|
1481
|
6.5 |
MEDIUM
Network
|
roxy-wi
|
roxy-wi
|
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the POST /config/<service>/show API endpoint accepts a configver parameter that is dir…
|
CWE-24
Path Traversal: '../filedir'
|
CVE-2026-33431
|
2026-04-25 04:19 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1482
|
6.3 |
MEDIUM
Local
|
uutils
|
coreutils
|
A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the mv utility of uutils coreutils during cross-device operations. The utility removes the destination path before recreating it throu…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-35364
|
2026-04-25 04:19 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1483
|
3.3 |
LOW
Local
|
uutils
|
coreutils
|
The nohup utility in uutils coreutils creates its default output file, nohup.out, without specifying explicit restricted permissions. This causes the file to inherit umask-based permissions, typicall…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-35367
|
2026-04-25 04:19 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1484
|
7.8 |
HIGH
Local
|
uutils
|
coreutils
|
A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam() after entering the chroot but before drop…
|
CWE-426
Untrusted Search Path
|
CVE-2026-35368
|
2026-04-25 04:18 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1485
|
9.1 |
CRITICAL
Network
|
roxy-wi
|
roxy-wi
|
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions up to and including 8.2.8.2, when LDAP authentication is enabled, Roxy-WI constructs an LDAP search …
|
CWE-287
NVD-CWE-noinfo
Improper Authentication
|
CVE-2026-33432
|
2026-04-25 04:18 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1486
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
x86/fred: Correct speculative safety in fred_extint()
array_index_nospec() is no use if the result gets spilled to the stack, as
…
|
CWE-129
Improper Validation of Array Index
|
CVE-2026-23354
|
2026-04-25 04:15 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1487
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:
x86/fred: Corregir la seguridad especulativa en fred_extint()
array_index_nospec() no sirve de nada si el resultado se vuelca a …
|
CWE-129
Improper Validation of Array Index
|
CVE-2026-23354
|
2026-04-25 04:15 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1488
|
4.3 |
MEDIUM
Network
|
wolfssh
|
wolfssh
|
Potential read out of bounds case with wolfSSHd on Windows while handling a terminal resize request. An authenticated user could trigger the out of bounds read after establishing a connection which w…
|
CWE-126
CWE-125
Buffer Over-read
Out-of-bounds Read
|
CVE-2026-0930
|
2026-04-25 04:15 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1489
|
7.6 |
HIGH
Network
|
hkuds
|
openharness
|
HKUDS OpenHarness prior to PR #159 remediation contains a session key derivation vulnerability that allows authenticated participants in shared chats or threads to hijack other users' sessions by exp…
|
CWE-287
Improper Authentication
|
CVE-2026-6729
|
2026-04-25 04:14 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1490
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
ata: libata: cancel pending work after clearing deferred_qc
Syzbot reported a WARN_ON() in ata_scsi_deferred_qc_work(), caused by…
|
NVD-CWE-noinfo
|
CVE-2026-23355
|
2026-04-25 04:13 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
