|
1301
|
7.8 |
HIGH
Local
|
uutils
|
coreutils
|
A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam() after entering the chroot but before drop…
|
CWE-426
Untrusted Search Path
|
CVE-2026-35368
|
2026-04-25 04:18 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1302
|
9.1 |
CRITICAL
Network
|
roxy-wi
|
roxy-wi
|
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions up to and including 8.2.8.2, when LDAP authentication is enabled, Roxy-WI constructs an LDAP search …
|
CWE-287
NVD-CWE-noinfo
Improper Authentication
|
CVE-2026-33432
|
2026-04-25 04:18 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1303
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
x86/fred: Correct speculative safety in fred_extint()
array_index_nospec() is no use if the result gets spilled to the stack, as
…
|
CWE-129
Improper Validation of Array Index
|
CVE-2026-23354
|
2026-04-25 04:15 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1304
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:
x86/fred: Corregir la seguridad especulativa en fred_extint()
array_index_nospec() no sirve de nada si el resultado se vuelca a …
|
CWE-129
Improper Validation of Array Index
|
CVE-2026-23354
|
2026-04-25 04:15 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1305
|
4.3 |
MEDIUM
Network
|
wolfssh
|
wolfssh
|
Potential read out of bounds case with wolfSSHd on Windows while handling a terminal resize request. An authenticated user could trigger the out of bounds read after establishing a connection which w…
|
CWE-126
CWE-125
Buffer Over-read
Out-of-bounds Read
|
CVE-2026-0930
|
2026-04-25 04:15 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1306
|
7.6 |
HIGH
Network
|
hkuds
|
openharness
|
HKUDS OpenHarness prior to PR #159 remediation contains a session key derivation vulnerability that allows authenticated participants in shared chats or threads to hijack other users' sessions by exp…
|
CWE-287
Improper Authentication
|
CVE-2026-6729
|
2026-04-25 04:14 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1307
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
ata: libata: cancel pending work after clearing deferred_qc
Syzbot reported a WARN_ON() in ata_scsi_deferred_qc_work(), caused by…
|
NVD-CWE-noinfo
|
CVE-2026-23355
|
2026-04-25 04:13 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1308
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:
ata: libata: cancelar trabajo pendiente después de limpiar deferred_qc
Syzbot informó un WARN_ON() en ata_scsi_deferred_qc_work(…
|
NVD-CWE-noinfo
|
CVE-2026-23355
|
2026-04-25 04:13 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1309
|
6.5 |
MEDIUM
Network
|
nicolargo
|
glances
|
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Glances web server exposes a REST API (`/api/4/*`) that is accessible without authentication and allows cr…
|
CWE-200
CWE-306
CWE-942
Information Exposure
Missing Authentication for Critical Function
Permissive Cross-domain Policy with Untrusted Domains
|
CVE-2026-34839
|
2026-04-25 04:09 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1310
|
3.3 |
LOW
Local
|
uutils
|
coreutils
|
A logic error in the env utility of uutils coreutils causes a failure to correctly parse command-line arguments when utilizing the -S (split-string) option. In GNU env, backslashes within single quot…
|
CWE-20
Improper Input Validation
|
CVE-2026-35377
|
2026-04-25 04:06 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
