Lucene search
K

503 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.9 views

SUSE SLES16: libsolv-demo / libsolv-devel / libsolv-devel-static / libsolv-tools / etc (SUSE-SU-2026:22172-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:22172-1 advisory. Changes in zypper: Update to 1.14.98: - Transactional systems: Delegate rw-commands to transactional-wrapper if available...

8.8CVSS6.2AI score0.006EPSS
Exploits0References27
OSV
OSV
added 2026/06/19 7:11 a.m.2 views

SUSE-SU-2026:22172-1 Security update for zypper, libzypp, libsolv

This update for zypper, libzypp, libsolv fixes the following issues: Changes in zypper: Update to 1.14.98: - Transactional systems: Delegate rw-commands to transactional-wrapper if available jscPED-13680, jscPED-15607 On a transactional system where the root filesystem is mounted read-only, zyppe...

8.8CVSS6.2AI score0.006EPSS
Exploits0References20
OSV
OSV
added 2026/06/19 7:11 a.m.3 views

SUSE-SU-2026:22221-1 Security update for zypper, libzypp, libsolv

This update for zypper, libzypp, libsolv fixes the following issues: Changes in zypper: Update to 1.14.98: - Transactional systems: Delegate rw-commands to transactional-wrapper if available jscPED-13680, jscPED-15607 On a transactional system where the root filesystem is mounted read-only, zyppe...

8.8CVSS6.2AI score0.006EPSS
Exploits0References20
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.8 views

CVE-2026-8428

Concrete CMS 9.5.0 and below emits a CSRF token in the localavailableupdate.php view $token-output'doupdate' but the corresponding doupdate method in concrete/controllers/singlepage/dashboard/system/update/update.php never calls $this-token-validate'doupdate'. The form is rendered as a POST form,...

8.8CVSS5.3AI score0.00132EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/28 8:13 p.m.11 views

CVE-2026-46740

Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Version 0.06 changes the module from being a stats...

5.3CVSS5.8AI score0.00326EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/19 12:49 p.m.8 views

CVE-2026-23558

The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a grant table version change from v2 to v1 in parallel with mapping the status pages via XENMEMaddtophysmap. Some of the status pages may then be freed while...

7.8CVSS5.8AI score0.00117EPSS
Exploits0References2
CVE
CVE
added 2026/05/19 12:49 p.m.61 views

CVE-2026-23558

CVE-2026-23558 describes a grant table v2 race in status page mapping for the Xen hypervisor. In XSA-379/387 scenarios, when a HVM/PVH guest changes grant table version from v2 to v1 while XENMEM_add_to_physmap maps status pages, some status pages may be freed even as their mappings are still ins...

7.8CVSS5.8AI score0.00117EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2026/05/19 12:49 p.m.4 views

CVE-2026-23558

The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a grant table version change from v2 to v1 in parallel with mapping the status pages via XENMEMaddtophysmap. Some of the status pages may then be freed while...

7.8CVSS5.8AI score0.00117EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/19 12:49 p.m.8 views

CVE-2026-23558 grant table v2 race in status page mapping

The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a grant table version change from v2 to v1 in parallel with mapping the status pages via XENMEMaddtophysmap. Some of the status pages may then be freed while...

5.8AI score0.00117EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/19 12:49 p.m.36 views

CVE-2026-23558 grant table v2 race in status page mapping

The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a grant table version change from v2 to v1 in parallel with mapping the status pages via XENMEMaddtophysmap. Some of the status pages may then be freed while...

0.00117EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/05/19 12:49 p.m.15 views

CVE-2026-23558

The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a grant table version change from v2 to v1 in parallel with mapping the status pages via XENMEMaddtophysmap. Some of the status pages may then be freed while...

7.8CVSS5.8AI score0.00117EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/17 11:26 p.m.9 views

CVE-2026-22816

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before 9.3.0, some exceptions were not treated as fatal errors and would not cause a repository to be disabled. If a build encountered one of these...

8.6CVSS6.8AI score0.00149EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.2 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003401)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003401 advisory. Race condition in net/packet/afpacket.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service use-after-free by...

7.8CVSS7.2AI score0.11127EPSS
Exploits16References37
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.6 views

Malicious code in eridanus-antimatter-figures-dotenv-safe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc9f078e333a05d5703ffb66d84694f1b93317ddb74c0ff6cd1be5c855ec5899 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.7 views

Malicious code in html-webpack-plugin-zenobia-nebula-antares (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bda7c207337434698205e1a554e373872174bfe0253efa98b12e47eb140c345e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.3 views

Malicious code in chakra-ui-fornax-umbriel-wezen (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3365ea447d8e6476fd1db57f2e6c33bf854a5c9ab298ad0d5aaecd0e6f783ed2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.6 views

Malicious code in spectroscopy-webdriver-manager-await-bootstrap (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd63e8f2ff15aafdf183c39b1a3af9623710f2abe9e62e6cf0138f4389f6a0ec This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.4 views

Malicious code in mini-css-extract-plugin-nova-titan-duplex (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ea7a868756de9bcc6a3ace304f91da8cc120146b8b0589d6581391a679daf16 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/13 3:23 a.m.3 views

MAL-2025-190088 Malicious code in upgrade-quantum-computing-eslint-plugin-areology (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65f24884b7f8123dd633e86819d246df7e79be71c3680536de53b2cdce89ba5c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/13 3:23 a.m.5 views

MAL-2025-190472 Malicious code in zephyr-yakutsk-update-fornax (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4056139ea2e6931e54f1dbb6be8565d9c94ad19a8e4cc44520c8df7a00ac25f8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
Rows per page
Query Builder