Lucene search
K

1735 matches found

Vulnrichment
Vulnrichment
added last week4 views

CVE-2026-49229 Actual: Disabled OpenID users keep access through existing session tokens

Actual is a local-first personal finance app. Prior to 26.6.0, in OpenID multi-user mode, disabling a user only blocks future OpenID login for that identity, while existing Actual session tokens for the disabled user remain valid. The shared session validation path accepts any existing token row...

8.3CVSS6AI score0.00441EPSS
Exploits0References3
CVE
CVE
added last week25 views

CVE-2026-49229

Affected software: Actual, a local-first personal finance app. Vulnerability summary: In OpenID multi-user mode prior to 26.6.0, disabling a user blocks future OpenID logins but does not revoke existing session tokens. The shared session validation path accepts any non-expired token, allowing a d...

8.3CVSS6AI score0.00441EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 5:17 p.m.5 views

EUVD-2026-39009

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. From 1.11.1 until 1.14.1, userId/workspaceId scoping to the parsed-files read/delete paths was added. However, the POST /api/workspace/:slug/embed-parsed-file/:fileId flow...

5.9AI score0.00236EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/22 9:42 p.m.4 views

Improper Authorization

Overview @actual-app/sync-server is an actual syncing server Affected versions of this package are vulnerable to Improper Authorization in the GET /secret/:name process. An attacker can determine the existence of admin-configured secrets by sending authenticated requests as a non-admin user and...

5.3CVSS5.8AI score0.00342EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/17 1:24 p.m.7 views

kernel: Linux kernel: Denial of service and memory corruption in RDMA umad

A flaw was found in the Linux kernel's Remote Direct Memory Access RDMA umad User Mode Access Device component. A local user can exploit this vulnerability by manipulating input, causing an integer underflow that leads to an out-of-bounds memory write. This memory corruption can result in a denia...

7.8CVSS5.5AI score0.00125EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/17 9:22 a.m.19 views

kernel: Linux kernel: Denial of service and memory corruption in RDMA umad

A flaw was found in the Linux kernel's Remote Direct Memory Access RDMA umad User Mode Access Device component. A local user can exploit this vulnerability by manipulating input, causing an integer underflow that leads to an out-of-bounds memory write. This memory corruption can result in a denia...

7.8CVSS5.5AI score0.00125EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

Roxy-WI 安全漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Roxy-WI versions 8.2.6.4 and earlier contain security vulnerabilities. These vulnerabilities stem from the lack of authorization checks for the GET /history/ route when the service is set to user...

4.3CVSS5.3AI score0.00176EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:43 p.m.10 views

CVE-2026-8501

Improper access control in the PCTCore64.sys Windows kernel driver from PC Tools Internet Security allows user-mode processes to access the PCTCoreDriver WDM device interface and invoke privileged IOCTL handlers. A local attacker with the ability to access or load the affected driver can exploit...

7.8CVSS5.5AI score0.00161EPSS
Exploits0References1
NVD
NVD
added 2026/06/01 11:16 p.m.15 views

CVE-2026-25260

Memory Corruption when accessing shared buffers without validation of concurrent user-mode input modifications...

7.8CVSS0.00052EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/01 10:5 p.m.8 views

CVE-2026-25260

Memory Corruption when accessing shared buffers without validation of concurrent user-mode input modifications...

7.8CVSS5.8AI score0.00052EPSS
Exploits0References2
CVE
CVE
added 2026/06/01 10:5 p.m.36 views

CVE-2026-25260

CVE-2026-25260 describes a memory corruption vulnerability in Qualcomm components caused by accessing shared buffers without validating concurrent user-mode input modifications. The NVD entry lists CVSS v3.1: 7.8 (HIGH) with LOCAL attack vector, low complexity, and low privileges required, with n...

7.8CVSS5.8AI score0.00052EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/05/28 9:20 p.m.14 views

EUVD-2026-33069

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, an approved mobile device token created in single-user mode can survive single-user - multi-user migration even when the device record has userId = null. In...

2CVSS5.8AI score0.00219EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/28 9:20 p.m.37 views

CVE-2026-47713 AnythingLLM: Legacy mobile device tokens bypass multi-user workspace scoping after mode migration

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, an approved mobile device token created in single-user mode can survive single-user - multi-user migration even when the device record has userId = null. In...

2CVSS0.00219EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.14 views

AnythingLLM 安全漏洞

AnythingLLM is an integrated AI application open source by Mintplex. Versions of AnythingLLM prior to 1.13.0 contained a security vulnerability. This vulnerability stemmed from mobile device tokens created in single-user mode being accepted after migration to multi-user mode, without any user...

2CVSS5.8AI score0.00219EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.21 views

PT-2026-44551

Name of the Vulnerable Software and Affected Versions AnythingLLM versions prior to 1.13.0 Description An issue exists where a mobile device token created in single-user mode remains valid after migration to multi-user mode, even if the device record has userId set to null. The mobile...

4.3CVSS5.9AI score0.00219EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2026/05/26 6:6 a.m.17 views

kernel: Linux kernel: Denial of service and memory corruption in RDMA umad

A flaw was found in the Linux kernel's Remote Direct Memory Access RDMA umad User Mode Access Device component. A local user can exploit this vulnerability by manipulating input, causing an integer underflow that leads to an out-of-bounds memory write. This memory corruption can result in a denia...

7.8CVSS5.7AI score0.00125EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2026/05/22 11:38 a.m.21 views

Making Vulnerable Drivers Exploitable Without Hardware - The BYOVD Perspective

1 Introduction This article provides a technical analysis of how many Windows kernel mode drivers can be interacted with from user mode without the hardware they were developed for. This work was motivated by driver-oriented vulnerability research and the need to evaluate the exploitability of...

6.1AI score
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: rcv: process: Fix kernel gp leakage childregs represents the registers that are active for the new thread in the user context. For a kernel thread, childregs-gp is never used, as the kernel’s gp value is not touched by the switch...

7.1CVSS6.4AI score0.00264EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/20 4:10 a.m.16 views

kernel: Linux kernel: Denial of service and memory corruption in RDMA umad

A flaw was found in the Linux kernel's Remote Direct Memory Access RDMA umad User Mode Access Device component. A local user can exploit this vulnerability by manipulating input, causing an integer underflow that leads to an out-of-bounds memory write. This memory corruption can result in a denia...

7.8CVSS5.7AI score0.00125EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/11 12:49 a.m.9 views

kernel: Linux kernel: Denial of service and memory corruption in RDMA umad

A flaw was found in the Linux kernel's Remote Direct Memory Access RDMA umad User Mode Access Device component. A local user can exploit this vulnerability by manipulating input, causing an integer underflow that leads to an out-of-bounds memory write. This memory corruption can result in a denia...

7.8CVSS5.7AI score0.00125EPSS
Exploits0References5
Rows per page
Query Builder