CVSS score: 4.3, is an information...

10CVSS7.9AI score0.95343EPSS
Exploits24
VulnCheck KEV
VulnCheck KEV
added 2026/03/16 12:0 a.m.8 views

VulnCheck KEV: CVE-2025-47813

loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie...

4.3CVSS5.8AI score0.56366EPSS
In wildExploits24References2
ATTACKERKB
ATTACKERKB
added 2026/03/13 8:14 p.m.4 views

CVE-2026-32614

Go ShangMi Commercial Cryptography Library GMSM is a cryptographic library that covers the Chinese commercial cryptographic public algorithms SM2/SM3/SM4/SM9/ZUC. Prior to 0.41.1, the current SM9 decryption implementation contains an infinity-point ciphertext forgery vulnerability. The root cause...

7.5CVSS5.9AI score0.00211EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/03/13 7:53 p.m.5 views

CVE-2025-57849

A container privilege escalation flaw was found in certain Fuse images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, ca...

6.4CVSS0.00208EPSS
Exploits0References2
Rows per page
Query Builder