Lucene search
K
AttackerkbRecent

74775 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/24 5:32 p.m.6 views

CVE-2026-48720

Warp is an agentic development environment. From 0.2025.03.05.08.02.stable00 until 0.2026.05.06.15.42.stable01, Warp accepts non-inline OSC 1337;File payloads from terminal output and materialize the decoded payload as a local file without an additional confirmation step. This vulnerability is...

8.8CVSS5.9AI score0.00247EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/24 5:31 p.m.5 views

CVE-2026-48721

Warp is an agentic development environment. From 0.2025.10.08.08.12.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command execution permission-check bypass in the default unsandboxed CLI agent profile. The CLI profile is non-interactive and relies on a command denylist as a safety...

8.6CVSS6AI score0.00145EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/24 5:30 p.m.5 views

CVE-2026-48731

Warp is an agentic development environment. From 0.2024.02.20.08.01.stable01 until 0.2026.05.06.15.42.stable01, Warp contains a command injection issue in the Linux external editor launcher. Warp expanded freedesktop .desktop Exec templates for affected editor integrations and executed the expand...

7.8CVSS5.9AI score0.00496EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/24 5:29 p.m.5 views

CVE-2026-48732

Warp is an agentic development environment. From 0.2023.03.21.08.02.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command injection issue in the legacy SSH background command path. Warp used the remote working directory reported by the session when building helper commands for...

8.8CVSS6.1AI score0.01007EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/06/24 5:28 p.m.5 views

CVE-2026-54686

Warp is an agentic development environment. From 0.2021.04.25.23.05.stable00 until 0.2026.05.06.15.42.stable01, Warp accepted certain state-mutating terminal lifecycle hooks from the PTY stream without verifying that the hooks were emitted by Warp's shell integration for the active session. An...

4.3CVSS5.9AI score0.00278EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/06/24 5:26 p.m.7 views

CVE-2026-54699

Warp is an agentic development environment. From 0.2024.03.12.08.02.stable01 until 0.2026.05.06.15.42.stable01, Warp contains an OS command injection vulnerability in the WSL URL-opening fallback. When Warp is running under WSL and cannot open a URL through wslview, it falls back to a Windows...

7.7CVSS5.9AI score0.00436EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/24 5:25 p.m.5 views

CVE-2026-48703

Warp is an agentic development environment. From 0.2025.04.09.08.11.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command execution policy bypass in Agent code search tools. The affected Grep and FileGlob actions are authorized as read/search operations, but their implementations...

7.8CVSS6.1AI score0.00177EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/24 5:22 p.m.14 views

CVE-2026-48725

Warp is an agentic development environment. From 0.2021.04.25.23.05.stable00 until 0.2026.05.06.15.42.stable01, Warp allows terminal output to request access to the local system clipboard. A malicious remote host, remote program, or other attacker-controlled terminal output source can trigger...

8.1CVSS5.9AI score0.00213EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/24 5:17 p.m.6 views

CVE-2026-55611

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. From 1.11.1 until 1.14.1, userId/workspaceId scoping to the parsed-files read/delete paths was added. However, the POST /api/workspace/:slug/embed-parsed-file/:fileId flow...

5.9AI score0.00236EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 5:13 p.m.5 views

CVE-2026-48789

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, on Windows, the document folder listing route can accept an encoded absolute Windows path that resolves outside the intended documents directory. The shared...

4.3CVSS5.9AI score0.00231EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 5:5 p.m.5 views

CVE-2026-49851

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Mistune is vulnerable to a CPU exhaustion DoS due to superlinear approximately On² behavior in parselinktext. When parsing Markdown containing many consecutive characters, parselinktext repeatedly scans the input usin...

8.7CVSS5.9AI score0.0035EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 4:30 p.m.6 views

CVE-2026-53130

In the Linux kernel, the following vulnerability has been resolved: fs/omfs: reject ssysblocksize smaller than OMFSDIRSTART omfsfillsuper rejects oversized ssysblocksize values PAGESIZE, but it does not reject values smaller than OMFSDIRSTART 0x1b8 = 440. Later, omfsmakeempty uses sbi-ssysblocksi...

5.6AI score0.0013EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 4:30 p.m.5 views

CVE-2026-53129

In the Linux kernel, the following vulnerability has been resolved: fs/mbcache: cancel shrink work before destroying the cache mbcachedestroy calls shrinkerfree and then frees all cache entries and the cache itself, but it does not cancel the pending cshrinkwork work item first. If...

5.7AI score0.00117EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 4:30 p.m.5 views

CVE-2026-53127

In the Linux kernel, the following vulnerability has been resolved: block: fix zonescond memory leak on zone revalidation error paths When blkrevalidatediskzones fails after diskrevalidatezoneresources has allocated args.zonescond, the memory is leaked because no error path frees it...

5.7AI score0.00145EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 4:30 p.m.6 views

CVE-2026-53128

In the Linux kernel, the following vulnerability has been resolved: drbd: Balance RCU calls in drbdadmdumpdevices Make drbdadmdumpdevices call rcureadlock before rcureadunlock is called. This has been detected by the Clang thread-safety analyzer...

5.7AI score0.00117EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 4:30 p.m.5 views

CVE-2026-53126

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix disk reference leak in blkcgmaybethrottlecurrent Add the missing putdisk on the error path in blkcgmaybethrottlecurrent. When blkcg lookup, blkg lookup, or blkgtryget fails, the function jumps to the out label whi...

5.7AI score0.00157EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 4:30 p.m.6 views

CVE-2026-53124

In the Linux kernel, the following vulnerability has been resolved: ublk: reset per-IO canceled flag on each fetch If a ublk server starts recovering devices but dies before issuing fetch commands for all IOs, cancellation of the fetch commands that were successfully issued may never complete. Th...

5.8AI score0.00145EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 4:30 p.m.6 views

CVE-2026-53125

In the Linux kernel, the following vulnerability has been resolved: md: fix arraystate=clear sysfs deadlock When "clear" is written to arraystate, mdattrstore breaks sysfs active protection so the array can delete itself from its own sysfs store method. However, mdattrstore currently drops the...

5.7AI score0.00169EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 4:30 p.m.5 views

CVE-2026-53123

In the Linux kernel, the following vulnerability has been resolved: md: wake raid456 reshape waiters before suspend During raid456 reshape, direct IO across the reshape position can sleep in raid5makerequest waiting for reshape progress while still holding an activeio reference. If userspace then...

5.7AI score0.00171EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 4:30 p.m.5 views

CVE-2026-53122

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock between reflink and transaction commit when using flushoncommit When using the flushoncommit mount option, we can have a deadlock between a transaction commit and a reflink operation that copied an inline exte...

5.7AI score0.00179EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 4:30 p.m.8 views

CVE-2026-53121

In the Linux kernel, the following vulnerability has been resolved: amd-pstate: Fix memory leak in amdpstateeppcpuinit On failure to set the epp, the function amdpstateeppcpuinit returns with an error code without freeing the cpudata object that was allocated at the beginning of the function...

5.8AI score0.00155EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 4:30 p.m.5 views

CVE-2026-53120

In the Linux kernel, the following vulnerability has been resolved: PCI: use generic driveroverride infrastructure When a driver is probed through driverattach, the bus' match callback is called without the device lock held, thus accessing the driveroverride field without a lock, which can cause ...

5.7AI score0.00157EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 4:30 p.m.8 views

CVE-2026-53118

In the Linux kernel, the following vulnerability has been resolved: vdpa: use generic driveroverride infrastructure When a driver is probed through driverattach, the bus' match callback is called without the device lock held, thus accessing the driveroverride field without a lock, which can cause...

5.7AI score0.00155EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 4:30 p.m.7 views

CVE-2026-53119

In the Linux kernel, the following vulnerability has been resolved: platform/wmi: use generic driveroverride infrastructure When a driver is probed through driverattach, the bus' match callback is called without the device lock held, thus accessing the driveroverride field without a lock, which c...

5.7AI score0.00157EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 4:30 p.m.5 views

CVE-2026-53117

In the Linux kernel, the following vulnerability has been resolved: s390/cio: use generic driveroverride infrastructure When a driver is probed through driverattach, the bus' match callback is called without the device lock held, thus accessing the driveroverride field without a lock, which can...

5.7AI score0.00171EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 4:30 p.m.6 views

CVE-2026-53116

In the Linux kernel, the following vulnerability has been resolved: s390/ap: use generic driveroverride infrastructure When the AP masks are updated via apmaskstore or aqmaskstore, apbusrevisebindings is called after apattrmutex has been released. This calls aprevisereserved, which accesses the...

5.7AI score0.00145EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 4:30 p.m.5 views

CVE-2026-53115

In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc: use generic driveroverride infrastructure When a driver is probed through driverattach, the bus' match callback is called without the device lock held, thus accessing the driveroverride field without a lock, which ca...

5.7AI score0.00157EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 4:30 p.m.5 views

CVE-2026-53114

In the Linux kernel, the following vulnerability has been resolved: perf/amd/ibs: Avoid calling perfallowkernel from the IBS NMI handler Calling perfallowkernel from the NMI context is unsafe and could be fatal. Capture the permission at event-initialization time by storing it in event-hw.flags,...

5.7AI score0.00154EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 4:30 p.m.3 views

CVE-2026-53101

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: fix potential deadlock in mt7921rocabortsync rocabortsync can deadlock with rocwork. rocwork holds dev-mt76.mutex, while cancelworksync waits for rocwork to finish. If the caller already owns the same mutex,...

5.7AI score0.00168EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 4:30 p.m.4 views

CVE-2026-53070

In the Linux kernel, the following vulnerability has been resolved: sctp: disable BH before calling udptunnelxmitskb udptunnelxmitskb / udptunnel6xmitskb are expected to run with BH disabled. After commit 6f1a9140ecda "add xmit recursion limit to tunnel xmit functions", on the path:...

7.5CVSS5.7AI score0.0035EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 4:29 p.m.5 views

CVE-2026-53009

In the Linux kernel, the following vulnerability has been resolved: ice: fix double-free of txbuf skb If icetso or icetxcsum fail, the error path in icexmitframering frees the skb, but the 'first' txbuf still points to it and is marked as valid ICETXBUFSKB. 'nexttouse' remains unchanged, so the...

5.7AI score0.00123EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 4:29 p.m.5 views

CVE-2026-53008

In the Linux kernel, the following vulnerability has been resolved: ice: fix race condition in TX timestamp ring cleanup Fix a race condition between icefreetxtstampring and icetxmap that can cause a NULL pointer dereference. icefreetxtstampring currently clears the ICETXFLAGSTXTIME flag after...

5.7AI score0.00155EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 4:29 p.m.5 views

CVE-2026-53007

In the Linux kernel, the following vulnerability has been resolved: ice: fix potential NULL pointer deref in error path of icesetringparam icesetringparam nullifies tstampring of temporary txrings, without clearing ICETXRINGFLAGSTXTIME bit. When ICETXRINGFLAGSTXTIME is set and the subsequent...

5.7AI score0.00155EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 4:29 p.m.10 views

CVE-2026-53006

In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible UAF in icmpv6rcv Caching saddr and daddr before pskbpull is problematic since skb-head can change. Remove these temporary variables: - We only access &ipv6;hdrskb-saddr and &ipv6;hdrskb-daddr when...

5.4AI score0.00377EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 4:29 p.m.19 views

CVE-2026-53005

In the Linux kernel, the following vulnerability has been resolved: afunix: Drop all SCM attributes for SOCKMAP. SOCKMAP can hide inflight fd from AFUNIX GC. When a socket in SOCKMAP receives skb with inflight fd, skpsockverdictdataready looks up the mapped socket and enqueue skb to its...

5.6AI score0.00129EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 4:29 p.m.6 views

CVE-2026-53004

In the Linux kernel, the following vulnerability has been resolved: sctp: fix OOB write to userspace in sctpgetsockoptpeerauthchunks sctpgetsockoptpeerauthchunks checks that the caller's optval buffer is large enough for the peer AUTH chunk list with if len gauthchunks, which lives at offset...

5.9AI score0.00176EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 4:29 p.m.5 views

CVE-2026-53003

In the Linux kernel, the following vulnerability has been resolved: pppoe: drop PFC frames RFC 2516 Section 7 states that Protocol Field Compression PFC is NOT RECOMMENDED for PPPoE. In practice, pppd does not support negotiating PFC for PPPoE sessions, and the current PPPoE driver assumes an...

5.7AI score0.00508EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 4:29 p.m.6 views

CVE-2026-53002

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: remove sprintf usage Replace it with scnprintf, the buffer sizes are expected to be large enough to hold the result, no need for snprintf+overflow check. Increase buffer size in manglecontentlen while at it...

5.9AI score0.00351EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 4:29 p.m.7 views

CVE-2026-53001

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtables: restrict several matches to inet family This is a partial revert of: commit ab4f21e6fb1c "netfilter: xtables: use NFPROTOUNSPEC in more extensions" to allow ipv4 and ipv6 only. - xtmac - xtowner - xtphysdev...

5.7AI score0.00176EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 4:29 p.m.4 views

CVE-2026-53000

In the Linux kernel, the following vulnerability has been resolved: netfilter: nat: use kfreercu to release ops Florian Westphal says: "Historically this is not an issue, even for normal base hooks: the data path doesn't use the original nfhookops that are used to register the callbacks. However,...

5.8AI score0.00123EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 4:29 p.m.7 views

CVE-2026-52999

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkosf: fix out-of-bounds read on option matching In nfosfmatch, the nfosfhdrctx structure is initialized once and passed by reference to nfosfmatchone for each fingerprint checked. During TCP option parsing,...

5.6AI score0.00521EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 4:29 p.m.5 views

CVE-2026-52998

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkosf: fix potential NULL dereference in ttl check The nfosfttl function accessed skb-dev to perform a local interface address lookup without verifying that the device pointer was valid. Additionally, the...

5.7AI score0.00508EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 4:29 p.m.6 views

CVE-2026-52997

In the Linux kernel, the following vulnerability has been resolved: net/sched: schdualpi2: drain both C-queue and L-queue in dualpi2change Fix dualpi2change to correctly enforce updated limit and memlimit values after a configuration change of the dualpi2 qdisc. Before this patch, dualpi2change...

5.7AI score0.00173EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 4:29 p.m.7 views

CVE-2026-52996

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix durable fd leak on ClientGUID mismatch in durable v2 open ksmbdlookupfdcguid returns a ksmbdfile with its refcount incremented via ksmbdfpget. parsedurablehandlecontext in the DURABLEREQV2 case properly releases this...

5.8AI score0.00188EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 4:29 p.m.3 views

CVE-2026-52995

In the Linux kernel, the following vulnerability has been resolved: net/rds: zero per-item info buffer before handing it to visitors rdsforeachconninfo and rdswalkconnpathinfo both hand a caller-allocated on-stack u64 buffer to a per-connection visitor and then copy the full itemlen bytes back to...

6AI score0.00176EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 4:29 p.m.3 views

CVE-2026-52994

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix MSGZEROCOPY pinned-pages accounting virtiotransportinitzcopyskb uses iter-count as the size argument for msgzerocopyrealloc, which in turn passes it to mmaccountpinnedpages for RLIMITMEMLOCK accounting. However,...

5.7AI score0.00173EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 4:29 p.m.12 views

CVE-2026-52993

In the Linux kernel, the following vulnerability has been resolved: tipc: fix double-free in tipcbufappend tipcmsgvalidate can potentially reallocate the skb it is validating, freeing the old one. In tipcbufappend, it was being called with a pointer to a local variable which was a copy of the...

5.7AI score0.00351EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 4:29 p.m.4 views

CVE-2026-52992

In the Linux kernel, the following vulnerability has been resolved: fs/adfs: validate nzones in adfsvalidatebblk Reject ADFS disc records with a zero zone count during boot block validation, before the disc record is used. When nzones is 0, adfsreadmap passes it to kmallocarray0, ... which return...

5.7AI score0.00184EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 4:29 p.m.4 views

CVE-2026-52991

In the Linux kernel, the following vulnerability has been resolved: sched/psi: fix race between file release and pressure write A potential race condition exists between pressure write and cgroup file release regarding the priv member of struct kernfsopenfile, which triggers the uaf reported in 1...

5.8AI score0.00104EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 4:29 p.m.3 views

CVE-2026-52990

In the Linux kernel, the following vulnerability has been resolved: fsnotify: fix inode reference leak in fsnotifyrecalcmask fsnotifyrecalcmask fails to handle the return value of fsnotifyrecalcmask, which may return an inode pointer that needs to be released via fsnotifydropobject when the...

5.6AI score0.00175EPSS
Exploits0References5Affected Software1
Total number of security vulnerabilities74775