Lucene search
K

370189 matches found

CVE
CVE
added 2026/07/01 1:32 p.m.24 views

CVE-2026-53335

The CVE-2026-53335 issue affects the Linux kernel component mm/damon/lru_sort. It arises when damon_lru_sort_enabled_store() allocates a damon_ctx object and does not handle a failed allocation; if ctx is NULL, code can reach damon_commit_ctx() and dereference the NULL pointer. The documented fix...

6.2AI score0.00166EPSS
Exploits0References3
CVE
CVE
added 2026/07/01 1:32 p.m.15 views

CVE-2026-53332

CVE-2026-53332 affects the Linux kernel’s slimbus driver (qcom-ngd-ctrl) where registering SSR/PDR callbacks and enabling interrupts can occur before the NGD device is fully initialized. If remoteproc starts in parallel with probing, or if a PDR lookup is registered while remoteproc is up, callba...

5.8AI score0.00168EPSS
Exploits0References5
CVE
CVE
added 2026/07/01 1:32 p.m.14 views

CVE-2026-53333

The CVE-2026-53333 entry describes a Linux kernel vulnerability in mm/mincore where mincore_pte_range() could spuriously WARN and report nonresident pages on !CONFIG_SWAP kernels due to the !IS_ENABLED(CONFIG_SWAP) guard running before certain non-swap entries are checked. The fix moves the guard...

5.8AI score0.00154EPSS
Exploits0References3
CVE
CVE
added 2026/07/01 1:32 p.m.16 views

CVE-2026-53331

The CVE-2026-53331 entry describes a Linux kernel slimbus issue in qcom-ngd-ctrl where tx_lock and slim_controller lock could be acquired in opposite orders, risking a deadlock during SSR/PDR down notification. The report explains that qcom_slim_ngd_down() → slim_report_absent() takes the slim_co...

5.8AI score0.00172EPSS
Exploits0References7
CVE
CVE
added 2026/07/01 1:32 p.m.16 views

CVE-2026-53330

The CVE-2026-53330 entry documents a Linux kernel issue in drm/amd/display where an out-of-bounds read could occur in dp_get_eq_aux_rd_interval() when processing LTTPR repeaters. The aux_rd_interval array in struct dc_lttpr_caps was sized to MAX_REPEATER_CNT-1 (7), but an offset up to MAX_REPEATE...

5.8AI score0.00166EPSS
Exploits0References3
CVE
CVE
added 2026/07/01 1:32 p.m.17 views

CVE-2026-53328

The CVE-2026-53328 entry documents a resolved Linux kernel issue in sched_ext where a warning could fire when scx_cgroup_move_task() ran with a NULL cgrp_moving_from during certain CPU/cgroup migrations (enabled by systemd’s subtree_control changes). Root cause: scx_cgroup_can_attach() uses cgrou...

5.8AI score0.00168EPSS
Exploits0References4
CVE
CVE
added 2026/07/01 1:32 p.m.17 views

CVE-2026-53329

The CVE affects the Linux kernel’s drm/amd/display path, specifically dal_vector_reserve(). The allocation size is computed as capacity * vector->struct_size using uint32_t arithmetic, which can overflow and yield a smaller buffer, causing heap overflows on subsequent vector appends. The fix r...

6AI score0.00195EPSS
Exploits0References8
CVE
CVE
added 2026/07/01 1:32 p.m.17 views

CVE-2026-53327

CVE-2026-53327 affects the Linux kernel, specifically the debugobjects path related to fill_pool() on RT-enabled kernels. The root cause is that fill_pool() may invoke rtlock_lock() while current::pi_blocked_on is set, which can trigger an assertion because a task should block on only one lock to...

5.8AI score0.00172EPSS
Exploits0References6
CVE
CVE
added 2026/07/01 1:32 p.m.13 views

CVE-2026-53326

The CVE-2026-53326 issue affects the Linux kernel (debugobjects) on ARM64 PREEMPT_RT builds during early boot. The root cause was attempting to fill a pool within hardirq context before the scheduler is enabled, potentially causing a deadlock when a hard interrupt hits a lock-protected allocation...

5.8AI score0.00172EPSS
Exploits0References6
CVE
CVE
added 2026/07/01 1:28 p.m.22 views

CVE-2026-5136

Summary : CVE-2026-5136 affects Foreman. A flaw in the Usergroup model allows an authenticated user with usergroup management permissions to attach arbitrary roles (including administrator) to a user group and then add themselves as a member, enabling full privilege escalation to administrator-le...

8.8CVSS5.8AI score0.00297EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/07/01 1:18 p.m.16 views

CVE-2026-13603

CVE-2026-13603 affects the pretix-oppwa payment integration. The vulnerability arises from insecure handling of Oppwa’s API URL: the code concatenated resourcePath from the return URL to baseUrl without validation and without a trailing slash, enabling an attacker to redirect the API call to a di...

10CVSS5.8AI score0.00253EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 12:26 p.m.20 views

CVE-2026-8387

CVE-2026-8387 : A vulnerability in allegroai/clearml up to version 1.16.5 permits relative path traversal when extracting ZIP archives via ZipFile.extractall() in StorageManager._extract_to_cache(). The missing path validation allows an attacker to write arbitrary files to the filesystem, with at...

2.4CVSS6.5AI score0.00357EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 12:16 p.m.17 views

CVE-2026-5120

BIOVIA Workbook (Release 2021–Release 2026) is affected by a Race Condition that could allow a user to access data from another user. According to the sources, the vulnerability impacts confidentiality and integrity (C/H) with HIGH impact, CVSS 3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N, base score...

8.1CVSS5.8AI score0.00179EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 11:59 a.m.17 views

CVE-2026-53909

CVE-2026-53909 affects MCO where file upload validation relies solely on client-side checks, allowing an authorized low-priv attacker to upload arbitrary file types to the server. The vulnerability has been confirmed only in version 25.3.3.1, though other versions may also be affected. The docume...

6.5CVSS5.9AI score0.00227EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/07/01 11:59 a.m.22 views

CVE-2026-53908

CVE-2026-53908 affects MCO. The vulnerability enables user enumeration via authentication-related functions: username reminder and password reset responses differ for valid vs invalid users, allowing an attacker to discover valid usernames and email addresses. Vulnerable context: confirmed in ver...

6.9CVSS5.8AI score0.00211EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/07/01 11:58 a.m.19 views

CVE-2026-53907

MCO is vulnerable to a Stored Cross‑Site Scripting (XSS) flaw in the application logo upload feature. A user who can change the logo can upload a crafted SVG containing JavaScript that executes when the logo renders, enabling code execution in the origin context. The vulnerability is confirmed fo...

5.4CVSS5.8AI score0.0014EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/07/01 11:58 a.m.20 views

CVE-2026-53906

CVE-2026-53906 affects MCO’s file handling for data export and upload. The underlying issue is improper validation of the filename parameter, allowing path traversal and the potential to write files to arbitrary locations, along with indirect disclosure of absolute server paths via error messages...

8.2CVSS5.9AI score0.00339EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/07/01 11:58 a.m.23 views

CVE-2026-53905

CVE-2026-53905 affects MCO, with confirmation in version 25.3.3.1. The issue is an insufficient authorization enforcement in the /customer/servlet/mco/webapi/admin-view-hierarchy/get-acl-tree-structure endpoint, allowing an authenticated, low-privileged user to retrieve administrator access contr...

7.1CVSS5.8AI score0.00183EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/07/01 11:58 a.m.22 views

CVE-2026-53904

CVE-2026-53904 affects MCO; vulnerability is an Account Denial of Service due to improper password-reset implementation. The description across sources states that every reset request invalidates the current password and any issued temporary passwords, with no limits on reset requests. An attacke...

7.1CVSS5.8AI score0.00204EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/07/01 11:58 a.m.21 views

CVE-2026-53903

CVE-2026-53903 affects MCO via the insecure endpoint /customer/servlet/mco/webapi/trading-document/fetchPdfStatement. The underlying issue is an IDOR: the app does not properly validate that an authenticated user is authorized to access a requested document, allowing retrieval based on a user-sup...

8.1CVSS5.8AI score0.00244EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder