Lucene search
K
RedhatcveRecent

206304 matches found

RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.9 views

CVE-2026-10787

Missing authorization in the deleted user groups API in Devolutions Server allows an authenticated low-privileged user to enumerate metadata of deleted user groups via a crafted API request. This issue affects : Devolutions Server 2026.2.4.0 Devolutions Server 2026.1.20.0 and earlier...

4.3CVSS5.5AI score0.00155EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.7 views

CVE-2026-8594

Text::LineFold versions through 2019.001 for Perl duplicate the output based on the number of special break characters. Text::LineFold splits the input string by specific line break characters such as VT, FF and others into segments, but applies the break function to the entire string, not just t...

6.2CVSS5.5AI score0.002EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 7:38 p.m.14 views

CVE-2026-10732

A flaw was found in the decompress package. A remote attacker can exploit this by providing a crafted ZIP archive with two entries at the same path: a symlink to an arbitrary target and a regular file. Due to microtask processing order, the file content is written through the symlink before it is...

7.5CVSS6.2AI score0.00528EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/09 5:17 p.m.10 views

CVE-2026-46317

A flaw was found in the Linux kernel's KVM Kernel-based Virtual Machine for arm64 architectures. An issue in the reallocation of the nestedmmus array allows a process to access freed memory. This memory corruption vulnerability could enable a local attacker to escalate privileges or cause a denia...

8.8CVSS5.5AI score0.0013EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/09 5:13 p.m.11 views

CVE-2026-46324

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: use listdelrcu for netlink hooks nftnetdevunregisterhooks and nftunregisterflowtablenethooks need to use listdelrcu, this list can be walked by concurrent dumpers. Add a new helper and use it consistently...

7.8CVSS5.2AI score0.00119EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/09 5:13 p.m.8 views

CVE-2026-46321

A flaw was found in the Linux kernel. A local attacker with access to the tun/tap device can exploit this vulnerability. By sending network frames shorter than the expected header length, the system fails to free allocated memory pages, leading to memory leaks. This can exhaust system memory,...

7.1CVSS5.4AI score0.00129EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/09 5:12 p.m.13 views

CVE-2026-46319

A flaw was found in the Linux kernel. A race condition in the actct module, specifically during the flow table lookup, can lead to a Use-After-Free UAF vulnerability. This occurs because a critical lock is released prematurely, allowing a memory object to be freed while still in use. An attacker...

7.8CVSS5.8AI score0.00125EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/09 5:0 p.m.11 views

CVE-2026-46316

A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM for ARM64, specifically within the vgic-its component. This vulnerability occurs when multiple concurrent operations incorrectly drop the translation cache's reference to an entry more than once during cache invalidation. Thi...

9.3CVSS5.4AI score0.0018EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/09 4:55 p.m.9 views

CVE-2026-46318

A flaw was found in the Linux kernel's hugetlbfs component. An issue in the mmapprepare stage incorrectly handled memory allocation, which could lead to a lock leak if an allocation failed. This resource leak could potentially be exploited by a local attacker to cause a Denial of Service DoS by...

5.5CVSS5.4AI score0.00145EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/09 4:55 p.m.34 views

CVE-2026-46320

A flaw was found in the Linux kernel's tap driver. This vulnerability occurs in the tapgetuserxdp function, where allocated memory pages are not properly freed when processing rejected network frames. Specifically, if a frame is shorter than the expected Ethernet header length or if memory...

7.4CVSS5.4AI score0.00235EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/09 4:55 p.m.13 views

CVE-2026-46322

A flaw was found in the Linux kernel's tun driver. This vulnerability occurs when the buildskb function fails within tunxdpone, leading to a failure to free an allocated memory page. Each such failure results in a memory leak, where a 'page-frag chunk' is not released. Over time, repeated...

7.1CVSS5.4AI score0.00129EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/09 4:52 p.m.9 views

CVE-2026-46332

A flaw was found in the Linux kernel's Greybus subsystem, specifically in the gb-beagleplay driver. The cc1352bootloaderrx function, responsible for receiving bootloader data, does not properly check the size of incoming data chunks before copying them into a fixed-size receive buffer. This...

8CVSS5.5AI score0.00193EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/09 4:51 p.m.9 views

CVE-2026-46327

A flaw was found in the Linux kernel's device mapper dm component. The dmblkreportzones function performs a check for the device's suspended state without proper locking. This allows the device to enter a suspended state immediately after the check, leading to an inconsistent state. This...

7.8CVSS5.4AI score0.0012EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/09 4:51 p.m.9 views

CVE-2026-46326

A flaw was found in the Linux kernel, specifically within the iio: pressure: mprls0025pa driver. This vulnerability is due to improper initialization of the spitransfer structure, which is not consistently zeroed out before use. This could allow an attacker to potentially read sensitive informati...

8.4CVSS5.4AI score0.00132EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/09 4:45 p.m.8 views

CVE-2026-46328

A flaw was found in the Linux kernel's AppArmor security module. The system's rlimit resource limit for POSIX Portable Operating System Interface CPU timers was not correctly enforced. This issue, stemming from an overlooked step in applying resource limits, could allow a local attacker to bypass...

7.3CVSS5.4AI score0.00114EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/09 4:45 p.m.13 views

CVE-2026-46330

A flaw was found in the Linux kernel's TCP User-Level Protocol ULP support for SMC. This vulnerability arises when an active TCP socket is converted into an SMC socket, as the implementation attempts to modify core Virtual File System VFS structures in-place. This action violates fundamental VFS...

7.8CVSS5.8AI score0.00112EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/09 4:45 p.m.10 views

CVE-2026-52906

A flaw was found in the Linux kernel's 9p filesystem. When mounting, access mode flags were incorrectly combined instead of being replaced, leading to an invalid configuration. This issue causes root users to be unable to perform privileged operations like changing file ownership, effectively...

7.7CVSS5.4AI score0.00121EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/09 4:38 p.m.8 views

CVE-2026-52907

A flaw was found in the Linux kernel, specifically within the media: rockchip: rkcif component. This vulnerability, an off-by-one error, could lead to out-of-bounds memory access. By incorrectly handling array comparisons, the system might attempt to read or write beyond the allocated memory...

7.8CVSS5.4AI score0.00112EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/09 4:38 p.m.11 views

CVE-2026-46325

A flaw was found in the Linux kernel's Remote Direct Memory Access RDMA subsystem, specifically within the rxe component. This vulnerability arises from an incorrect conversion of I/O Virtual Addresses iova to Virtual Addresses va when Memory Regions MRs have page sizes that differ from the...

9.8CVSS5.6AI score0.00347EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/09 4:33 p.m.11 views

CVE-2026-52904

A flaw was found in the Linux kernel's drm/nouveau component. This issue arises during device initialization when a specific function fails to properly release allocated memory resources. This memory leak can be triggered by a local user, potentially leading to system instability or a Denial of...

5.4AI score0.00156EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/09 4:33 p.m.10 views

CVE-2026-52905

A flaw was found in the Linux kernel's Data Access MONitor DAMON core. The damonstart function, when used via the DAMON sysfs interface, failed to properly validate the minregionsz parameter. This allowed non-power of two values, which could lead to unaligned DAMON region address ranges and...

5.5AI score0.00155EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/09 4:28 p.m.9 views

CVE-2026-46329

A flaw was found in the Linux kernel's erofs filesystem. This vulnerability occurs due to improper handling of I/O requests that extend beyond the end of a file-backed filesystem. An attacker could potentially exploit this to read uninitialized memory, leading to information disclosure. This issu...

5.5CVSS5.5AI score0.00156EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.13 views

CVE-2026-11521

A security vulnerability has been detected in Mohammed-eid35 bank-management-system-springboot up to 7b9bcc65ad7df3db29af71aed9bb500e5f24d948. This affects an unknown part of the file src/main/java/com/alien/bank/management/system/controller/TransactionController.java of the component Transaction...

6.5CVSS5.1AI score0.00272EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.10 views

CVE-2026-11519

A security flaw has been discovered in SourceCodester Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /ProductInventory/api/usershandler.php of the component Account Creation Handler. The manipulation of the argument ROLE results in improper...

6.5CVSS5AI score0.00261EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.10 views

CVE-2026-11520

A weakness has been identified in SourceCodester Inventory System 1.0. Affected by this issue is some unknown functionality of the file header.php. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and...

5.1CVSS3.9AI score0.00248EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.12 views

CVE-2026-34194

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of a mapping state maintained for a sparse memory allocation. The product accidentally refers to the wrong memory due to the semantics of how math operations are implicitly scaled acro...

7.1CVSS5.5AI score0.00116EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.11 views

CVE-2026-11514

A flaw has been found in itsourcecode Hospital Management System 1.0. The affected element is an unknown function of the file /addpatient.php. This manipulation of the argument admissiontme causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used...

6.5CVSS5.4AI score0.002EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.11 views

CVE-2026-11513

A vulnerability was detected in itsourcecode Hospital Management System 1.0. Impacted is an unknown function of the file /adminaccount.php. The manipulation of the argument Date results in sql injection. The attack can be launched remotely. The exploit is now public and may be used...

6.5CVSS5.5AI score0.002EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.10 views

CVE-2026-11518

A vulnerability was identified in SourceCodester Inventory System 1.0. Affected is an unknown function of the file /users.php of the component User Management Page. The manipulation of the argument fullname/username leads to cross site scripting. The attack is possible to be carried out remotely...

5.3CVSS3.8AI score0.00388EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.10 views

CVE-2026-11512

A security vulnerability has been detected in itsourcecode Hospital Management System 1.0. This issue affects some unknown processing of the file /billing.php. The manipulation of the argument patientid leads to cross site scripting. The attack can be initiated remotely. The exploit has been...

5.3CVSS3.8AI score0.00273EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.11 views

CVE-2026-11511

A weakness has been identified in Bolt CMS up to 3.7.5. This vulnerability affects unknown code of the file src/Storage/Field/Type/TextType.php of the component HTML Attribute Handler. Executing a manipulation of the argument style can lead to HTML injection. It is possible to launch the attack...

5.1CVSS5.3AI score0.00191EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.10 views

CVE-2026-11516

A vulnerability was found in UTT HiPER 2610G up to 3.0.0-171107. This affects the function strcpy of the file /goform/formNatStaticMap. Performing a manipulation of the argument NatBinds results in buffer overflow. The exploit has been made public and could be used...

5.5CVSS5.8AI score0.0037EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.11 views

CVE-2026-11510

A security flaw has been discovered in CodeAstro Leave Management System 1.0. This affects an unknown part of the file /admin/addleave.php. Performing a manipulation of the argument typeofleave results in sql injection. It is possible to initiate the attack remotely. The exploit has been released...

6.5CVSS5.4AI score0.002EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.14 views

CVE-2026-22164

Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory. By creating resources of certain types and presenting a set of parameters to the affected interface the exploit can be used to corrupt kernel memory...

7.5CVSS5.4AI score0.00338EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.11 views

CVE-2026-11508

A vulnerability was determined in CodeAstro Leave Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/searchstafftoassignpc.php. This manipulation of the argument Name causes sql injection. The attack is possible to be carried out remotely. The...

6.5CVSS5.4AI score0.002EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.11 views

CVE-2026-7765

Incorrect authorization in the User Messages dashboard widget in Checkmk 2.5.0p5 causes the message-fetching endpoints to return the dashboard creator's messages rather than the viewer's, allowing an attacker who knows a valid public dashboard share token to read the issuer's personal messages by...

6.3CVSS5.4AI score0.00187EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.11 views

CVE-2026-25558

QloApps through 1.7.0 contains a stored cross-site scripting vulnerability in the admin file manager that allows authenticated administrators to inject malicious JavaScript by uploading crafted SVG files. Attackers can embed JavaScript event handlers such as onload within SVG files uploaded throu...

4.8CVSS5.5AI score0.0023EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.9 views

CVE-2026-8078

Stored cross-site scripting in the global settings change log in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an administrator who can change global settings to store malicious HTML or JavaScript in changelog messages that executes in other users' browsers when they view the...

4.8CVSS5.2AI score0.00143EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.11 views

CVE-2026-9549

Stored cross-site scripting in the service discovery active check output in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an administrator who can configure active or custom checks to inject malicious HTML or JavaScript into check output that executes in the browser of an adm...

4.8CVSS5.2AI score0.00143EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.11 views

CVE-2026-11515

A vulnerability has been found in SourceCodester Barangay Resident Profiling and Information Management System 1.0. The impacted element is an unknown function of the file passswordreset.php of the component Password Reset Handler. Such manipulation of the argument newpassword with the input...

6.9CVSS5.1AI score0.00276EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.12 views

CVE-2026-11509

A vulnerability was identified in CodeAstro Leave Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/searchstaffforupdation.php. Such manipulation of the argument Name leads to sql injection. The attack may be performed from remote...

6.5CVSS5.5AI score0.00192EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.9 views

CVE-2026-11507

A vulnerability was found in CodeAstro Leave Management System 1.0. Affected is an unknown function of the file /admin/deleteleavetype.php. The manipulation of the argument leavetype results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

6.5CVSS5.4AI score0.002EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.11 views

CVE-2026-11523

A flaw has been found in Tenda W20E 15.11.0.6. This issue affects the function formPortalAuth of the file /goform/PortalAuth of the component Web Management Interface. Executing a manipulation of the argument gotoUrl can lead to stack-based buffer overflow. The attack can be launched remotely. Th...

9CVSS6.2AI score0.00466EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.10 views

CVE-2026-49234

When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes. This only affects users who allow API access from untrusted networks...

8.2CVSS5.5AI score0.00259EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.11 views

CVE-2026-3011

The Recipe Card Blocks Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the recipe block's 'summary' and 'notes' attributes in all versions up to, and including, 3.4.13. This is due to the 'WPZOOMHelpers::deserializeblockattributes' method converting unicode-encoded...

6.4CVSS5.7AI score0.00206EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.10 views

CVE-2026-49232

Routinator exits on any error when accepting incoming HTTP or RTR connections, including ones it can recover from such as running out of file descriptors. This condition can be triggered maliciously by an attacker by opening a large number of connections to the HTTP or RTR server. This only affec...

8.7CVSS5.5AI score0.00333EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.11 views

CVE-2026-49233

Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker access to the entire Routinator rsync cache...

8.3CVSS5.4AI score0.00433EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.11 views

CVE-2026-47430

Summary The iOS implementation of cordova-plugin-inappbrowser passes the id field from a WKScriptMessage body to commandDelegate sendPluginResult:callbackId: with no format validation CDVWKInAppBrowser.m:560–574. Any web content loaded inside the InAppBrowser can fire any pending Cordova callback...

9.5CVSS5.4AI score0.00723EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.15 views

CVE-2026-46656

Bludit is a content management system. Versions prior to 3.22.0 have a Broken Access Control flaw where active sessions remain valid even after the corresponding user account has been physically deleted from the database. This "Ghost Session" allows revoked users to maintain full unauthorized...

8.8CVSS5.4AI score0.00294EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.12 views

CVE-2026-9506

This vulnerability exists in Bagisto due to improper validation of user-supplied input in the ImageCacheController component. An unauthenticated remote attacker could exploit this vulnerability by sending crafted path traversal sequences through the filename parameter to access arbitrary files...

8.7CVSS5.7AI score0.00455EPSS
Exploits0References1
Total number of security vulnerabilities206304