Lucene search
K

259 matches found

Fedora
Fedora
added 2026/07/05 12:52 a.m.14 views

[SECURITY] Fedora 43 Update: mariadb11.8-11.8.8-1.fc43

MariaDB is a community developed fork from MySQL - a multi-user, multi-thread ed SQL database server. It is a client/server implementation consisting of a server daemon mariadbd and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs...

10CVSS6AI score0.00998EPSS
Exploits0
Fedora
Fedora
added 2026/06/29 12:58 a.m.12 views

[SECURITY] Fedora 44 Update: mariadb11.8-11.8.8-3.fc44

MariaDB is a community developed fork from MySQL - a multi-user, multi-thread ed SQL database server. It is a client/server implementation consisting of a server daemon mariadbd and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs...

10CVSS5.8AI score0.00998EPSS
Exploits0
OSV
OSV
added 2026/06/14 5:21 p.m.4 views

CVE-2026-54411

Linux-PAM through 1.7.2 contains an observable timing discrepancy CWE-208 in the pamuserdb module's plaintext-password comparison path in modules/pamuserdb/pamuserdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the...

8.2CVSS6AI score0.00321EPSS
Exploits0References6
CVE
CVE
added 2026/06/14 5:21 p.m.54 views

CVE-2026-54411

Linux-PAM up to 1.7.2 is affected by a timing side-channel in the pam_userdb plaintext-password comparison path (modules/pam_userdb/pam_userdb.c). When configured with crypt=none, an unrecognized crypt method, or without a crypt= argument, credentials are stored/compared in plaintext. The compari...

8.2CVSS5.4AI score0.00321EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/20 5:43 a.m.12 views

EUVD-2026-31065

In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by saslserveruserdbcheckpass...

8.1CVSS5.8AI score0.01312EPSS
Exploits0References3
OSV
OSV
added 2026/03/31 11:48 p.m.18 views

GHSA-P44Q-VQPR-4XMG Flask-HTTPAuth invokes token verification callback when missing or empty token was given by client

Summary In a situation where the client makes a request to a token protected resource without passing a token, or passing an empty token, Flask-HTTPAuth would invoke the application's token verification callback function with the token argument set to an empty string. If the application had any...

6.5CVSS5.9AI score0.00324EPSS
Exploits0References6
Microsoft CVE
Microsoft CVE
added 2026/03/26 8:6 a.m.5 views

IB/mthca: Add missed mthca_unmap_user_db() for mthca_create_srq()

...

7.1CVSS5.8AI score0.00123EPSS
Exploits0
EUVD
EUVD
added 2026/03/25 12:30 p.m.11 views

EUVD-2026-15218

In the Linux kernel, the following vulnerability has been resolved: IB/mthca: Add missed mthcaunmapuserdb for mthcacreatesrq Fix a user triggerable leak on the system call failure path...

5.7AI score0.00123EPSS
Exploits0References7
NVD
NVD
added 2026/03/25 11:16 a.m.11 views

CVE-2026-23289

In the Linux kernel, the following vulnerability has been resolved: IB/mthca: Add missed mthcaunmapuserdb for mthcacreatesrq Fix a user triggerable leak on the system call failure path...

5.5CVSS0.00123EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/03/25 10:26 a.m.3 views

CVE-2026-23289

In the Linux kernel, the following vulnerability has been resolved: IB/mthca: Add missed mthcaunmapuserdb for mthcacreatesrq Fix a user triggerable leak on the system call failure path...

5.7AI score0.00123EPSS
Exploits0References9Affected Software1
Debian CVE
Debian CVE
added 2026/03/25 10:26 a.m.2 views

CVE-2026-23289

In the Linux kernel, the following vulnerability has been resolved: IB/mthca: Add missed mthcaunmapuserdb for mthcacreatesrq Fix a user triggerable leak on the system call failure path...

5.5CVSS5.2AI score0.00123EPSS
Exploits0
NVD
NVD
added 2026/03/24 7:16 p.m.8 views

CVE-2026-33538

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.58 and 9.6.0-alpha.52, an unauthenticated attacker can cause denial of service by sending authentication requests with arbitrary, unconfigured provider names. The server...

8.7CVSS0.00406EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/24 7:11 p.m.8 views

EUVD-2026-14975

Parse Server: Denial of Service via unindexed database query for unconfigured auth providers...

8.7CVSS5.8AI score0.00406EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/24 6:24 p.m.5 views

CVE-2026-33538 Parse Server: Denial of service via unindexed database query for unconfigured auth providers

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.58 and 9.6.0-alpha.52, an unauthenticated attacker can cause denial of service by sending authentication requests with arbitrary, unconfigured provider names. The server...

8.7CVSS5.8AI score0.00406EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/24 6:24 p.m.6 views

CVE-2026-33538

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.58 and 9.6.0-alpha.52, an unauthenticated attacker can cause denial of service by sending authentication requests with arbitrary, unconfigured provider names. The server...

8.7CVSS5.8AI score0.00406EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/03/24 6:24 p.m.19 views

CVE-2026-33538

Parse Server v8.6.58 and v9.6.0-alpha.52 patch CVE-2026-33538, which allowed unauthenticated attackers to trigger DoS by sending auth requests for unconfigured providers. The server queries the user database for each unconfigured provider, and without an index on unconfigured providers this cause...

8.7CVSS5.8AI score0.00406EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.11 views

PT-2026-27483

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.58 Parse Server versions prior to 9.6.0-alpha.52 Description An unauthenticated attacker can cause a denial of service by sending authentication requests with arbitrary, unconfigured provider names. The serve...

8.7CVSS5.9AI score0.00406EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/02/19 12:0 a.m.6 views

FLIR Systems AX8 Cameras Missing Authentication for Critical Function (CVE-2022-37062)

All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are affected by an insecure design vulnerability due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains the path of the SQLite users database and...

7.5CVSS7AI score0.02624EPSS
Exploits3References5
HackRead
HackRead
added 2026/01/10 5:57 p.m.10 views

Database of 323,986 BreachForums Users Leaked as Admin Disputes Scope

Database of 323,986 BreachForums users leaked online as forum admins claim the exposed data is partial and dates back to August 2025...

6.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.8 views

PT-2026-27654

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to IB/mthca, specifically concerning a missing call to mthca unmap user db within the mthca create srq function. This can lead to a...

5.5CVSS5.5AI score0.00123EPSS
Exploits0References23
Rows per page
Query Builder