366532 matches found
CVE-2026-46288
CVE-2026-46288 (Linux kernel). The issue is a use-after-free in unittest changeset handling of device-tree nodes: a pointer (parent) shares the same struct device_node as nchangeset, and of_node_put(nchangeset) can drop the refcount to zero while code still uses parent to inspect properties, lead...
CVE-2026-46287
In the Linux kernel, the net/txgbe driver for copper NICs with external PHY fixed an RTNL assertion warning that occurred during module removal. The root cause was phylink_disconnect_phy() being called during remove without proper RTNL protection, triggering an assertion in phylink_disconnect_phy...
CVE-2026-46286
CVE-2026-46286 affects the Linux kernel’s leds: qcom-lpg driver. Root cause: selecting high-resolution values uses FIELD_GET() from a 3-bit register while indexing into an array that has only 5 values, risking out-of-bounds access. The description states this was resolved by adding a proper bound...
CVE-2026-46285
In the Linux kernel vulnerability CVE-2026-46285, a use-after-free occurs in mtd: docg3_release(): the docg3 pointer is obtained from cascade->floors[0]->priv and freed via doc_release_device() in a loop. After freeing docg3, code dereferences docg3->cascade->bch, which is undefined b...
CVE-2026-46284
In the Linux kernel, the vulnerability (CVE-2026-46284) affects early boot parameter parsing for hugepages. When hugepages, hugepagesz, or default_hugepagesz are supplied on the kernel command line without an '=' separator, early parsing passes NULL to hugetlb_add_param(), which dereferences NULL...
CVE-2026-46283
The CVE concerns the Linux kernel TPM driver: tpm_dev_release() frees the chip->auth structure with plain kfree(), leaving sensitive material (HMAC session keys, nonces, passphrase data) in freed memory. Other code paths scrub before free via kfree_sensitive(), so this path risks leaking sensi...
CVE-2026-46282
CVE-2026-46282 affects the Linux kernel IIO: frequency driver for admv1013. The root cause was a NULL/garbage pointer dereference when device_property_read_string() fails, leading to a dereference in strcmp. The fix consolidates the SE mode enums into a single sequential enum and replaces the man...
CVE-2026-46281
The CVE affects the Linux kernel vmalloc path. A buffer overflow could occur in vrealloc_node_align() when reallocating with shrinking, because old_size bytes could be copied into a newly allocated buffer of size 'size' before the fix. The issue arises during need_realloc when a new object is all...
CVE-2026-46280
CVE-2026-46280 affects the Linux kernel in the HMM selftest path for device memory (dmirror) handling. The root cause is in dmirror_fops_release(), which frees the dmirror struct without migrating device-private pages back to system memory, leaving a stale zone_device_data pointer. If a fault occ...
CVE-2026-46279
The CVE-2026-46279 issue in the Linux kernel is in mm/alloc_tag: pages allocated before page_ext initialization may have an uninitialized codetag, triggering warnings when freed under certain configs. The fix implements a global array (8192 entries) to track pages allocated before page_ext is ful...
CVE-2026-46278
Technical details about CVE-2026-46278 are not provided in the supplied documents. Monitor for updates.
CVE-2026-46277
CVE-2026-46277 in the Linux kernel fixes a use-after-free-like condition in mm/zone_device where a device folio can change after calling folio_free(), risking invalid extraction of the pgmap if touched again. The issue arises because a folio may be reallocated by a driver with a different order, ...
CVE-2026-46276
The CVE-2026-46276 entry describes a Linux kernel fix in the AMDGPU driver for RDNA4 (GFX 12). The issue occurred when RDNA4 hardware absence of on‑chip GDS/GWS/OA resources left their sizes at zero; the amdgpu_ttm_init() path called amdgpu_ttm_init_on_chip() unconditionally, which forwarded a ze...
CVE-2026-48507
Snipe-IT (IT asset/license management system) has a vulnerability affecting versions before 8.6.0. A non-admin user with only the granular users.edit permission can lock out admins by editing the activated flag (login eligibility) and the ldap_import flag (password reset requests). The issue is f...
CVE-2026-46480
FlowiseAI Flow UI evaluated vulnerability CVE-2026-46480 arises from mass-assignment via Object.assign in Interface.Evaluation.ts, where client-supplied fields (notably workspaceId and id) can be copied into the Evaluator entity, bypassing whitelist checks. Root cause: lack of explicit allowlist ...
CVE-2026-46479
CVE-2026-46479 concerns FlowiseAI’s evaluation management. The vulnerability arises from using Object.assign to copy client-provided fields into a new Evaluation object, allowing an attacker to overwrite ownership fields such as workspaceId or id during create/update. This can enable cross-worksp...
CVE-2026-46478
CVE-2026-46478 describes a mass‑assignment flaw in FlowiseAI’s DatasetRow handling prior to version 3.1.2. The server copies the request body onto a new DatasetRow via Object.assign, allowing client-controlled fields such as workspaceId and id to be written to the persisted row. This enables cros...
CVE-2026-46477
FlowiseAI’s CVE-2026-46477 describes a mass-assignment vulnerability in the dataset service prior to version 3.1.2. The code uses Object.assign to copy the request body into a new Dataset for create and update, allowing client-controlled fields such as workspaceId and id to overwrite persisted va...
CVE-2026-46476
CVE-2026-46476 concerns Flowise Flow’s CustomTemplate endpoints where Object.assign is used to populate a new/update entity from the client body. The root cause is mass-assignment that accepts sensitive fields (notably workspaceId and id) from the request, enabling cross-workspace data takeover. ...
CVE-2026-46475
CVE-2026-46475 concerns FlowiseAI’s assistant management flow. The vulnerability arises from mass-assignment via Object.assign during create/update of an Assistant entity, which copies client-supplied fields such as workspaceId and id into the persistence model without an allowlist. The result is...
CVE-2026-46443
FlowiseAI Flowise (Flowise server) has a credential data leak when querying credentials with a credentialName filter. In versions prior to 3.1.2, the encryptedData field is not removed from the API response for filtered credential fetches, exposing sensitive credential data (API keys, passwords, ...
CVE-2026-46442
Flowise (prior to 3.1.2) is affected by authenticated remote code execution via POST /api/v1/node-custom-function when E2B_APIKEY is not configured. The endpoint lacks route-level authorization, allowing authenticated users/API keys to submit arbitrary JavaScript to Custom JS Function, which is e...
CVE-2026-46441
CVE-2026-46441 affects Flowise versions prior to 3.1.2. A mass assignment flaw allows authenticated users to modify server-controlled fields (workspaceId, createdDate, updatedDate) via PUT /api/v1/assistants/{assistantId}, enabling cross-workspace reassignment of assistants and breaking tenant is...
CVE-2026-11529
The CVE-2026-11529 affects the mysql_mcp_server component of the designcomputer project, specifically the read_resource function in src/mysql_mcp_server/server.py. The issue is a SQL injection caused by improper handling of the uri_str argument, leading to remote exploitation. Public exploit info...
CVE-2026-46440
Flowise CVE-2026-46440 affects Flowise versions before 3.1.2. The vulnerability is in the checkBasicAuth endpoint, which validates credentials in plaintext using direct comparison and without rate limiting. This can enable credential brute-forcing and enumeration, potentially granting access to t...
CVE-2026-42863
Summary. FlowiseAI’s Flowise product has a mass-assignment vulnerability in the chatflow update endpoint that lets an authenticated user modify server-controlled fields (deployed, isPublic, workspaceId, createdDate, updatedDate, etc.) and reassign a chatflow to another workspace. The issue stems ...
CVE-2026-49975
The CVE-2026-49975 entry describes a memory-allocation vulnerability in Apache HTTP Server's mod_http2 that can cause a denial of service via malicious HTTP requests. Affected products/versions reported across sources include Apache httpd 2.4.17 through 2.4.67. The Debian security trackers confir...
CVE-2026-42862
FlowiseAI (CVE-2026-42862) has a mass-assignment flaw in the tool update endpoint (PUT /api/v1/tools/{toolId}) that lets authenticated users modify server-controlled fields such as workspaceId, createdDate, and updatedDate without proper validation/authorization. This enables cross-workspace reas...
CVE-2026-42861
Summary: CVE-2026-42861 affects Flowise (pre-3.1.2) with a mass assignment flaw in the variable update endpoint. What’s vulnerable: the PUT /api/v1/variables/{variableId} endpoint allows authenticated users to modify server-controlled fields (workspaceId, createdDate, updatedDate) by submitting t...
CVE-2026-46444
FlowiseAI’s OpenAI Assistants Vector Store endpoints (/api/v1/openai-assistants-vector-store) were vulnerable in pre-3.1.2 releases: all CRUD routes lacked authentication middleware and did not enforce permissions, allowing any authenticated user to create, update, delete, or upload files to vect...
CVE-2026-48913
This CVE (CVE-2026-48913) concerns Apache HTTP Server’s mod_http2 component. The reported issue is a Use After Free vulnerability when file handles are exhausted, affecting Apache HTTP Server versions 2.4.55–2.4.67. The description and connected sources consistently cite memory- or resource-relat...
CVE-2026-42536
Summary (CVE-2026-42536) : A heap-based buffer overflow in Apache HTTP Server affects 2.4.0–2.4.67 through the mod_xml2enc component (and related parsing of untrusted content via xml2StartParse). The issue is resolved by upgrading to Apache HTTP Server 2.4.68. The payload vector involves processi...
CVE-2026-44185
CVE-2026-44185 describes a buffer over-read in Apache HTTP Server when handling outbound OCSP requests to an attacker-controlled OCSP server. Affected versions are 2.4.0 through 2.4.67. The vulnerability is associated with the OCSP handling path (mod_ssl OCSP send_request) and can enable an attac...
CVE-2026-49755
Technical details beyond what’s in the Initial Description are not provided in the connected documents. Monitor for updates for specifics on affected versions, root cause, and remediation.
CVE-2026-34355
CVE-2026-34355 : A buffer overflow in Apache HTTP Server’s mod_proxy_html (affecting 2.4.67 and earlier) can be exploited by an untrusted backend. The advisory indicates that upgrading to 2.4.68 fixes the issue. Documented impact is a network‑accessible overflow with high severity (CVSS v3.1: 7.5...
CVE-2026-49756
CVE-2026-49756 describes a CRLF injection in Req.Utils.encode_form_part/2 of the Elixir Req library. User-controlled name, filename, or content_type are interpolated into Content-Disposition and Content-Type without escaping, allowing CRLFs to terminate header lines and add smuggled parts. This e...
CVE-2026-44631
CVE-2026-44631 describes a Buffer Underwrite in the Apache HTTP Server when processing crafted regular expressions in its configuration. The issue affects Apache httpd from version 2.4.0 through 2.4.67. The advisory recommends upgrading to version 2.4.68, which contains the fix. The provided conn...
CVE-2026-44119
Summary: CVE-2026-44119 is an Apache HTTP Server vulnerability described as improper privilege management that allows local .htaccess authors to read files with httpd user privileges. Affected versions are Apache HTTP Server 2.4.67 and earlier; the issue is fixed in 2.4.68. This aligns with multi...
CVE-2026-43951
CVE-2026-43951 : Out-of-bounds read in Apache HTTP Server affecting mod_headers and mod_mime across multiple response languages. Affected versions: 2.4.0–2.4.67. The vulnerability is described in enrichment as an out-of-bounds read in the merge_response_headers path, which can lead to a crash. No...
CVE-2026-48488
CVE-2026-48488 affects phpMyFAQ prior to version 4.1.4, where attachment passwords are hashed using SHA-1, a broken algorithm. The issue is resolved in 4.1.4. The CVSS base score is 6.9 (Medium); attack vector NETWORK, no user interaction needed, and impact is limited to confidentiality. If explo...
CVE-2026-11528
CVE-2026-11528 affects Tenda AC18 with firmware 15.03.05.05. The vulnerability is in the Web Management Interface, specifically function sub_45304 in the /goform/getRebootStatus module, where manipulation of the callback argument causes a stack-based buffer overflow. This can be exploited remotel...
CVE-2026-42535
CVE-2026-42535 affects Apache httpd’s mod_dav_fs in versions 2.4.67 and earlier. A path handling issue lets a WebDAV content author directly manipulate trusted DAV property databases, with the practical impact described as potential child process crashes. The recommended remediation is upgrading ...
CVE-2026-34356
CVE-2026-34356 is a heap-based buffer overflow in Apache HTTP Server (affecting 2.4.0–2.4.67) involving malicious backend servers and ProxyPassReverseCookie. The issue could allow a crash or similar impact (per CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H; base score 7.5). Fixed by upgrading to...
CVE-2026-44186
CVE-2026-44186 affects Apache HTTP Server (mod_proxy_ftp). A loop with an unreachable exit condition can occur when handling an attacker-controlled backend FTP server, impacting 2.4.0 through 2.4.67. The issue’s remediation is to upgrade to Apache HTTP Server 2.4.68 or later. The provided connect...
CVE-2026-29170
CVE-2026-29170 describes a cross-site scripting (XSS) vulnerability in Apache HTTP Server 2.4.67 and earlier, affecting mod_proxy_ftp during HTML directory list generation when listing FTP directory contents via forward or reverse proxy configurations. The vulnerability arises in the HTML directo...
CVE-2026-29167
CVE-2026-29167 is a Use After Free vulnerability in Apache HTTP Server when using mod_ldap in per-directory configuration. The issue affects Apache HTTP Server versions 2.4.0 through 2.4.67. The CVSS base score is 9.8 (Network, N), with high impact on confidentiality, integrity, and availability....
CVE-2026-46657
Bludit CMS prior to 3.22.0 has a vulnerability in user management: when an administrator disables a user, tokenAuth and tokenRemember in the JSON database are not invalidated. As a result, users with an existing Remember Me cookie can bypass disablement and remain authenticated. This issue impact...
CVE-2020-37248
OfflineIMAP prior to version 8.0.3 is affected by a STARTTLS trust issue: the client trusts the server’s STARTTLS capability before authentication, enabling man-in-the-middle attacks that can exfiltrate credentials in cleartext. This vulnerability can enable an attacker to take over the connectio...
CVE-2026-11524
The CVE-2026-11524 affects Tenda W20E firmware version 15.11.0.6, specifically the Web Management Interface function modifyWifiFilterRules in /goform/modifyWifiFilterRules. The vulnerability is a stack-based buffer overflow triggered by manipulating the wifiFilterListRemark argument, with a remot...
CVE-2024-31509
A SQL Injection vulnerability exists in Computer Laboratory Management System Using PHP and MySQL (LMS) v1.0. The application fails to validate and sanitize user input through the id parameter, allowing an authenticated attacker to manipulate backend SQL queries. Successful exploitation may allow...