Lucene search
K

419084 matches found

EUVD
EUVD
added 2026/06/08 3:46 p.m.12 views

EUVD-2026-35171

In the Linux kernel, the following vulnerability has been resolved: flowdissector: do not dissect PPPoE PFC frames RFC 2516 Section 7 states that Protocol Field Compression PFC is NOT RECOMMENDED for PPPoE. In practice, pppd does not support negotiating PFC for PPPoE sessions, and the flow...

5.4AI score0.00389EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/08 3:46 p.m.11 views

EUVD-2026-35170

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: osdep: avoid NULL pointer dereference in rtwcbufalloc The return value of kzallocflex is used without ensuring that the allocation succeeded, and the pointer is dereferenced unconditionally. Guard the access t...

5.4AI score0.001EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/08 3:46 p.m.10 views

EUVD-2026-35169

In the Linux kernel, the following vulnerability has been resolved: nvmet: avoid recursive nvmet-wq flush in nvmetctrlfree nvmettcpreleasequeuework runs on nvmet-wq and can drop the final controller reference through nvmetcqput. If that triggers nvmetctrlfree, the teardown path flushes...

5.4AI score0.00389EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/08 3:46 p.m.13 views

EUVD-2026-35168

In the Linux kernel, the following vulnerability has been resolved: isofs: validate Rock Ridge CE continuation extent against volume size rockcontinue reads rs-contextent verbatim from the Rock Ridge CE record and passes it to sbbread without checking that the block number is within the mounted I...

5.6AI score0.00278EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/08 3:46 p.m.11 views

EUVD-2026-35167

In the Linux kernel, the following vulnerability has been resolved: selinux: allow multiple opens of /sys/fs/selinux/policy Currently there can only be a single open of /sys/fs/selinux/policy at any time. This allows any process to block any other process from reading the kernel policy. The...

5.5AI score0.001EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/08 3:46 p.m.13 views

EUVD-2026-35166

In the Linux kernel, the following vulnerability has been resolved: spi: topcliff-pch: fix use-after-free on unbind Give the driver a chance to flush its queue before releasing the DMA buffers on driver unbind...

5.4AI score0.00117EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/08 3:46 p.m.12 views

EUVD-2026-35165

In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix held lock freed on hfsplusfillsuper hfsplusfillsuper calls hfsfindinit to initialize a search structure, which acquires tree-treelock. If the subsequent call to hfspluscatbuildkey fails, the function jumps to the...

5.5AI score0.00091EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/08 3:46 p.m.13 views

EUVD-2026-35164

In the Linux kernel, the following vulnerability has been resolved: pseries/papr-hvpipe: Fix race with interrupt handler While executing -ioctl handler or -release handler, if an interrupt fires on the same cpu, then we can enter into a deadlock. This patch fixes both these handlers to take...

5.5AI score0.00074EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/08 3:46 p.m.13 views

EUVD-2026-35163

In the Linux kernel, the following vulnerability has been resolved: net: libwx: use requestirq for VF misc interrupt Currently, requestthreadedirq is used with a primary handler but a NULL threaded handler, while also setting the IRQFONESHOT flag. This specific combination triggers a WARNING sinc...

5.4AI score0.00112EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/08 3:46 p.m.13 views

EUVD-2026-35162

In the Linux kernel, the following vulnerability has been resolved: spi: s3c64xx: fix NULL-deref on driver unbind A change moving DMA channel allocation from probe back to s3c64xxspipreparetransfer failed to remove the corresponding deallocation from remove. Drop the bogus DMA channel release fro...

5.4AI score0.00114EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/08 3:46 p.m.13 views

EUVD-2026-35161

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Do IRR scan in kvmapicupdateirr even if PIR is empty Fall back to apicfindhighestvector when PID.ON is set but PIR turns out to be empty, to correctly report the highest pending interrupt from the existing IRR. In a...

5.4AI score0.00112EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/08 3:46 p.m.23 views

EUVD-2026-35160

In the Linux kernel, the following vulnerability has been resolved: dm: fix a buffer overflow in ioctl processing Tony Asleson using Claude found a buffer overflow in dm-ioctl in the function retrievestatus: 1. The code in retrievestatus checks that the output string fits into the output buffer a...

5.8AI score0.00143EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/08 3:46 p.m.17 views

EUVD-2026-35159

In the Linux kernel, the following vulnerability has been resolved: clk: microchip: mpfs-ccc: fix out of bounds access during output registration UBSAN reported an out of bounds access during registration of the last two outputs. This out of bounds access occurs because space is only allocated in...

5.4AI score0.00126EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/08 3:46 p.m.13 views

EUVD-2026-35158

In the Linux kernel, the following vulnerability has been resolved: pmdomain: core: Fix detach procedure for virtual devices in genpd If a device is attached to a PM domain through genpddevpmattachbyid, genpd calls pmruntimeenable for the corresponding virtual device that it registers. While this...

5.5AI score0.00123EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/08 3:46 p.m.8 views

EUVD-2026-35157

In the Linux kernel, the following vulnerability has been resolved: crypto: caam - guard HMAC key hex dumps in hashdigestkey Use printhexdumpdevel for dumping sensitive HMAC key bytes in hashdigestkey to avoid leaking secrets at runtime when CONFIGDYNAMICDEBUG is enabled...

5.4AI score0.00123EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/08 3:46 p.m.10 views

EUVD-2026-35156

In the Linux kernel, the following vulnerability has been resolved: x86/efi: Fix graceful fault handling after FPU softirq changes Since commit d02198550423 "x86/fpu: Improve crypto performance by making kernel-mode FPU reliably usable in softirqs", kernelfpubegin calls fpregslock which uses...

5.4AI score0.00121EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/08 3:46 p.m.12 views

EUVD-2026-35155

In the Linux kernel, the following vulnerability has been resolved: lib/scatterlist: fix length calculations in extractkvectosg Patch series "Fix bugs in extractitertosg", v3. Fix bugs in the kvec and user variants of extractitertosg. This series is growing due to useful remarks made by...

5.4AI score0.00457EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/08 3:45 p.m.11 views

EUVD-2026-35154

A vulnerability was identified in imvks786 studentmanagementsystem up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. This affects an unknown function of the file /index.ph of the component Login. Such manipulation of the argument usr/pwd leads to sql injection. The attack can be executed remotely...

7.5CVSS7AI score0.00328EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/08 3:41 p.m.14 views

EUVD-2026-35153

In the Linux kernel, the following vulnerability has been resolved: of: unittest: fix use-after-free in ofunittestchangeset The variable 'parent' is assigned the value of 'nchangeset' earlier in the function, meaning both point to the same struct devicenode. The call to ofnodeputnchangeset can...

5.5AI score0.0014EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/08 3:41 p.m.12 views

EUVD-2026-35152

In the Linux kernel, the following vulnerability has been resolved: net: txgbe: fix RTNL assertion warning when remove module For the copper NIC with external PHY, the driver called phylinkconnectphy during probe and phylinkdisconnectphy during remove. It caused an RTNL assertion warning in...

5.4AI score0.00122EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/08 3:41 p.m.13 views

EUVD-2026-35151

In the Linux kernel, the following vulnerability has been resolved: leds: qcom-lpg: Check for array overflow when selecting the high resolution When selecting the high resolution values from the array, FIELDGET is used to pull from a 3 bit register, yet the array being indexed has only 5 values i...

5.4AI score0.00122EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/08 3:41 p.m.12 views

EUVD-2026-35150

In the Linux kernel, the following vulnerability has been resolved: mtd: docg3: fix use-after-free in docg3release In docg3release, the docg3 pointer is obtained from cascade-floors0-priv before the loop that calls docreleasedevice on each floor. docreleasedevice frees the docg3 struct via...

5.4AI score0.00126EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/08 3:41 p.m.13 views

EUVD-2026-35149

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix early boot crash on parameters without '=' separator If hugepages, hugepagesz, or defaulthugepagesz are specified on the kernel command line without the '=' separator, early parameter parsing passes NULL to...

5.4AI score0.00121EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/08 3:41 p.m.12 views

EUVD-2026-35148

In the Linux kernel, the following vulnerability has been resolved: tpm: Use kfreesensitive to free auth session in tpmdevrelease tpmdevrelease uses plain kfree to free chip-auth, which contains sensitive cryptographic material including HMAC session keys, nonces, and passphrase data struct...

5.5AI score0.00122EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/08 3:41 p.m.14 views

EUVD-2026-35147

In the Linux kernel, the following vulnerability has been resolved: iio: frequency: admv1013: fix NULL pointer dereference on str When devicepropertyreadstring fails, str is left uninitialized but the code falls through to strcmpstr, ..., dereferencing a garbage pointer. Replace manual read/strcm...

5.5AI score0.00122EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/08 3:41 p.m.14 views

EUVD-2026-35146

In the Linux kernel, the following vulnerability has been resolved: vmalloc: fix buffer overflow in vreallocnodealign Commit 4c5d3365882d "mm/vmalloc: allow to set node and align in vrealloc" added the ability to force a new allocation if the current pointer is on the wrong NUMA node, or if an...

5.8AI score0.0014EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/08 3:41 p.m.10 views

EUVD-2026-35145

In the Linux kernel, the following vulnerability has been resolved: lib: testhmm: evict device pages on file close to avoid use-after-free Patch series "Minor hmmtest fixes and cleanups". Two bugfixes a cleanup for the HMM kernel selftests. These were mostly reported by Zenghui Yu with special...

5.4AI score0.00126EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/08 3:41 p.m.11 views

EUVD-2026-35144

In the Linux kernel, the following vulnerability has been resolved: mm/alloctag: clear codetag for pages allocated before pageext initialization Due to initialization ordering, pageext is allocated and initialized relatively late during boot. Some pages have already been allocated and freed befor...

5.4AI score0.00127EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/08 3:41 p.m.14 views

EUVD-2026-35143

In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Fix segfault when updating ftrace mask Fix invalid data access by passing right data for debugfs entry. 171.549793 Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 171.559248 M...

5.4AI score0.00107EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/08 3:41 p.m.13 views

EUVD-2026-35142

In the Linux kernel, the following vulnerability has been resolved: mm/zonedevice: do not touch device folio after calling -foliofree The contents of a device folio can immediately change after calling -foliofree, as the folio may be reallocated by a driver with a different order. Instead of...

5.4AI score0.0012EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/08 3:41 p.m.13 views

EUVD-2026-35141

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix zero-size GDS range init on RDNA4 RDNA4 GFX 12 hardware removes the GDS, GWS, and OA on-chip memory resources. The gfxv120 initialisation code correctly leaves adev-gds.gdssize, adev-gds.gwssize, and adev-gds.oasi...

5.5AI score0.00123EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/08 3:32 p.m.13 views

EUVD-2026-35117

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluator create and update mass-assignment allows cross-workspace evaluator takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.3AI score0.00335EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/08 3:32 p.m.11 views

EUVD-2026-35116

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluation create and update mass-assignment allows cross-workspace evaluation takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.3AI score0.00335EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/08 3:31 p.m.12 views

EUVD-2026-35115

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, DatasetRow create and update mass-assignment allows cross-workspace row takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.4AI score0.00342EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/08 3:31 p.m.11 views

EUVD-2026-35114

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, dataset create and update mass-assignment allows cross-workspace dataset takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.4AI score0.00335EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/08 3:31 p.m.13 views

EUVD-2026-35113

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, CustomTemplate create and update mass-assignment allows cross-workspace template takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.3AI score0.00335EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/08 3:31 p.m.11 views

EUVD-2026-35112

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, assistant create and update mass-assignment allows cross-workspace assistant takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.3AI score0.00335EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/08 3:30 p.m.10 views

EUVD-2026-35111

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, when credentials are fetched with a credentialName filter parameter, the encryptedData field is not stripped from the response. The code properly omits encryptedData when no filter is...

7CVSS5.4AI score0.00271EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/08 3:30 p.m.14 views

EUVD-2026-35110

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, POST /api/v1/node-custom-function lacks route-level authorization, allowing any authenticated user or API key to submit arbitrary JavaScript to the Custom JS Function node. When...

9.4CVSS6.5AI score0.0082EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/08 3:30 p.m.10 views

EUVD-2026-35109

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the assistant update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId...

7.6CVSS5.5AI score0.00274EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/08 3:30 p.m.12 views

EUVD-2026-35108

A vulnerability was determined in designcomputer mysql-mcp-server up to 0.2.2. The impacted element is the function readresource of the file src/mysqlmcpserver/server.py of the component mysql URI Handler. This manipulation of the argument uristr causes sql injection. Remote exploitation of the...

6.5CVSS5.2AI score0.00205EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/08 3:29 p.m.14 views

EUVD-2026-35107

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, the checkBasicAuth endpoint validates credentials in plaintext without rate limiting and with direct comparison. This issue has been patched in version 3.1.2...

7.5CVSS7.1AI score0.00251EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/08 3:29 p.m.12 views

EUVD-2026-35106

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the chatflow update endpoint of FlowiseAI. The endpoint allows clients to modify server-controlled properties such as deployed, isPublic,...

7.6CVSS5.4AI score0.00268EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/08 3:26 p.m.13 views

EUVD-2026-35105

Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's modhttp leads to denial of service via malicious HTTP requests. This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67...

5.5AI score0.11471EPSS
Exploits8References1
EUVD
EUVD
added 2026/06/08 3:25 p.m.9 views

EUVD-2026-35104

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the tool update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId,...

7.6CVSS5.5AI score0.00195EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/08 3:25 p.m.14 views

EUVD-2026-35103

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the variable update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId,...

7.6CVSS5.5AI score0.00254EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/08 3:25 p.m.12 views

EUVD-2026-35102

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, all CRUD endpoints for OpenAI Assistants Vector Store have no authentication middleware and the route path /api/v1/openai-assistants-vector-store is not in WHITELISTURLS. However, it i...

8.7CVSS5.5AI score0.00327EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/08 3:24 p.m.11 views

EUVD-2026-35101

Use After Free vulnerability in Apache HTTP Server module modhttp2 when file handles are already exhausted. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.67...

7.3CVSS5.5AI score0.00479EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/08 3:23 p.m.15 views

EUVD-2026-35100

Heap-based Buffer Overflow vulnerability in Apache HTTP Server with modxml2enc, xml2StartParse, and untrusted content This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

7.5CVSS5.4AI score0.0071EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/08 3:22 p.m.14 views

EUVD-2026-35099

Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

7.3CVSS5.4AI score0.00598EPSS
Exploits0References1
Total number of security vulnerabilities419084