Lucene search
+L

7898 matches found

nvd
nvd
added 2026/06/08 5:16 p.m.21 views

CVE-2026-46311

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: fix access to stale wptr mapping Use drmexec to take both locks i.e vm root bo and wptrobj bo to access the mapping data properly. This fixes the security issue of unmap the wptrobj while a queue creation is in...

7.8CVSS0.00112EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/08 3:50 p.m.42 views

CVE-2026-46311 drm/amdgpu/userq: fix access to stale wptr mapping

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: fix access to stale wptr mapping Use drmexec to take both locks i.e vm root bo and wptrobj bo to access the mapping data properly. This fixes the security issue of unmap the wptrobj while a queue creation is in...

7.8CVSS0.00112EPSS
Exploits0References2
euvd
euvd
added 2026/06/08 3:50 p.m.11 views

EUVD-2026-35121

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: fix access to stale wptr mapping Use drmexec to take both locks i.e vm root bo and wptrobj bo to access the mapping data properly. This fixes the security issue of unmap the wptrobj while a queue creation is in...

5.4AI score0.00112EPSS
Exploits0References2
cve
cve
added 2026/06/08 3:30 p.m.58 views

CVE-2026-46442

Flowise (prior to 3.1.2) is affected by authenticated remote code execution via POST /api/v1/node-custom-function when E2B_APIKEY is not configured. The endpoint lacks route-level authorization, allowing authenticated users/API keys to submit arbitrary JavaScript to Custom JS Function, which is e...

9.9CVSS6.5AI score0.0082EPSS
Exploits1References2Affected Software1
nvd
nvd
added 2026/06/08 3:16 p.m.16 views

CVE-2026-43974

Unexpected Status Code or Return Value vulnerability in ninenines gun gunhttp module allows a malicious HTTP server to force the client into raw protocol mode via an unsolicited 101 Switching Protocols response. In gunhttp:handleinform/8, when a 101 Switching Protocols response is received over...

8.7CVSS0.00381EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/06/05 7:51 p.m.11 views

CVE-2025-66171

The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is enabled and have access to specific APIs can create new VMs using backups of any other user of the...

6.5CVSS5.5AI score0.0053EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:51 p.m.14 views

CVE-2026-25199

Instances deployed via the Proxmox extension allow unauthorized access to instances belonging to other tenants. This issue affects Apache CloudStack: from 4.21.0.0 through 4.22.0.0. The Proxmox extension for CloudStack improperly uses a user-editable instance setting, proxmoxvmid, to associate...

9.1CVSS5.4AI score0.005EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:44 p.m.13 views

CVE-2026-0238

A vulnerability in Palo Alto Networks Broker VM allows an authenticated administrator to inject arbitrary content into certain Broker VM fields...

4.8CVSS5.6AI score0.00098EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:25 p.m.10 views

CVE-2026-0427

Improper cleanup of shared register resources in GPU firmware could allow an admin-privileged attacker from a Guest Virtual machine VM to access these shared resources from another Guest VM, potentially resulting in the loss of confidentiality, integrity, or availability...

4.6CVSS5.5AI score0.00112EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:25 p.m.11 views

CVE-2026-0256

A stored cross-site scripting XSS vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaScript payload using the web interface. This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama virtual an...

6.9CVSS5.2AI score0.00179EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:23 p.m.12 views

CVE-2026-35248

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle...

5CVSS7.2AI score0.00096EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:23 p.m.13 views

CVE-2026-43998

A flaw was found in vm2 3.10.5. NodeVM require.root path checks use path.resolve without dereferencing symlinks, while Node require follows symlinks, allowing sandboxed code to load host modules outside the allowed root and achieve remote code execution. Fixed in 3.11.0...

8.5CVSS6.2AI score0.00722EPSS
Exploits1References4
redhatcve
redhatcve
added 2026/06/05 7:23 p.m.12 views

CVE-2026-43981

Algernon is a small self-contained pure-Go web server. Prior to 1.17.6, in engine/luahandler.go, the sync.RWMutex protecting LoadCommonFunctions is released before L.Push and L.PCall execute. Since gopher-lua's LState is explicitly not goroutine-safe, concurrent requests race on the shared state...

8.2CVSS5.5AI score0.00182EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:20 p.m.11 views

CVE-2026-41859

A network man-in-the-middle between nats-sync and the BOSH director can steal the director credentials Basic auth header or UAA client secret and can tamper with the VM list that is written into the NATS authorization file. Stolen credentials grant administrative director access...

7.8CVSS5.5AI score0.00098EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:14 p.m.12 views

CVE-2026-40504

Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravityvmexec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in gravityfiberreassign t...

9.8CVSS6.5AI score0.0064EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:10 p.m.13 views

CVE-2026-35245

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via RDP to compromise Oracle VM VirtualBox. Successful attacks of this...

7.5CVSS7.3AI score0.00253EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:10 p.m.13 views

CVE-2026-35246

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle...

7.5CVSS7.3AI score0.00107EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:10 p.m.13 views

CVE-2026-35251

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle...

7.5CVSS7.3AI score0.00107EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:10 p.m.12 views

CVE-2026-35242

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle...

7.5CVSS7.3AI score0.00107EPSS
Exploits0References1
osv
osv
added 2026/06/05 10:43 a.m.10 views

MINI-G7M3-VMPC-W7C4

Bulletin has no description...

7.5CVSS5.2AI score0.00359EPSS
Exploits0
Rows per page
Query Builder