Lucene search
K

369093 matches found

CVE
CVE
added last week16 views

CVE-2026-5138

Foreman vulnerability CVE-2026-5138 involves the taxonomy_scope controller failing to validate organization and location IDs in nested request parameters. An authenticated user with host-edit permissions can trigger cross-tenant information disclosure, leaking sensitive infrastructure metadata (s...

4.3CVSS5.8AI score0.00247EPSS
Exploits0References6
CVE
CVE
added last week11 views

CVE-2026-5135

CVE-2026-5135 concerns Foreman and describes a broken access control vulnerability where an authenticated user with host-edit permissions can retarget an existing lookup value override to a different host by modifying the match field via nested host attributes, effectively bypassing authorisation...

6.5CVSS5.7AI score0.00262EPSS
Exploits0References6
CVE
CVE
added last week11 views

CVE-2026-5142

CVE-2026-5142 (Foreman) : A flaw allows authenticated users with the low-privilege permission view_keypairs to bypass taxonomy scoping and download private SSH keys from other organizations by querying key pair IDs. This results in cross-tenant data exposure in multi-tenant deployments. The initi...

6.5CVSS5.7AI score0.0027EPSS
Exploits0References6
CVE
CVE
added last week33 views

CVE-2026-12374

CVE-2026-12374 affects the macOS PrivilegedHelperTool in Cato Client prior to v5.13.1. The issue combines improper XPC caller certificate validation with a TOCTOU race, allowing a local authenticated attacker to escalate to root by using a self-signed certificate that bypasses XPC caller verifica...

7.3CVSS5.8AI score0.00055EPSS
Exploits0References1
CVE
CVE
added last week8 views

CVE-2026-49089

Kibana ( Elastic 8.x ) is affected by CVE-2026-49089 through an Authorization Bypass via a user-controlled key in AI Assistant conversations, allowing an authenticated user to access or modify another user’s AI Assistant conversation and potentially perform unauthorized data modifications. Affect...

Exploits0References1
CVE
CVE
added last week24 views

CVE-2026-6688

CVE-2026-6688 affects FatFs R0.16 and earlier . It is a downstream-caller vulnerability in FatFs long filename handling: with LFN enabled, fno.fname can be up to 255 characters , and callers copy it into short fixed buffers without bounds checks, causing a buffer overflow (CWE-120). CVSS v3.1: AV...

7.6CVSS5.8AI score0.0021EPSS
Exploits2References4Affected Software1
CVE
CVE
added last week33 views

CVE-2026-6687

CVE-2026-6687 affects FatFs R0.16 and earlier. Root cause: f_getlabel() trusts exFAT label length (XDIR_NumLabel) beyond the spec maximums, causing a stack-based buffer overflow (CWE-121). Documented impact per CVSS: high for confidentiality, integrity, and availability. Exploitation status is no...

7.6CVSS5.8AI score0.00232EPSS
Exploits2References4Affected Software1
CVE
CVE
added last week25 views

CVE-2026-6686

FatFs CVE-2026-6686 affects FatFs R0.16 and earlier. The issue is an uninitialized cluster exposure when f_lseek() extends a file beyond EOF without zero-filling newly allocated clusters, mapping to CWE-908 (Use of Uninitialized Resource). The root cause is not zero-filling or initializing cluste...

4.6CVSS5.8AI score0.00177EPSS
Exploits2References4Affected Software1
CVE
CVE
added last week10 views

CVE-2026-23537

The CVE-2026-23537 issue affects the Feast Feature Server, specifically the vulnerable "/save-document" endpoint. An unauthenticated remote attacker can write arbitrary JSON files to the server filesystem, bypassing path restrictions and potentially overwriting vital configurations or startup scr...

9.1CVSS6.2AI score0.00568EPSS
Exploits0References4
CVE
CVE
added last week35 views

CVE-2026-6685

FatFs CVE-2026-6685 affects FatFs R0.16 and earlier, where a stale dirty-cache skip can occur due to an unsigned-subtraction wrap in f_read() and f_write() during interleaved reads/writes on fragmented filesystems (fp->sect - sect < cc). The root cause is an integer underflow (CWE-191) in t...

6.1CVSS5.8AI score0.00205EPSS
Exploits2References4Affected Software1
CVE
CVE
added last week13 views

CVE-2026-13602

The CVE-2026-13602 issue describes a session‑takeover chain affecting multiple payment integration plugins (Stripe, pretix-mollie, pretix-oppwa, pretix-bitpay, pretix-payone, pretix-secuconnect, pretix-sofort, pretix-saferpay) and core features. A code path transports session parameters via URL b...

9.4CVSS6AI score0.00239EPSS
Exploits0References1
CVE
CVE
added last week23 views

CVE-2026-6684

CVE-2026-6684 affects FatFs prior to R0.16 when GPT scanning is used with FF_LBA64 = 1. The issue stems from an unbounded loop count derived from the GPT header field GPTH_PtNum, leading to extremely long or effectively infinite mount-time scans (CWE-835: Loop with Unreachable Exit Condition). Af...

4.6CVSS5.8AI score0.00205EPSS
Exploits2References4Affected Software1
CVE
CVE
added last week33 views

CVE-2026-6683

CVE-2026-6683 describes a divide-by-zero in FatFs exFAT sync for FatFs R0.16 and earlier. The bug arises when crafted metadata causes the expression n_fatent - 2 to be zero during write/sync, mapping to CWE-369 (Divide By Zero). The vulnerability is applicable to FatFs versions ending at R0.16 an...

4.6CVSS5.8AI score0.00205EPSS
Exploits2References4Affected Software1
CVE
CVE
added last week65 views

CVE-2026-6682

CVE-2026-6682 affects FatFs in R0.16 and earlier, where in mount_volume() a multiply operation fasize *= fs->n_fats can overflow, causing an integer wrap. This overflow can lead to attacker-controlled file-size metadata and unsafe read lengths in downstream callers. Impact described as CWE-190...

7.6CVSS5.9AI score0.0021EPSS
Exploits2References4Affected Software1
CVE
CVE
added last week15 views

CVE-2026-57692

WordPress PrivateContent plugin

9.8CVSS5.8AI score0.00292EPSS
Exploits0References1
CVE
CVE
added last week16 views

CVE-2026-53356

The CVE-2026-53356 entry concerns the Linux kernel DRM/I915 GEM code. The root cause is in sg_page() returning a struct page pointer instead of (void *) which mis-scales pread/pwrite for phys BO and can cause access to incorrect parts of a buffer when a non-zero offset is used. A fix was cherry-p...

5.8AI score0.00164EPSS
Exploits0References8
CVE
CVE
added last week14 views

CVE-2026-53355

The CVE concerns the Linux kernel’s RDS over IB teardown path. Affected component: RDS/IB setup code in the kernel, specifically the rds_ib_setup_qp() error unwind path. Root cause: when setup fails after allocating i_sends but before i_recvs, the sends_out path frees i_sends without clearing the...

5.8AI score0.00164EPSS
Exploits0References8
CVE
CVE
added last week14 views

CVE-2026-53354

The CVE-2026-53354 entry documents a Linux kernel arm64 TLBI errata mitigation affecting Arm CPUs. The vulnerability arises from a broadcast TLBI;DSB sequence that may complete before global observation of writes translated by an affected TLB entry, though TLB invalidation remains correct. Mitiga...

5.8AI score0.00182EPSS
Exploits0References9
CVE
CVE
added last week18 views

CVE-2026-53353

The CVE-2026-53353 entry concerns the Linux kernel HSR subsystem. A timing window exists where hsr->self_node can be absent because hsr_del_self_node() clears self_node in hsr_dellink() and dellink() may complete before unregister_netdevice_many(), leaving a race that can affect self-node chec...

5.8AI score0.00156EPSS
Exploits0References5
CVE
CVE
added last week17 views

CVE-2026-53352

Summary: CVE-2026-53352 affects the Linux kernel’s thread-stop handling. When a multi-threaded process receives a stop signal, do_signal_stop() sets JOBCTL_STOP_PENDING and JOBCTL_STOP_CONSUME on all threads and tracks group_stop_count. If one thread concurrently execs, zap_other_threads() kills ...

5.8AI score0.00164EPSS
Exploits0References8
Rows per page
Query Builder