Lucene search
K

38504 matches found

CNNVD
CNNVD
added 2026/04/24 12:0 a.m.8 views

Open Source Social Network(OSSN) 资源管理错误漏洞

Open Source Social Network OSSN is a social network engine developed by the OSSN team in Switzerland. Prior to version 9.0 of Open Source Social Network OSSN, there was a resource management vulnerability. This vulnerability stemmed from resource exhaustion, which could allow attackers to upload...

8.2CVSS5.8AI score0.00369EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.7 views

PT-2026-35006

In the Linux kernel, the following vulnerability has been resolved: mm/vma: fix memory leak in mmap region commit 605f6586ecf7 "mm/vma: do not leak memory when .mmap prepare swaps the file" handled the success path by skipping get file via file doesnt need get, but missed the error path. When...

5.4AI score0.00113EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a zero-division error in pixclock within tdfxfb...

5.5CVSS5.8AI score0.00125EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.12 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the staging sm750fb driver’s pstohz function not verifying that pixclock is non-zero, resulting i...

5.5CVSS5.8AI score0.00125EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.10 views

Rocket.Chat 访问控制错误漏洞

Rocket.Chat is a chat software developed by the Rocket.Chat company. Vulnerabilities in access control existed in versions prior to 8.4.0, 8.3.2, 8.2.2, 8.1.3, 8.0.4, 7.13.6, 7.12.7, 7.11.7, and 7.10.10. These vulnerabilities stem from spelling errors in the permission checks for the /api/apps/lo...

4.3CVSS5.8AI score0.00182EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of interface 0 space pointer dereferencing in us144mkii...

4.6CVSS5.8AI score0.00196EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.11 views

PT-2026-34957

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A divide-by-zero error exists in the udlfb driver within the fbdev subsystem. The issue occurs during the processing of 'FBIOPUT VSCREENINFO' because the driver uses the pixclock variabl...

9.8CVSS5.2AI score0.00514EPSS
Exploits0References395
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.4 views

PT-2026-34972

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs in the ALSA usx2y driver for the TASCAM US-144MKII device. A malicious USB device can provide a configuration containing bInterfaceNumber=1 without an...

9.8CVSS5.8AI score0.00514EPSS
Exploits0References314
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.10 views

PT-2026-34970

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A divide-by-zero error exists in the tdfxfb driver within the fbdev subsystem. The issue occurs during the FBIOPUT VSCREENINFO operation because the driver uses the pixclock variable...

9.8CVSS5.8AI score0.00514EPSS
Exploits0References394
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.12 views

PT-2026-34955

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A division by zero occurs in the ps to hz function. This happens because hw sm750 crtc set mode calls ps to hz without verifying that the pixclock variable is non-zero. An attacker can...

9.8CVSS5.8AI score0.00514EPSS
Exploits0References320
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.7 views

PT-2026-35023

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An information leak exists in the build report function within xfrm user. The struct xfrm user report contains a u8 proto field followed by a struct xfrm selector, resulting in three byt...

9.8CVSS5.5AI score0.00443EPSS
Exploits0References495
ATTACKERKB
ATTACKERKB
added 2026/04/23 9:24 p.m.7 views

CVE-2026-26210

KTransformers through 0.5.3 contains an unsafe deserialization vulnerability in the balanceserve backend mode where the scheduler RPC server binds a ZMQ ROUTER socket to all interfaces with no authentication and deserializes incoming messages using pickle.loads without validation. Attackers can...

9.8CVSS6.2AI score0.00703EPSS
Exploits1References4
GithubExploit
GithubExploit
added 2026/04/23 9:14 p.m.95 views

Exploit for CVE-2026-34159

CVE-2026-34159 0 Click RCE exploit for CVE-20...

9.8CVSS5.7AI score0.01126EPSS
Exploits2
Vulnrichment
Vulnrichment
added 2026/04/23 7:53 p.m.6 views

CVE-2026-41279 Flowise: Unauthenticated TTS endpoint accepts arbitrary credential IDs — enables API credit abuse via stored credentials

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the text-to-speech generation endpoint POST /api/v1/text-to-speech/generate is whitelisted no auth and accepts a credentialId directly in the request body. When called without a chatflowId, th...

8.2CVSS5.8AI score0.00261EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/23 7:15 p.m.5 views

EUVD-2026-25287

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery SSRF protection bypass vulnerability exists in the Custom Function feature. While the application implements SSRF protection via HTTPDENYLIST for axios and...

7.1CVSS5.8AI score0.00234EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/23 7:12 p.m.2 views

CVE-2026-41267

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, an improper mass assignment JSON injection vulnerability in the account registration endpoint of Flowise Cloud allows unauthenticated attackers to inject server-managed fields and nested objec...

8.1CVSS7.2AI score0.00334EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/04/23 3:54 p.m.8 views

CLSA-2026-1776959688 busybox: Fix of 4 CVEs

CVE-2018-1000517: fix heap buffer overflow in wget chunked decoding - CVE-2017-16544: reject terminal control sequences in shell tab completion - CVE-2018-20679: reject zero-length DHCP options and validate 4-byte option lengths - CVE-2019-5747: validate DHCPSUBNET option length before decoding...

9.8CVSS7.3AI score0.32381EPSS
Exploits14References1
CVE
CVE
added 2026/04/23 2:47 p.m.40 views

CVE-2026-41239

CVE-2026-41239 affects DOMPurify. From v1.0.10 up to but not including v3.4.0, SAFE_FOR_TEMPLATES incorrectly strips mustache/templating expressions in untrusted HTML when RETURN_DOM/RETURN_DOM_FRAGMENT are used, enabling XSS in template-evaluating frameworks (e.g., Vue 2). The issue is triggered...

6.8CVSS5.6AI score0.00217EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2026/04/23 8:40 a.m.13 views

Vercel Finds More Compromised Accounts in Context.ai-Linked Breach

Vercel on Wednesday revealed that it has identified an additional set of customer accounts that were compromised as part of a security incident that enabled unauthorized access to its internal systems. The company said it made the discovery after expanding its investigation to include an extra se...

5.8AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/04/23 8:15 a.m.9 views

Important: Red Hat Security Advisory: .NET 9.0 security update

An update for .NET 9.0 is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

7.5CVSS5.8AI score0.02818EPSS
Exploits0References3
Rows per page
Query Builder