Lucene search
K
AttackerkbRecent

74784 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/08 3:46 p.m.8 views

CVE-2026-46302

In the Linux kernel, the following vulnerability has been resolved: selinux: allow multiple opens of /sys/fs/selinux/policy Currently there can only be a single open of /sys/fs/selinux/policy at any time. This allows any process to block any other process from reading the kernel policy. The...

5.5AI score0.001EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:46 p.m.7 views

CVE-2026-46301

In the Linux kernel, the following vulnerability has been resolved: spi: topcliff-pch: fix use-after-free on unbind Give the driver a chance to flush its queue before releasing the DMA buffers on driver unbind...

5.4AI score0.00117EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:46 p.m.7 views

CVE-2026-46299

In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix held lock freed on hfsplusfillsuper hfsplusfillsuper calls hfsfindinit to initialize a search structure, which acquires tree-treelock. If the subsequent call to hfspluscatbuildkey fails, the function jumps to the...

7CVSS5.4AI score0.00091EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:46 p.m.7 views

CVE-2026-46298

In the Linux kernel, the following vulnerability has been resolved: pseries/papr-hvpipe: Fix race with interrupt handler While executing -ioctl handler or -release handler, if an interrupt fires on the same cpu, then we can enter into a deadlock. This patch fixes both these handlers to take...

5.4AI score0.00074EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:46 p.m.6 views

CVE-2026-46297

In the Linux kernel, the following vulnerability has been resolved: net: libwx: use requestirq for VF misc interrupt Currently, requestthreadedirq is used with a primary handler but a NULL threaded handler, while also setting the IRQFONESHOT flag. This specific combination triggers a WARNING sinc...

5.4AI score0.00112EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:46 p.m.10 views

CVE-2026-46296

In the Linux kernel, the following vulnerability has been resolved: spi: s3c64xx: fix NULL-deref on driver unbind A change moving DMA channel allocation from probe back to s3c64xxspipreparetransfer failed to remove the corresponding deallocation from remove. Drop the bogus DMA channel release fro...

5.4AI score0.00114EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:46 p.m.7 views

CVE-2026-46295

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Do IRR scan in kvmapicupdateirr even if PIR is empty Fall back to apicfindhighestvector when PID.ON is set but PIR turns out to be empty, to correctly report the highest pending interrupt from the existing IRR. In a...

5.3AI score0.00112EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:46 p.m.8 views

CVE-2026-46294

In the Linux kernel, the following vulnerability has been resolved: dm: fix a buffer overflow in ioctl processing Tony Asleson using Claude found a buffer overflow in dm-ioctl in the function retrievestatus: 1. The code in retrievestatus checks that the output string fits into the output buffer a...

5.8AI score0.00143EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:46 p.m.7 views

CVE-2026-46293

In the Linux kernel, the following vulnerability has been resolved: clk: microchip: mpfs-ccc: fix out of bounds access during output registration UBSAN reported an out of bounds access during registration of the last two outputs. This out of bounds access occurs because space is only allocated in...

5.3AI score0.00126EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:46 p.m.7 views

CVE-2026-46292

In the Linux kernel, the following vulnerability has been resolved: pmdomain: core: Fix detach procedure for virtual devices in genpd If a device is attached to a PM domain through genpddevpmattachbyid, genpd calls pmruntimeenable for the corresponding virtual device that it registers. While this...

5.5AI score0.00123EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:46 p.m.7 views

CVE-2026-46291

In the Linux kernel, the following vulnerability has been resolved: crypto: caam - guard HMAC key hex dumps in hashdigestkey Use printhexdumpdevel for dumping sensitive HMAC key bytes in hashdigestkey to avoid leaking secrets at runtime when CONFIGDYNAMICDEBUG is enabled...

5.4AI score0.00123EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:46 p.m.8 views

CVE-2026-46290

In the Linux kernel, the following vulnerability has been resolved: x86/efi: Fix graceful fault handling after FPU softirq changes Since commit d02198550423 "x86/fpu: Improve crypto performance by making kernel-mode FPU reliably usable in softirqs", kernelfpubegin calls fpregslock which uses...

5.4AI score0.00121EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:46 p.m.9 views

CVE-2026-46289

In the Linux kernel, the following vulnerability has been resolved: lib/scatterlist: fix length calculations in extractkvectosg Patch series "Fix bugs in extractitertosg", v3. Fix bugs in the kvec and user variants of extractitertosg. This series is growing due to useful remarks made by...

5.4AI score0.00457EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:45 p.m.8 views

CVE-2026-11530

A vulnerability was identified in imvks786 studentmanagementsystem up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. This affects an unknown function of the file /index.ph of the component Login. Such manipulation of the argument usr/pwd leads to sql injection. The attack can be executed remotely...

7.5CVSS7AI score0.00328EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:41 p.m.8 views

CVE-2026-46288

In the Linux kernel, the following vulnerability has been resolved: of: unittest: fix use-after-free in ofunittestchangeset The variable 'parent' is assigned the value of 'nchangeset' earlier in the function, meaning both point to the same struct devicenode. The call to ofnodeputnchangeset can...

5.5AI score0.0014EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:41 p.m.8 views

CVE-2026-46287

In the Linux kernel, the following vulnerability has been resolved: net: txgbe: fix RTNL assertion warning when remove module For the copper NIC with external PHY, the driver called phylinkconnectphy during probe and phylinkdisconnectphy during remove. It caused an RTNL assertion warning in...

5.3AI score0.00122EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:41 p.m.7 views

CVE-2026-46286

In the Linux kernel, the following vulnerability has been resolved: leds: qcom-lpg: Check for array overflow when selecting the high resolution When selecting the high resolution values from the array, FIELDGET is used to pull from a 3 bit register, yet the array being indexed has only 5 values i...

5.4AI score0.00122EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:41 p.m.8 views

CVE-2026-46285

In the Linux kernel, the following vulnerability has been resolved: mtd: docg3: fix use-after-free in docg3release In docg3release, the docg3 pointer is obtained from cascade-floors0-priv before the loop that calls docreleasedevice on each floor. docreleasedevice frees the docg3 struct via...

5.3AI score0.00126EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:41 p.m.10 views

CVE-2026-46284

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix early boot crash on parameters without '=' separator If hugepages, hugepagesz, or defaulthugepagesz are specified on the kernel command line without the '=' separator, early parameter parsing passes NULL to...

5.4AI score0.00121EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:41 p.m.8 views

CVE-2026-46283

In the Linux kernel, the following vulnerability has been resolved: tpm: Use kfreesensitive to free auth session in tpmdevrelease tpmdevrelease uses plain kfree to free chip-auth, which contains sensitive cryptographic material including HMAC session keys, nonces, and passphrase data struct...

5.4AI score0.00122EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:41 p.m.8 views

CVE-2026-46282

In the Linux kernel, the following vulnerability has been resolved: iio: frequency: admv1013: fix NULL pointer dereference on str When devicepropertyreadstring fails, str is left uninitialized but the code falls through to strcmpstr, ..., dereferencing a garbage pointer. Replace manual read/strcm...

5.5AI score0.00122EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:41 p.m.8 views

CVE-2026-46281

In the Linux kernel, the following vulnerability has been resolved: vmalloc: fix buffer overflow in vreallocnodealign Commit 4c5d3365882d "mm/vmalloc: allow to set node and align in vrealloc" added the ability to force a new allocation if the current pointer is on the wrong NUMA node, or if an...

5.7AI score0.0014EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:41 p.m.8 views

CVE-2026-46280

In the Linux kernel, the following vulnerability has been resolved: lib: testhmm: evict device pages on file close to avoid use-after-free Patch series "Minor hmmtest fixes and cleanups". Two bugfixes a cleanup for the HMM kernel selftests. These were mostly reported by Zenghui Yu with special...

7.8CVSS5.4AI score0.00126EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:41 p.m.8 views

CVE-2026-46279

In the Linux kernel, the following vulnerability has been resolved: mm/alloctag: clear codetag for pages allocated before pageext initialization Due to initialization ordering, pageext is allocated and initialized relatively late during boot. Some pages have already been allocated and freed befor...

5.3AI score0.00127EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:41 p.m.8 views

CVE-2026-46278

In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Fix segfault when updating ftrace mask Fix invalid data access by passing right data for debugfs entry. 171.549793 Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 171.559248 M...

5.4AI score0.00107EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:41 p.m.10 views

CVE-2026-46277

In the Linux kernel, the following vulnerability has been resolved: mm/zonedevice: do not touch device folio after calling -foliofree The contents of a device folio can immediately change after calling -foliofree, as the folio may be reallocated by a driver with a different order. Instead of...

5.3AI score0.0012EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:41 p.m.9 views

CVE-2026-46276

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix zero-size GDS range init on RDNA4 RDNA4 GFX 12 hardware removes the GDS, GWS, and OA on-chip memory resources. The gfxv120 initialisation code correctly leaves adev-gds.gdssize, adev-gds.gwssize, and adev-gds.oasi...

5.5AI score0.00123EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:41 p.m.8 views

CVE-2026-48507

Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows a non-admin user holding only the granular users.edit permission to lock every admin out of the instance by editing the activated flag which determines whether or not a user can login and the...

7.1CVSS5.5AI score0.00194EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:32 p.m.12 views

CVE-2026-46480

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluator create and update mass-assignment allows cross-workspace evaluator takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.3AI score0.00335EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:32 p.m.8 views

CVE-2026-46479

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluation create and update mass-assignment allows cross-workspace evaluation takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.3AI score0.00335EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:31 p.m.7 views

CVE-2026-46478

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, DatasetRow create and update mass-assignment allows cross-workspace row takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.4AI score0.00342EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:31 p.m.7 views

CVE-2026-46477

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, dataset create and update mass-assignment allows cross-workspace dataset takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.4AI score0.00335EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:31 p.m.10 views

CVE-2026-46476

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, CustomTemplate create and update mass-assignment allows cross-workspace template takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.3AI score0.00335EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:31 p.m.12 views

CVE-2026-46475

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, assistant create and update mass-assignment allows cross-workspace assistant takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.3AI score0.00335EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:30 p.m.7 views

CVE-2026-46443

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, when credentials are fetched with a credentialName filter parameter, the encryptedData field is not stripped from the response. The code properly omits encryptedData when no filter is...

7CVSS5.4AI score0.00271EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:30 p.m.20 views

CVE-2026-46442

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, POST /api/v1/node-custom-function lacks route-level authorization, allowing any authenticated user or API key to submit arbitrary JavaScript to the Custom JS Function node. When...

9.4CVSS6.5AI score0.0082EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:30 p.m.7 views

CVE-2026-46441

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the assistant update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId...

7.6CVSS5.5AI score0.00274EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:29 p.m.12 views

CVE-2026-46440

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, the checkBasicAuth endpoint validates credentials in plaintext without rate limiting and with direct comparison. This issue has been patched in version 3.1.2...

7.5CVSS7.1AI score0.00251EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:29 p.m.8 views

CVE-2026-42863

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the chatflow update endpoint of FlowiseAI. The endpoint allows clients to modify server-controlled properties such as deployed, isPublic,...

7.6CVSS5.4AI score0.00268EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:26 p.m.19 views

CVE-2026-49975

Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's modhttp leads to denial of service via malicious HTTP requests. This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67...

5.4AI score0.11471EPSS
Exploits8References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:25 p.m.8 views

CVE-2026-42862

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the tool update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId,...

7.6CVSS5.5AI score0.00195EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:25 p.m.7 views

CVE-2026-42861

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the variable update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId,...

7.6CVSS5.5AI score0.00254EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:25 p.m.7 views

CVE-2026-46444

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, all CRUD endpoints for OpenAI Assistants Vector Store have no authentication middleware and the route path /api/v1/openai-assistants-vector-store is not in WHITELISTURLS. However, it i...

8.7CVSS5.5AI score0.00327EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:24 p.m.6 views

CVE-2026-48913

Use After Free vulnerability in Apache HTTP Server module modhttp2 when file handles are already exhausted. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.67...

7.3CVSS5.4AI score0.00479EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:23 p.m.8 views

CVE-2026-42536

Heap-based Buffer Overflow vulnerability in Apache HTTP Server with modxml2enc, xml2StartParse, and untrusted content This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

5.4AI score0.0071EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:22 p.m.17 views

CVE-2026-44185

Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

5.4AI score0.00598EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:20 p.m.6 views

CVE-2026-49755

Improper Handling of Highly Compressed Data Data Amplification vulnerability in wojtekmach Req allows attacker-controlled HTTP servers to exhaust memory in a Req client via decompression-bomb response bodies. Req's default response pipeline includes Req.Steps.decodebody/1 and...

8.2CVSS5.5AI score0.00438EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:20 p.m.9 views

CVE-2026-34355

A buffer overflow in modproxyhtml in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

5.7AI score0.00805EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:20 p.m.7 views

CVE-2026-49756

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in wojtekmach Req allows multipart parameter smuggling via attacker-influenced part metadata. Req.Utils.encodeformpart/2 in lib/req/utils.ex builds the per-part headers by interpolating the caller-supplied name, filename, an...

2.1CVSS5.6AI score0.00178EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:19 p.m.15 views

CVE-2026-44631

Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

5.4AI score0.00486EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities74784