Lucene search
K

1319 matches found

RedhatCVE
RedhatCVE
added 2026/04/10 7:22 p.m.4 views

CVE-2026-39985

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. Prior to 27.0.3 and 28.0.1, the redirect parameter upon login to LORIS was not validating the value of the redirect as being within LORIS,...

6.1CVSS5.9AI score0.00204EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/10 5:54 p.m.66 views

CVE-2026-1502 HTTP client proxy tunnel headers not validated for CR/LF

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host...

5.7CVSS0.00562EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/04/10 6:0 a.m.23 views

CVE-2026-4432 YITH WooCommerce Wishlist < 4.13.0 - Unauthenticated Arbitrary Wishlist Renaming via IDOR

The YITH WooCommerce Wishlist WordPress plugin before 4.13.0 does not properly validate wishlist ownership in the savetitle AJAX handler before allowing wishlist renaming operations. The function only checks for a valid nonce, which is publicly exposed in the page source of the /wishlist/ page,...

0.00226EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/04/08 1:36 p.m.3 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS5.9AI score0.00728EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/04/08 12:0 a.m.3 views

CVE-2025-50648

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inadequate input validation in the /tggl.asp endpoint...

6AI score0.00516EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/04/07 4:30 p.m.9 views

CVE-2026-4631

Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects malicious SSH...

9.8CVSS6.2AI score0.142EPSS
Exploits4
Snyk
Snyk
added 2026/04/06 5:59 p.m.6 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect through the redirecturi parameter in multiple endpoints ForgotPassword, MagicLinkLogin, Signup, InviteMembers, OAuthLoginHandler, VerifyEmailHandler which is not validated against AllowedOrigins. An attacker can obtain...

8.6CVSS5.8AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/06 12:0 a.m.2 views

CVE-2025-57834

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 850, 990, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 1680, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400, and Modem 5410. The absence of proper input validation leads to a...

10CVSS5.8AI score0.0052EPSS
Exploits1References3
EUVD
EUVD
added 2026/04/03 6:31 p.m.4 views

EUVD-2026-18762

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix memory leak in xevmmadviseioctl When checkboargsaresane validation fails, jump to the new freevmas cleanup label to properly free the allocated resources. This ensures proper cleanup in this error path. cherry picked...

5.7AI score0.00112EPSS
Exploits0References4
NVD
NVD
added 2026/04/03 4:16 p.m.4 views

CVE-2026-31390

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix memory leak in xevmmadviseioctl When checkboargsaresane validation fails, jump to the new freevmas cleanup label to properly free the allocated resources. This ensures proper cleanup in this error path. cherry picked...

5.5CVSS0.00112EPSS
Exploits0References3
OSV
OSV
added 2026/04/03 4:16 p.m.10 views

UBUNTU-CVE-2026-31390

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix memory leak in xevmmadviseioctl When checkboargsaresane validation fails, jump to the new freevmas cleanup label to properly free the allocated resources. This ensures proper cleanup in this error path. cherry picked...

5.5CVSS5.7AI score0.00112EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/03 3:15 p.m.2 views

CVE-2026-31390

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix memory leak in xevmmadviseioctl When checkboargsaresane validation fails, jump to the new freevmas cleanup label to properly free the allocated resources. This ensures proper cleanup in this error path. cherry picked...

5.7AI score0.00112EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/04/03 3:15 p.m.25 views

CVE-2026-31390 drm/xe: Fix memory leak in xe_vm_madvise_ioctl

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix memory leak in xevmmadviseioctl When checkboargsaresane validation fails, jump to the new freevmas cleanup label to properly free the allocated resources. This ensures proper cleanup in this error path. cherry picked...

0.00112EPSS
Exploits0References3
CVE
CVE
added 2026/04/03 3:15 p.m.15 views

CVE-2026-31390

CVE-2026-31390 affects the Linux kernel's drm/xe path, causing a memory leak in the function path used by xe_vm_madvise_ioctl when check_bo_args_are_sane() validation fails. The underlying issue was incorrect resource cleanup, now addressed by jumping to a new free_vmas cleanup label to properly ...

5.5CVSS5.7AI score0.00112EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.8 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, caused by a memory leak in the xevmmadviseioctl function. This vulnerability may lead to resources being not...

5.5CVSS5.8AI score0.00112EPSS
Exploits0References3
NVD
NVD
added 2026/04/01 5:28 p.m.10 views

CVE-2026-20097

A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to execute arbitrary code as the root user. This vulnerability is due to improper validation of user-supplied input to the web-based management interface. A...

6.5CVSS0.00549EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/04/01 2:57 p.m.16 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.2AI score0.00728EPSS
Exploits0References8
CVE
CVE
added 2026/04/01 9:3 a.m.52 views

CVE-2026-23898

Joomla! Core (com_joomlaupdate) is affected by an arbitrary file deletion vulnerability due to lack of input validation in the autoupdate server mechanism. The issue is documented across multiple sources (e.g., CVE-2026-23898, JOOMLA-1031, BIT-JOOMLA-2026-23898) and is tied to Joomla core updates...

8.6CVSS6AI score0.00454EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/01 9:3 a.m.34 views

CVE-2026-23898 Joomla! Core - [20260305] - Arbitrary file deletion in com_joomlaupdate

Lack of input validation leads to an arbitrary file deletion vulnerability in the autoupdate server mechanism...

8.6CVSS0.00454EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/01 5:1 a.m.4 views

CVE-2026-30312

DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing to validate commands; while it intercepts dangerous operators such as ;, &&, ||, |, and...

9.8CVSS6.1AI score0.01659EPSS
Exploits0References1
Rows per page
Query Builder