Lucene search
K
VulnrichmentRecent

162127 matches found

Vulnrichment
Vulnrichment
added 2026/06/18 9:8 p.m.5 views

CVE-2026-22674 Hashgraph Guardian Stored XSS via branding companyName field

Hashgraph Guardian through 3.5.0, fixed in commit ba8c566, contains a stored cross-site scripting vulnerability that allows authenticated users with the STANDARDREGISTRY role to inject malicious scripts by submitting a crafted companyName value via the branding configuration API endpoint. Attacke...

4.8CVSS6AI score0.00177EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/18 9:1 p.m.7 views

CVE-2026-49257 mcp-pinot: Unauthenticated tool invocation via default oauth_enabled=False + host 0.0.0.0 bind

mcp-pinot is a Python-based Model Context Protocol MCP server for interacting with Apache Pinot. In versions 3.0.1 and below, mcp-pinot defaults to running an HTTP MCP server bound to 0.0.0.0:8080 with no authentication enabled. All MCP tools, including SQL query execution, schema creation, and...

10CVSS5.8AI score0.00498EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/18 8:52 p.m.4 views

CVE-2026-49454 Relyra SAML SignatureValue not cryptographically verified -> authentication bypass

Relyra is a strict-by-default SAML 2.0 Service Provider library for Elixir and Phoenix. Versions 1.0.0 and 1.1.0 accept forged SAML signatures because SignatureValue was not cryptographically verified before the library returned a successful authentication result. The XMLDSig trust boundary was...

9.1CVSS5.7AI score0.00135EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/18 8:47 p.m.5 views

CVE-2026-46699 conda-smithy vulnerable to misrouted repository invitation by conda-forge-webservices[bot] due to GitHub username takeover leading to unintended write access in conda-forge feedstock repository

conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.61.0, a vulnerability in the conda-forge automated webservices allowed unintended write access to feedstock repositories through GitHub...

7.6CVSS5.9AI score0.00201EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/18 8:31 p.m.3 views

CVE-2026-45696 OpenEXR HTJ2K decoder heap buffer over-read in ht_undo_impl() (DoS)

OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11, the HTJ2K High-Throughput JPEG 2000 decoder, htundoimpl in OpenEXRCore is vulnerable to a heap-buffer-overflow READ. The htundoimp...

8.3CVSS5.9AI score0.00263EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/18 8:20 p.m.4 views

CVE-2026-44663 OpenEXR: Integer overflow in the HTJ2K decoder leads to heap-buffer-overflow

OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11, an integer overflow in htundoimpl in src/lib/OpenEXRCore/internalht.cpp leads to a heap-buffer overflow when decoding a crafted...

6.1CVSS5.7AI score0.00199EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/18 8:18 p.m.16 views

CVE-2025-15661 libssh2 - Heap Buffer Over-read via sftp_symlink() in sftp.c

libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftpsymlink function in src/sftp.c that allows a malicious SSH server or man-in-the-middle attacker to disclose heap memory contents or cause a crash by sending a crafted SSHFXPNAME response...

8.3CVSS6AI score0.00267EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/18 8:1 p.m.4 views

CVE-2026-49252 deepstream is vulnerable to prototype pollution

deepstream is a server that allows clients and backend services to sync data, send messages and make rpcs at scale. Versions prior to 10.0.5 are vulnerable to Prototype Pollution. Exploitation can lead to potential privilege escalation from any authenticated user with write permission to any...

9.9CVSS5.7AI score0.0027EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/18 7:54 p.m.5 views

CVE-2026-49248 OneDev: RCE through absolute-path symlink following allows low-privileged users to overwrite arbitrary server via TarUtils.untar

OneDev is a Git server with CI/CD, kanban, and packages. In versions 15.0.6 and below, TarUtils.untar creates symbolic links verbatim from TAR entry getLinkName without validating whether the target is an absolute path. A subsequent file entry in the same archive traverses the symlink, writing to...

8.3CVSS5.9AI score0.00382EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/18 7:44 p.m.4 views

CVE-2026-43994 Coturn: Stack buffer overflow in decode_oauth_token_gcm()

Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.10.0 contain a stack buffer overflow in decodeoauthtokengcm. A uint16t noncelen field read from an attacker-supplied OAuth access token 0-65535 is passed directly to memcpy as the copy length into a 256-byte...

8.1CVSS6AI score0.0045EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/18 7:39 p.m.5 views

CVE-2026-25865 Punto Switcher 4.5.0.583 Unquoted Search Path via WinExec

Punto Switcher through 4.5.0.583 contains an unquoted search path element vulnerability that allows local attackers to execute arbitrary code by exploiting the application's call to WinExec without a fully qualified path for RunDll32.exe when invoking shell32.dll ControlRunDLL input.dll. Attacker...

8.5CVSS6.6AI score0.00149EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/18 7:33 p.m.9 views

CVE-2026-43915 Coturn: Stored Cross-Site Scripting (XSS) in web-admin interface via TURN username

Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.11.0 contain a stored cross-site scripting XSS vulnerability in the web-admin HTTPS interface. An attacker who can create a TURN allocation with a crafted USERNAME value can inject HTML/JavaScript that execut...

5.4CVSS4.8AI score0.00141EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/18 7:29 p.m.5 views

CVE-2026-56099 OpenBSD mpls_do_error Kernel Stack Memory Disclosure via MPLS Input

OpenBSD before commit 6a23123 2026-06-18 contains an out-of-bounds read vulnerability in the mplsdoerror function within sys/netmpls/mplsinput.c that allows remote attackers to disclose kernel stack memory by sending crafted MPLS frames with 16 labels and no Bottom-of-Stack bit set...

6.9CVSS5.9AI score0.00423EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2026/06/18 7:26 p.m.10 views

CVE-2026-48980 pam_usb: getenv() used in PAM context allows environment variable injection into local-check logic

pamusb provides hardware authentication for Linux using removable media. In versions prior to 0.9.2, getenv environment variables XRDPSESSION, DISPLAY and TMUX allow environment variable injection into local-check logic. These environment variables influence whether a current session is local or...

6.3CVSS5.2AI score0.00127EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/18 7:7 p.m.7 views

CVE-2026-48983 pam_usb: TOCTOU race condition in pad directory creation allows symlink substitution

pamusb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, a symlink race condition exists in per-device and per-user pad directory creation. pamusb uses a check-then-act pattern: it calls lstat to test for existence and then calls mkdir separate...

5.8CVSS5.7AI score0.00084EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/18 7:1 p.m.5 views

CVE-2026-48982 pam_usb: Missing O_EXCL on pad temp file creation allows concurrent update race

pamusb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, when updating a one-time pad file, a temporary file is created using open without the OEXCL flag. Without OEXCL, the create operation is not atomic: two concurrent processes racing to...

5.8CVSS5.8AI score0.00088EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/18 6:55 p.m.5 views

CVE-2026-48981 pam_usb: xmlReadFile flags=0 permits XXE network entity fetching in conf.c

pamusb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, pamusb calls xmlReadFile with flags=0 when loading the configuration file, allowing libxml2 to process external entity references XXE, potentially making outbound network connections or...

6.7CVSS5.8AI score0.00115EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/18 6:46 p.m.6 views

CVE-2026-48716 nanobot: Path traversal via unsanitized WhatsApp document fileName enables arbitrary file write

nanobot is a personal AI assistant. In versions 0.1.5.post3 and prior, the WhatsApp bridge in bridge/src/whatsapp.ts constructs a filesystem path using the fileName field from an incoming WhatsApp document message without sanitization. The WhatsApp bridge downloads media attachments and writes th...

8.7CVSS5.8AI score0.00276EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/18 6:39 p.m.9 views

CVE-2026-47846

Bitnami Cassandra container images are affected by a retained default superuser vulnerability. When a custom administrator account is configured via the CASSANDRAUSER environment variable, the container initialization script creates the new superuser account but fails to drop the built-in cassand...

9.8CVSS5.2AI score0.00338EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/18 6:37 p.m.10 views

CVE-2026-47847

Bitnami MariaDB Galera container images and Helm chart are affected by a hardcoded default credential vulnerability in the Galera replication health-check user. The MARIADBREPLICATIONUSER and MARIADBREPLICATIONPASSWORD environment variables defaulted to monitor and monitor respectively. This user...

5.3CVSS5.3AI score0.00187EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/18 6:30 p.m.13 views

CVE-2026-12390 Access of resource using incompatible type ('type confusion') in AzeoTech DAQFactory

In AzeoTech DAQFactory versions 21.1 and prior, a Type Confusion vulnerability can be exploited by an attacker using specially crafted .ctl files which can result in code execution...

8.4CVSS5.5AI score0.00148EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/18 6:30 p.m.11 views

CVE-2026-47833

setupBpmLogs follows symlink for bpm.log open and chown — container-to-host privilege escalation via /etc/shadow. A compromised process inside a bpm container can cause root to chown an arbitrary host file to vcap and append bpm JSON log lines to it. The chown alone lets the attacker take ownersh...

6.9CVSS5.5AI score0.00125EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/18 6:1 p.m.12 views

CVE-2026-48937

A flaw in Node.js HTTP/2 server API can cause servers to keep accepting data even after sending a GOAWAY frame. This vulnerability affects two supported release lines: Node.js 22 and Node.js 24...

5.3CVSS5.4AI score0.00445EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/18 6:0 p.m.11 views

CVE-2026-55392 NILFS utilities - Undefined Behavior and Out-of-Memory via Unvalidated s_log_block_size

NILFS utilities through 2.3.0, fixed in commit 26efb5d, nilfssbisvalid function fails to validate slogblocksize field in NILFS2 superblock before bit-shift operations. Attackers supplying crafted NILFS2 images trigger undefined behavior through oversized shifts or out-of-memory conditions, crashi...

6.7CVSS5.3AI score0.00105EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/18 5:53 p.m.11 views

CVE-2026-9692 Mojolicious::Sessions::Storable versions through 0.05 for Perl generate session ids insecurely

Mojolicious::Sessions::Storable versions through 0.05 for Perl generate session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, the heap address of an anonymous hash, and the PID. These are predictable or low-entropy...

5.3AI score0.00274EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/18 5:33 p.m.9 views

CVE-2026-54390 JTL Shop < 5.7.2 Server-Side Template Injection via Smarty Renderer

JTL Shop versions 5.2.0 through 5.7.1 contains a server-side template injection vulnerability that allows unauthenticated attackers to inject malicious template syntax due to unsanitized user-supplied input passed to the Smarty template engine. Attackers can exploit this flaw to read sensitive...

9.8CVSS6.2AI score0.00333EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/06/18 5:30 p.m.9 views

CVE-2026-48985 pam_usb: NULL Dereference Crash in pusb_is_loginctl_local when loginctl Returns Empty Remote Field

pamusb provides hardware authentication for Linux using ordinary removable media. In versions 0.9.1 and below, pusbisloginctllocal can cause a NULL dereference crash when parsing loginctl output. The function calls popen and reads the result; if the Remote field is only a newline, fgets succeeds...

5.5CVSS5.3AI score0.00113EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/18 5:20 p.m.7 views

CVE-2026-48986 pam_usb: Infinite loop DoS in process-tree walk when parent process exits during authentication

pamusb provides hardware authentication for Linux using removable media. In pamusb 0.9.1 and earlier, usbgetprocessparentid can cause an infinite loop DoS because it does not initialize ppid on failure. In pusblocallogin, the same variable is reused as input and output in a process-tree while loo...

4.7CVSS5.7AI score0.00104EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/18 5:6 p.m.9 views

CVE-2026-48984 pam_usb: xfree() does not call explicit_bzero — sensitive cryptographic material may linger in freed heap

pamusb provides hardware authentication for Linux using ordinary removable media. In versions 0.9.1 and below, the xfree memory release helper in calls free without first zeroing the buffer contents, releasing heap-allocated buffers containing sensitive data — including one-time pad bytes read fr...

4.7CVSS5.5AI score0.00109EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/18 4:25 p.m.8 views

CVE-2025-53114 CometD has acknowledgement extension out of memory

CometD is a scalable comet implementation for web messaging. In versions 5.0.0 through 5.0.22, 6.0.0 through 6.0.18, 7.0.0 through 7.0.18, and 8.0.0 through 8.0.8, bad clients that always send a fixed batch value when the server is using the acknowledgement extension may cause the unacknowledged...

7.5CVSS5.2AI score0.00384EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/18 4:22 p.m.9 views

CVE-2026-11982 Stored XSS via missing XSS safety check in Admin2 Pages API partial validation

Grav 2.0.0-rc.9 with Admin2 2.0.0-rc.14 contains a stored cross-site scripting XSS vulnerability in the Admin2 Pages API save flow...

5.1CVSS4.8AI score0.00299EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/18 4:21 p.m.12 views

CVE-2026-55237 AutoGPT SignUp Page has DOM-Based XSS and Open Redirect

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions prior to 0.6.62 have a DOM-based Cross-Site Scripting XSS vulnerability in AutoGPT's signup page. The application improperly trusts a URL parameter next, which is...

8.8CVSS5.5AI score0.00189EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/18 4:21 p.m.12 views

CVE-2026-48617

A flaw in Node.js Permission Model enforcement allows Bypass via process.report.writeReport Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported release lines: Node.js 22,...

1.8CVSS4.7AI score0.00208EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/18 4:20 p.m.8 views

CVE-2025-32437 AutoGPT has a DoS vulnerability in MediaDurationBlock

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, MediaDurationBlock will download and store the video in a temporary directory without deleting before all noded are done. StepThroughItemsBlock can be used t...

8.7CVSS5.3AI score0.00276EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/18 4:18 p.m.4 views

CVE-2025-32436 AutoGPT has a DoS vulnerability in AddAudioToVideoBlock

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, AddAudioToVideoBlock will download and store the video and audio in a temporary directory without deleting before all noded are done. StepThroughItemsBlock c...

7.1CVSS5.8AI score0.00247EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/18 4:14 p.m.8 views

CVE-2025-32424 AutoGPT has a DoS vulnerability in ScreenshotWebPageBlock

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, ScreenshotWebPageBlock will store the captured screenshots in a temporary directory. StepThroughItemsBlock can be used to iterate ScreenshotWebPageBlock...

8.7CVSS5.3AI score0.00276EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/18 4:13 p.m.3 views

CVE-2026-54106 U.S. GAO EPDS and CBCA EDS network access control bypass

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS do not validate X-Forwarded-For HTTP headers, allowing a remote attacker with compromised administrator credentials to bypass network...

5.1CVSS5.9AI score0.00289EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/18 4:13 p.m.3 views

CVE-2026-54105 U.S. GAO EPDS and CBCA EDS user information disclosure

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS expose sensitive account information through the 'update-profile/' API endpoint. A remote, unauthenticated attacker can submit a reque...

6.9CVSS6AI score0.003EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/18 4:12 p.m.5 views

CVE-2026-54104 U.S. GAO EPDS and CBCA EDS client-based privilege escalation

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS trusts client-provided values for the 'epdsroleid' parameter without verification, allowing a remote, authenticated attacker to escala...

8.8CVSS5.9AI score0.004EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/18 4:12 p.m.8 views

CVE-2025-32422 AutoGPT has a DoS vulnerability in FileStoreBlock with StepThroughItemsBlock

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, StepThroughItemsBlock can iterate all the contents in a list and send them to FileStoreBlock for downloading one by one. Although FileStoreBlock has access...

8.7CVSS5.3AI score0.00276EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/18 4:12 p.m.5 views

CVE-2026-54103 U.S. GAO EPDS and CBCA EDS unauthenticated password change

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS does not authenticate password change requests to the '/update-profile/N' API endpoint. A remote, unauthenticated attacker could chang...

9.8CVSS6AI score0.00427EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/18 4:12 p.m.4 views

CVE-2026-56020 Webmin HTTP header authentication bypass

The Webmin HTTP server miniserv.pl allows unauthenticated attackers to impersonate any user with a configured SSL client certificate by sending a forged HTTP header. A remote attacker can spoof certificate DNs and authenticate as any user. Fixed in 2.641...

9.2CVSS6AI score0.00285EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/18 4:11 p.m.3 views

CVE-2026-56021 Webmin information disclosure via regex pattern

Webmin allows unauthenticated attackers to read the contents of any file ending in .conf within module directories, due to a bypassable regex pattern...

6.9CVSS5.9AI score0.0028EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/18 4:11 p.m.3 views

CVE-2026-56022 Webmin MFA bypass

Webmin accepts basic authentication without session cookies when an attacker provides the 'User-Agent: webmin' header, allowing bypass of additional MFA requirements. Fixed in 2.641...

6.9CVSS5.9AI score0.00308EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/18 4:8 p.m.8 views

CVE-2025-32392 AutoGPT has a DoS vulnerability in LoopVideoBlock

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, AutoGPT's LoopVideoBLock allows users to input a video file and process the video, such as looping it 5 times or extending the time, and finally writing it t...

8.7CVSS5.3AI score0.00343EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/18 4:5 p.m.10 views

CVE-2026-55204 HAProxy - NULL Pointer Dereference in hpack_dht_insert Function

HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpackdhtinsert within src/hpack-tbl.c that fails to validate the return value of hpackdhtdefrag when the memory pool is exhausted. An attacker can trigger HPACK dynamic table insertions under memo...

8.7CVSS5.3AI score0.00431EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/18 4:5 p.m.3 views

CVE-2026-55203 HAProxy - Integer Overflow in FCGI Demux Record Length Field

HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgiconn structure's drl field that allows buffer misparse as new FCGI record headers. When contentLength is 65535 and paddingLength is 1 or more, the drl field wraps to 0, causing incorrect record...

9CVSS6.1AI score0.00321EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/18 3:49 p.m.10 views

CVE-2026-55205 Hermes WebUI < 0.51.468 - Resource Exhaustion via Unauthenticated OAuth Flow Endpoint

Hermes WebUI before 0.51.468 contains a resource exhaustion vulnerability in the unauthenticated POST /api/onboarding/oauth/start endpoint that allows unbounded accumulation of in-memory flow state and daemon threads. Attackers can send repeated or concurrent requests to exhaust server memory and...

6.9CVSS5.3AI score0.00301EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/18 3:27 p.m.10 views

CVE-2026-56024 WordPress WP EasyPay plugin <= 4.5.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Saad Iqbal WP EasyPay allows Cross Site Request Forgery. This issue affects WP EasyPay: from n/a through 4.5.0...

6.5CVSS5.8AI score0.00124EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/18 2:44 p.m.11 views

CVE-2026-11791 389-ds-base: 389-ds-base: use-after-free in schema reload via attr_syntax_swap_ht()

A flaw was found in 389 Directory Server. During schema reload, the attrsyntaxswapht function unconditionally frees attribute syntax information nodes, bypassing the refcount-based deferred deletion used elsewhere in the attribute syntax subsystem. If an administrator triggers schema reload while...

5CVSS5.2AI score0.00212EPSS
Exploits0References2
Total number of security vulnerabilities162127