Lucene search
K

13303 matches found

EUVD
EUVD
added 2026/06/25 9:22 p.m.7 views

EUVD-2026-38383

MessagePack-CSharp: DynamicUnionResolver-generated deserializers miss depth enforcement...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 7:16 p.m.9 views

CVE-2026-56788

RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in getcodepri function when processing unrecognized RINEX observation codes, allowing attackers to trigger denial of service. Crafted RINEX files with unknown observation types cause negative array indexing into the codepris table,...

7.1CVSS0.00119EPSS
Exploits1References2
OSV
OSV
added 2026/06/25 6:16 p.m.3 views

UBUNTU-CVE-2026-49839

jq is a command-line JSON processor. Prior to 1.8.2, jq --rawfile can turn a handled oversized-string error into invalid-state reuse and a real heap out-of-bounds write in assertion-disabled builds. When jvloadfileraw=1 reads an attacker-controlled file, it repeatedly appends file chunks to the...

7.1CVSS5.8AI score0.00165EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/25 6:13 p.m.5 views

EUVD-2026-39530

RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in getcodepri function when processing unrecognized RINEX observation codes, allowing attackers to trigger denial of service. Crafted RINEX files with unknown observation types cause negative array indexing into the codepris table,...

4.8CVSS5.9AI score0.00119EPSS
Exploits1References2
CVE
CVE
added 2026/06/25 6:13 p.m.14 views

CVE-2026-56788

RTKLIB 2.4.3 is affected by an out-of-bounds read in getcodepri when processing unrecognized RINEX observation codes. Crafted RINEX files with unknown observation types trigger negative indexing into the codepris table, causing reliable crashes and potential memory disclosure of adjacent global d...

7.1CVSS5.9AI score0.00119EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/06/25 6:13 p.m.33 views

CVE-2026-56788 RTKLIB 2.4.3 - Out-of-bounds Read via Negative Array Index in getcodepri

RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in getcodepri function when processing unrecognized RINEX observation codes, allowing attackers to trigger denial of service. Crafted RINEX files with unknown observation types cause negative array indexing into the codepris table,...

4.8CVSS0.00119EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/25 5:46 p.m.29 views

CVE-2026-54089 File Browser: Authentication Bypass via Proxy Auth Header Forgery

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Starting with 2.0.0-rc.1, when FileBrowser is configured with proxy authentication auth.method=proxy, any unauthenticated attacker who can reach the server...

9.1CVSS0.00337EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/25 5:46 p.m.6 views

CVE-2026-54089

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Starting with 2.0.0-rc.1, when FileBrowser is configured with proxy authentication auth.method=proxy, any unauthenticated attacker who can reach the server...

9.1CVSS5.8AI score0.00337EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/06/25 9:16 a.m.9 views

CVE-2026-53262

In the Linux kernel, the following vulnerability has been resolved: l2tp: pppol2tp: hold reference to session in pppol2tpioctl pppol2tpioctl read sock-sk-skuserdata directly without any locks or reference counting. If a controllable sleep was induced during copyfromuser e.g. via a userfaultfd pag...

7.8CVSS0.00125EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/25 8:39 a.m.6 views

EUVD-2026-39213

In the Linux kernel, the following vulnerability has been resolved: l2tp: pppol2tp: hold reference to session in pppol2tpioctl pppol2tpioctl read sock-sk-skuserdata directly without any locks or reference counting. If a controllable sleep was induced during copyfromuser e.g. via a userfaultfd pag...

5.8AI score0.00125EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/25 8:39 a.m.29 views

CVE-2026-53262 l2tp: pppol2tp: hold reference to session in pppol2tp_ioctl()

In the Linux kernel, the following vulnerability has been resolved: l2tp: pppol2tp: hold reference to session in pppol2tpioctl pppol2tpioctl read sock-sk-skuserdata directly without any locks or reference counting. If a controllable sleep was induced during copyfromuser e.g. via a userfaultfd pag...

7.8CVSS0.00125EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.8 views

PT-2026-52537

Name of the Vulnerable Software and Affected Versions File Browser versions 2.0.0-rc.1 and later Description When configured with proxy authentication auth.method=proxy, the software improperly trusts upstream identity headers without validating that requests originate from a trusted proxy. An...

9.1CVSS5.7AI score0.00337EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-52972

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto: afalg - Cap AEAD AD length to 0x80000000 In order to prevent arithmetic overflows when checking the TX buffer size, cap the associated data length to...

7CVSS6.2AI score0.0014EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/24 2:36 a.m.6 views

SUSE CVE-2026-46607

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, glances/outdated.py uses pickle.load to read a version-check cache file stored at a predictable, world-accessible path /.cache/glances/glances-version.db or $XDGCACHEHOME/glances/glances-version.db. No integrity chec...

7.8CVSS6.5AI score0.00303EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/24 2:36 a.m.8 views

SUSE CVE-2026-46611

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server glances -s, implemented in glances/server.py does not validate the HTTP Host header, leaving it vulnerable to DNS rebinding attacks. An attacker can exploit DNS rebinding to exfiltrate the...

5.3CVSS5.9AI score0.00156EPSS
Exploits0References3
NVD
NVD
added 2026/06/23 9:16 p.m.8 views

CVE-2026-47380

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, sign-in response timing differed between known and unknown email addresses because the unknown-user branch returned without performing a password hash comparison. This vulnerability is fixed in 2026.04.1...

6.3CVSS0.00197EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 8:33 p.m.26 views

CVE-2026-47380 NocoDB: User Enumeration via Sign-In Timing

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, sign-in response timing differed between known and unknown email addresses because the unknown-user branch returned without performing a password hash comparison. This vulnerability is fixed in 2026.04.1...

6.3CVSS0.00197EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 8:33 p.m.20 views

CVE-2026-47380

CVE-2026-47380 affects NocoDB. The vulnerability stems from an unknown-user sign-in path in auth.service.ts where the unknown-user branch returned without a password hash check, causing timing differences between known and unknown emails. This could enable network-positioned attackers to enumerat...

6.3CVSS5.8AI score0.00197EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 6:18 p.m.8 views

CVE-2026-54019

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI added collection-level ACL checks, but the patch can still be bypassed when Milvus multitenancy mode is enabled. The ACL allows unknown non-KB collection names as...

6.5CVSS0.00281EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/23 4:41 p.m.34 views

CVE-2026-54019 Open WebUI: RAG ACL Bypass in Milvus Multitenancy Mode

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI added collection-level ACL checks, but the patch can still be bypassed when Milvus multitenancy mode is enabled. The ACL allows unknown non-KB collection names as...

6.5CVSS0.00281EPSS
Exploits1References1
Rows per page
Query Builder