Lucene search
K
AlpinelinuxRecent

13033 matches found

AlpineLinux
AlpineLinux
added 2026/04/16 6:53 a.m.5 views

CVE-2026-41035

In rsync 3.0.1 through 3.4.1, receivexattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X aka --xattrs. On Linux, many but not all common configurations are vulnerable. Non-Linux platforms are more widely vulnerable...

7.8CVSS5.7AI score0.00393EPSS
Exploits1References29
AlpineLinux
AlpineLinux
added 2026/04/16 1:33 a.m.35 views

CVE-2026-40962

FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC Common Encryption subsample data to libavformat/mov.c...

9.8CVSS5.8AI score0.00134EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/04/16 1:20 a.m.12 views

CVE-2026-40505

MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata fields. Attackers can embed malicious ANSI escape codes in PDF metadata that are passed unsanitized to terminal output when running...

4.8CVSS5.9AI score0.00166EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2026/04/16 1:4 a.m.2 views

CVE-2026-32179

This candidate has been reserved by an organization or individual " "that will use it when announcing a new security problem. When the candidate has been " "publicized, the details for this candidate will be provided...

0.00075EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/04/15 11:15 p.m.2 views

CVE-2026-40193

maddy is a composable, all-in-one mail server. Versions prior to 0.9.3 contain an LDAP injection vulnerability in the auth.ldap module where user-supplied usernames are interpolated into LDAP search filters and DN strings via strings.ReplaceAll without any LDAP filter escaping, despite the...

8.2CVSS5.9AI score0.00419EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2026/04/15 10:26 p.m.6 views

CVE-2026-40179

Prometheus is an open-source monitoring system and time series database. Versions 3.0 through 3.5.1 and 3.6.0 through 3.11.1 have stored cross-site scripting vulnerabilities in multiple components of the Prometheus web UI where metric names and label values are injected into innerHTML without...

6.1CVSS5.9AI score0.0024EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/04/15 8:56 p.m.4 views

CVE-2026-40261

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...

8.8CVSS6.2AI score0.01688EPSS
Exploits2
AlpineLinux
AlpineLinux
added 2026/04/15 8:47 p.m.4 views

CVE-2026-40176

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command method, which constructs shell commands by interpolating user-supplied Perforce connection parameters port, user, client without...

7.8CVSS6.3AI score0.01065EPSS
Exploits4
AlpineLinux
AlpineLinux
added 2026/04/15 7:24 p.m.10 views

CVE-2026-21726

The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/namespace Thanks to Prasanth Sundararajan for reporting this vulnerability...

5.3CVSS6AI score0.01489EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/04/15 7:4 p.m.17 views

CVE-2026-6364

Out of bounds read in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted file. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00234EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/04/15 7:4 p.m.4 views

CVE-2026-6362

Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted video file. Chromium security severity: High...

4.3CVSS5.8AI score0.00221EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/04/15 7:4 p.m.5 views

CVE-2026-6363

Type Confusion in V8 in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS5.3AI score0.00275EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/04/15 7:4 p.m.3 views

CVE-2026-6316

Use after free in Forms in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00323EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/04/15 7:4 p.m.4 views

CVE-2026-6361

Heap buffer overflow in PDFium in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: High...

8.3CVSS6.5AI score0.0031EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/04/15 7:4 p.m.7 views

CVE-2026-6314

Out of bounds write in GPU in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00269EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/04/15 7:4 p.m.8 views

CVE-2026-6313

Insufficient policy enforcement in CORS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

3.1CVSS5.8AI score0.00207EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/04/15 7:4 p.m.3 views

CVE-2026-6312

Insufficient policy enforcement in Passwords in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

3.1CVSS5.8AI score0.00219EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/04/15 7:4 p.m.6 views

CVE-2026-6311

Uninitialized Use in Accessibility in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00273EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/04/15 7:4 p.m.4 views

CVE-2026-6360

Use after free in FileSystem in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.8AI score0.00253EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/04/15 7:4 p.m.4 views

CVE-2026-6308

Out of bounds read in Media in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

7.5CVSS6.2AI score0.00293EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/04/15 7:4 p.m.4 views

CVE-2026-6309

Use after free in Viz in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00251EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/04/15 7:4 p.m.4 views

CVE-2026-6306

Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: High...

8.8CVSS6.5AI score0.00336EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/04/15 7:4 p.m.2 views

CVE-2026-6307

Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00365EPSS
Exploits3
AlpineLinux
AlpineLinux
added 2026/04/15 7:4 p.m.4 views

CVE-2026-6303

Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.0037EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/04/15 7:4 p.m.2 views

CVE-2026-6304

Use after free in Graphite in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00251EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/04/15 7:4 p.m.4 views

CVE-2026-6305

Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: High...

8.8CVSS6.5AI score0.00336EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/04/15 7:4 p.m.7 views

CVE-2026-6301

Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00372EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/04/15 7:4 p.m.7 views

CVE-2026-6302

Use after free in Video in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00334EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/04/15 7:4 p.m.5 views

CVE-2026-6300

Use after free in CSS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00341EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/04/15 7:4 p.m.5 views

CVE-2026-6359

Use after free in Video in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.8AI score0.00252EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/04/15 7:4 p.m.3 views

CVE-2026-6299

Use after free in Prerender in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6.3AI score0.00341EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/04/15 7:4 p.m.5 views

CVE-2026-6298

Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Critical...

4.3CVSS6.3AI score0.00286EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/04/15 7:4 p.m.3 views

CVE-2026-6297

Use after free in Proxy in Google Chrome prior to 147.0.7727.101 allowed an attacker in a privileged network position to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS6AI score0.00201EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/04/15 7:4 p.m.5 views

CVE-2026-6296

Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

9.6CVSS6.3AI score0.00339EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/04/15 6:57 p.m.7 views

CVE-2026-21727

--- title: Cross-Tenant Legacy Correlation Disclosure and Deletion draft: false hero: image: /static/img/heros/hero-legal2.svg content: " Cross-Tenant Legacy Correlation Disclosure and Deletion" date: 2026-01-29 product: Grafana severity: Low cve: CVE-2026-21727 cvssscore: "3.3" cvssvector:...

3.3CVSS5.7AI score0.00204EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/04/15 2:59 p.m.4 views

CVE-2025-12141

In Grafana's alerting system, users with edit permissions for a contact point, specifically the permissions “alert.notifications:write” or “alert.notifications.receivers:test” that are granted as part of the fixed role "Contact Point Writer", which is part of the basic role Editor - can edit...

6.5CVSS5.7AI score0.00255EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/04/15 2:5 a.m.8 views

CVE-2026-40499

radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by embedding a newline byte in the PE section header name field. Attackers can craft a malicious PDB file with specially crafted...

8.4CVSS6.1AI score0.01184EPSS
Exploits1References5
AlpineLinux
AlpineLinux
added 2026/04/15 12:0 a.m.8 views

CVE-2026-5056

This candidate has been reserved by an organization or individual " "that will use it when announcing a new security problem. When the candidate has been " "publicized, the details for this candidate will be provided...

Exploits0
AlpineLinux
AlpineLinux
added 2026/04/14 10:42 p.m.3 views

CVE-2026-33414

Podman is a tool for managing OCI containers and pods. Versions 4.8.0 through 5.8.1 contain a command injection vulnerability in the HyperV machine backend in pkg/machine/hyperv/stubber.go, where the VM image path is inserted into a PowerShell double-quoted string without sanitization, allowing $...

8.8CVSS6.1AI score0.00607EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/04/14 10:31 p.m.7 views

CVE-2026-35034

Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a denial of service vulnerability in the SyncPlay group creation endpoint POST /SyncPlay/New, where an authenticated user can create groups with names of unlimited size due to insufficient input validation. By...

6.5CVSS5.6AI score0.0026EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/04/14 10:18 p.m.4 views

CVE-2026-35031

Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the subtitle upload endpoint POST /Videos/itemId/Subtitles, where the Format field is not validated, allowing path traversal via the file extension and enabling arbitrary file write. Th...

9.9CVSS6.5AI score0.00753EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2026/04/14 4:58 p.m.3 views

CVE-2026-26171

Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network...

7.5CVSS5.8AI score0.01753EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/04/14 4:57 p.m.3 views

CVE-2026-33116

Loop with unreachable exit condition 'infinite loop' in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network...

7.5CVSS5.8AI score0.02142EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/04/14 4:57 p.m.2 views

CVE-2026-32202

Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network...

4.3CVSS5.8AI score0.64095EPSS
Exploits3
AlpineLinux
AlpineLinux
added 2026/04/14 4:57 p.m.4 views

CVE-2026-32178

Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network...

7.5CVSS5.8AI score0.02279EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/04/13 11:51 p.m.3 views

CVE-2026-33948

jq is a command-line JSON processor. Commits before 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b contain a vulnerability where CLI input parsing allows validation bypass via embedded NUL bytes. When reading JSON from files or stdin, jq uses strlen to determine buffer length instead of the actual byte...

6.3CVSS5.9AI score0.00256EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2026/04/13 11:40 p.m.12 views

CVE-2026-40164

jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784, jq used MurmurHash3 with a hardcoded, publicly visible seed 0x432A9843 for all JSON object hash table operations, which allowed an attacker to precompute key collisions offline. By supplying a crafted JSO...

7.5CVSS5.8AI score0.00366EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/04/13 10:18 p.m.3 views

CVE-2026-39979

jq is a command-line JSON processor. In commits before 2f09060afab23fe9390cce7cb860b10416e1bf5f, the jvparsesized API in libjq accepts a counted buffer with an explicit length parameter, but its error-handling path formats the input buffer using %s in jvstringfmt, which reads until a NUL terminat...

8.2CVSS5.5AI score0.00559EPSS
Exploits1References32
AlpineLinux
AlpineLinux
added 2026/04/13 10:10 p.m.3 views

CVE-2026-39956

jq is a command-line JSON processor. In commits after 69785bf77f86e2ea1b4a20ca86775916889e91c9, the strindices builtin in jq's src/builtin.c passes its arguments directly to jvstringindexes without verifying they are strings, and jvstringindexes in src/jv.c relies solely on assert checks that are...

6.1CVSS5.7AI score0.00174EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2026/04/13 9:50 p.m.3 views

CVE-2026-33947

jq is a command-line JSON processor. In versions 1.8.1 and below, functions jvsetpath, jvgetpath, and delpathssorted in jq's src/jvaux.c use unbounded recursion whose depth is controlled by the length of a caller-supplied path array, with no depth limit enforced. An attacker can supply a JSON...

6.2CVSS5.8AI score0.00234EPSS
Exploits1References3
Total number of security vulnerabilities13033