|
1881
|
7.6 |
HIGH
Network
|
hkuds
|
openharness
|
HKUDS OpenHarness prior to PR #159 remediation contains a session key derivation vulnerability that allows authenticated participants in shared chats or threads to hijack other users' sessions by exp…
|
CWE-287
Improper Authentication
|
CVE-2026-6729
|
2026-04-25 04:14 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1882
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
ata: libata: cancel pending work after clearing deferred_qc
Syzbot reported a WARN_ON() in ata_scsi_deferred_qc_work(), caused by…
|
NVD-CWE-noinfo
|
CVE-2026-23355
|
2026-04-25 04:13 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1883
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:
ata: libata: cancelar trabajo pendiente después de limpiar deferred_qc
Syzbot informó un WARN_ON() en ata_scsi_deferred_qc_work(…
|
NVD-CWE-noinfo
|
CVE-2026-23355
|
2026-04-25 04:13 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1884
|
6.5 |
MEDIUM
Network
|
nicolargo
|
glances
|
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Glances web server exposes a REST API (`/api/4/*`) that is accessible without authentication and allows cr…
|
CWE-200
CWE-306
CWE-942
Information Exposure
Missing Authentication for Critical Function
Permissive Cross-domain Policy with Untrusted Domains
|
CVE-2026-34839
|
2026-04-25 04:09 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1885
|
3.3 |
LOW
Local
|
uutils
|
coreutils
|
A logic error in the env utility of uutils coreutils causes a failure to correctly parse command-line arguments when utilizing the -S (split-string) option. In GNU env, backslashes within single quot…
|
CWE-20
Improper Input Validation
|
CVE-2026-35377
|
2026-04-25 04:06 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1886
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drbd: fix "LOGIC BUG" in drbd_al_begin_io_nonblock()
Even though we check that we "should" be able to do lc_get_cumulative()
whil…
|
CWE-617
Reachable Assertion
|
CVE-2026-23356
|
2026-04-25 04:06 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1887
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:
drbd: corrige el 'LOGIC BUG' en drbd_al_begin_io_nonblock()
Aunque verificamos que "deberíamos" poder hacer lc_get_cumulative() …
|
CWE-617
Reachable Assertion
|
CVE-2026-23356
|
2026-04-25 04:06 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1888
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
can: mcp251x: fix deadlock in error path of mcp251x_open
The mcp251x_open() function call free_irq() in its error path with the
m…
|
CWE-667
Improper Locking
|
CVE-2026-23357
|
2026-04-25 04:04 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1889
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:
can: mcp251x: corregir interbloqueo en la ruta de error de mcp251x_open
La función mcp251x_open() llama a free_irq() en su ruta …
|
CWE-667
Improper Locking
|
CVE-2026-23357
|
2026-04-25 04:04 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1890
|
4.7 |
MEDIUM
Local
|
uutils
|
coreutils
|
A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the mv utility of uutils coreutils during cross-device moves. The extended attribute (xattr) preservation logic uses multiple path-base…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-35354
|
2026-04-25 04:04 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
