Lucene search
+L

305 matches found

NVD
NVD
added 3 days ago4 views

CVE-2026-57968

Buffer over-read in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00318EPSS
Exploits0References1
NVD
NVD
added 3 days ago3 views

CVE-2026-57973

Time-of-check time-of-use toctou race condition in Windows Subsystem for Linux allows an authorized attacker to perform tampering locally...

6.3CVSS0.00159EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago31 views

CVE-2026-57973 Windows Subsystem for Linux (WSL2) Kernel Tampering Vulnerability

...

6.3CVSS0.00159EPSS
Exploits0References1
CVE
CVE
added 3 days ago10 views

CVE-2026-57973

CVE-2026-57973 describes a Time-of-check Time-of-use (TOCTOU) race condition in Windows Subsystem for Linux (WSL2) kernel. The issue allows an authorized attacker to perform local tampering. Affected component is the WSL2 kernel; impact per sources is local, with confidentiality and integrity aff...

6.3CVSS6AI score0.00159EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 3 days ago2 views

CVE-2026-57973 Windows Subsystem for Linux (WSL2) Kernel Tampering Vulnerability

...

6.3CVSS6.1AI score0.00159EPSS
Exploits0References1
CVE
CVE
added 3 days ago9 views

CVE-2026-57968

The CVE-2026-57968 entry describes a Buffer over-read in Windows Subsystem for Linux (WSL2) that can enable local privilege escalation for an authorized attacker. Connected sources corroborate a kernel-level issue affecting WSL2; the base CVSS vector indicates LOCAL attack, LOW complexity, with H...

7.8CVSS6AI score0.00318EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-57968 Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability

...

7.8CVSS0.00318EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 3 days ago5 views

PT-2026-58637

Name of the Vulnerable Software and Affected Versions Windows Subsystem for Linux versions prior to 2.7.10 Description A time-of-check time-of-use TOCTOU race condition exists in the Windows Subsystem for Linux. This flaw allows an authorized local attacker to perform data tampering. A TOCTOU rac...

6.3CVSS6.1AI score0.00159EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 3 days ago6 views

Microsoft Windows Subsystem for Linux (WSL2) < 2.7.8 EoP (CVE-2026-57968) (July 2026)

The version of Microsoft Windows Subsystem for Linux WSL2 on the remote Windows host is prior to 2.7.8. It is, therefore, affected by an elevation of privilege vulnerability: - Buffer over-read in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally...

7.8CVSS6.1AI score0.00318EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 3 days ago7 views

Microsoft Windows Subsystem for Linux (WSL2) < 2.7.10 Tampering (CVE-2026-57973) (July 2026)

The version of Microsoft Windows Subsystem for Linux WSL2 on the remote Windows host is prior to 2.7.10. It is, therefore, affected by a tampering vulnerability: - Time-of-check time-of-use toctou race condition in Windows Subsystem for Linux allows an authorized attacker to perform tampering...

6.3CVSS6.1AI score0.00159EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 6:17 p.m.8 views

CVE-2026-54699

Warp is an agentic development environment. From 0.2024.03.12.08.02.stable01 until 0.2026.05.06.15.42.stable01, Warp contains an OS command injection vulnerability in the WSL URL-opening fallback. When Warp is running under WSL and cannot open a URL through wslview, it falls back to a Windows...

7.7CVSS0.00436EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 5:26 p.m.39 views

CVE-2026-54699

Warp contains an OS command injection in the WSL URL-opening fallback. When Warp runs under WSL and cannot open a URL via wslview, it uses a Windows command processor path, and a URL controlled through terminal output can reach this fallback when opened. Affected versions range from 0.2024.03.12....

7.7CVSS5.9AI score0.00436EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 5:26 p.m.4 views

CVE-2026-54699 Warp: OS command injection when opening terminal links from WSL

Warp is an agentic development environment. From 0.2024.03.12.08.02.stable01 until 0.2026.05.06.15.42.stable01, Warp contains an OS command injection vulnerability in the WSL URL-opening fallback. When Warp is running under WSL and cannot open a URL through wslview, it falls back to a Windows...

7.7CVSS6AI score0.00436EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/10 5:11 p.m.15 views

Malicious code in requests-toolbelt-plus (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38c64ca050de4910f56bc4a652890b0a378082859cb62153762c6ae08b4b8eae The package impersonates the popular requests-toolbelt library but ships an empty requeststoolbeltplus/init.py and places its real logic in setup.py...

6.1AI score
Exploits0References5
OSV
OSV
added 2026/06/10 5:11 p.m.14 views

MAL-2026-5519 Malicious code in requests-toolbelt-plus (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38c64ca050de4910f56bc4a652890b0a378082859cb62153762c6ae08b4b8eae The package impersonates the popular requests-toolbelt library but ships an empty requeststoolbeltplus/init.py and places its real logic in setup.py...

6.1AI score
Exploits0References5
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

Zed 安全漏洞

Zed is a code editor developed by Zed Industries. Versions of Zed prior to 0.227.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of shell references or validations for environment variable keys during SSH/WSL remote command execution. This allowed attackers to...

8.6CVSS6.2AI score0.00257EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: smb: client: fixed the off-by-8 bounds check in checkwsleas The bounds check uses u8 ea + nlen + 1 + vlen as the end of the EA name and value. However, eadata is located at offset sizeofstruct smb2filefulleainfo = 8 from ea, not ...

7.1CVSS6.2AI score0.00126EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/24 8:32 p.m.6 views

CVE-2026-31614

A flaw was found in the Linux kernel's Server Message Block SMB client. An untrusted server can exploit an out-of-bounds read vulnerability within the checkwsleas function. This flaw allows the server to read up to 8 bytes beyond the intended memory boundary, leading to information disclosure. Th...

7.1CVSS5.2AI score0.00126EPSS
Exploits0References4
NVD
NVD
added 2026/04/24 3:16 p.m.6 views

CVE-2026-31614

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix off-by-8 bounds check in checkwsleas The bounds check uses u8 ea + nlen + 1 + vlen as the end of the EA name and value, but eadata sits at offset sizeofstruct smb2filefulleainfo = 8 from ea, not at offset 0. The...

7.1CVSS0.00126EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/24 2:42 p.m.4 views

CVE-2026-31614

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix off-by-8 bounds check in checkwsleas The bounds check uses u8 ea + nlen + 1 + vlen as the end of the EA name and value, but eadata sits at offset sizeofstruct smb2filefulleainfo = 8 from ea, not at offset 0. The...

7.1CVSS5.2AI score0.00126EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder