Lucene search
K

1797 matches found

CVE
CVE
added 2026/06/25 6:2 p.m.22 views

CVE-2026-46606

CVE-2026-46606 affects Glances’ KVM/QEMU monitoring engine (glances/plugins/vms/engines/virsh.py). Before 4.5.5, it interpolates VM domain names read from virsh list --all into f-strings that are passed to secure_popen(), which splits on &&, |, and > and does not sanitise the domain name. This...

7.8CVSS6.2AI score0.00213EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 6:2 p.m.30 views

CVE-2026-46606 Glances: Command Injection via KVM/QEMU VM Domain Names in glances/plugins/vms/engines/virsh.py

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances KVM/QEMU monitoring engine glances/plugins/vms/engines/virsh.py passes VM domain names, read directly from virsh list --all output, into f-string command templates that are processed by securepopen...

7.8CVSS0.00213EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/21 12:0 a.m.7 views

Oracle Linux 8 : dracut (ELSA-2026-26534)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-26534 advisory. 049-244.git20260529.0.1 - Refactor getucodefile Orabug: 36989953 - Revert the fixes for bugs 33676753 and 33888951 due to regressions Orabug: 35656614 - Fix ty...

7.5CVSS6.1AI score0.01131EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

A issue was discovered in the x86 KVM subsystem of the Linux kernel before version 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVMVCPUPREEMPTED situations...

7.8CVSS6.5AI score0.00323EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in OVN

A flaw was discovered in the Open Virtual Network OVN. Specifically, specially crafted UDP packets may bypass egress access control lists ACLs in OVN installations that are configured with a logical switch equipped with DNS records. This occurs if the same switch has any egress ACLs configured...

8.1CVSS6.7AI score0.00832EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: hvnetvsc: Do not free decrypted memory. In CoCo VMs, it is possible for the untrusted host to cause setmemoryencrypted or setmemorydecrypted to fail, resulting in an error and the memory being retained as shared. Callers must tak...

5.5CVSS6AI score0.00225EPSS
Exploits0References2
Fedora
Fedora
added 2026/06/17 8:44 a.m.11 views

[SECURITY] Fedora 44 Update: xen-4.21.1-4.fc44

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

9.1CVSS5.2AI score0.00463EPSS
Exploits0
GithubExploit
GithubExploit
added 2026/06/15 7:59 p.m.58 views

ITScape

🛡️ ITScape - Test your systems for security gaps !https:/...

5.5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.14 views

PT-2026-49095

Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.5 Description The XML-RPC server implemented in glances/server.py and started with glances -s fails to validate the HTTP Host header. This allows a DNS rebinding attack, where an attacker can bypass the same-origi...

5.3CVSS5.8AI score0.00156EPSS
Exploits0References14
GithubExploit
GithubExploit
added 2026/06/12 3:47 a.m.64 views

ethical-hacking-security-labs

Ethical Hacking & Network Security Lab Portfolio A hands-on...

10CVSS8AI score0.96184EPSS
Exploits30
GithubExploit
GithubExploit
added 2026/06/11 5:43 p.m.68 views

Systems-and-Cyber-Security-Coursework

CSI6SCS2526 — Systems and Cyber Security Coursework Gr...

9.8CVSS8.7AI score0.9923EPSS
Exploits58
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.12 views

CVE-2026-39910

STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers to escalate privileges to full organization compromise by attaching arbitrary service accounts to virtual machines they control. Attackers can exploit the unvalidated PUT...

9.8CVSS5.6AI score0.00302EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/08 4:16 p.m.6 views

CVE-2026-39910

STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers to escalate privileges to full organization compromise by attaching arbitrary service accounts to virtual machines they control. Attackers can exploit the unvalidated PUT...

9.8CVSS5.6AI score0.00302EPSS
Exploits0References3
CVE
CVE
added 2026/06/08 4:16 p.m.25 views

CVE-2026-39910

The CVE-2026-39910 entry concerns STACKIT IaaS API: a missing authorization check lets an authenticated, low-privileged attacker attach arbitrary service accounts to owned virtual machines, escalating to full org compromise. The attacker can use the unvalidated PUT /servers/service-accounts endpo...

9.8CVSS5.6AI score0.00302EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/08 4:16 p.m.10 views

EUVD-2026-35128

STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers to escalate privileges to full organization compromise by attaching arbitrary service accounts to virtual machines they control. Attackers can exploit the unvalidated PUT...

9.8CVSS5.6AI score0.00302EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/08 4:16 p.m.38 views

CVE-2026-39910 STACKIT IaaS API Privilege Escalation via Service Account Attachment

STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers to escalate privileges to full organization compromise by attaching arbitrary service accounts to virtual machines they control. Attackers can exploit the unvalidated PUT...

9.8CVSS0.00302EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/08 4:16 p.m.10 views

CVE-2026-39910 STACKIT IaaS API Privilege Escalation via Service Account Attachment

STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers to escalate privileges to full organization compromise by attaching arbitrary service accounts to virtual machines they control. Attackers can exploit the unvalidated PUT...

9.8CVSS5.6AI score0.00302EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:46 p.m.6 views

CVE-2026-46295

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Do IRR scan in kvmapicupdateirr even if PIR is empty Fall back to apicfindhighestvector when PID.ON is set but PIR turns out to be empty, to correctly report the highest pending interrupt from the existing IRR. In a...

5.3AI score0.00155EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.9 views

STACKIT IaaS API 安全漏洞

THE STACKIT IaaS API is a cloud infrastructure management interface provided by the German company STACKIT. There is a security vulnerability in THE STACKIT IaaS API. This vulnerability stems from the lack of authorization checks, which may allow authenticated, low-privilege attackers to elevate...

9.8CVSS5.5AI score0.00302EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.14 views

PT-2026-47345

Name of the Vulnerable Software and Affected Versions STACKIT IaaS API affected versions not specified Description A missing authorization check allows authenticated, low-privileged attackers to escalate privileges to full organization compromise. By exploiting the unvalidated 'PUT servers...

9.8CVSS5.2AI score0.00302EPSS
Exploits0References5
Rows per page
Query Builder