0.0

CVE-2026-5398 - Kernel use-after-free bug in the TIOCNOTTY handler

The implementation of TIOCNOTTY failed to clear a back-pointer from the structure representing the controlling terminal to the calling process' session. If the invoking process then exits, the terminal structure may end up containing a pointer to freed memory. A malicious process can abuse the da…

πŸ“… Published: April 22, 2026, 2:23 a.m. πŸ”„ Last Modified: April 22, 2026, 2:23 a.m.

2.7

CVSS3.1

CVE-2026-6408 - Tanium addressed an information disclosure vulnerability in Tanium Server.

Tanium addressed an information disclosure vulnerability in Tanium Server.

πŸ“… Published: April 22, 2026, 1:46 a.m. πŸ”„ Last Modified: April 22, 2026, 1:46 a.m.

2.7

CVSS3.1

CVE-2026-6392 - Tanium addressed an information disclosure vulnerability in Threat Response.

Tanium addressed an information disclosure vulnerability in Threat Response.

πŸ“… Published: April 22, 2026, 1:46 a.m. πŸ”„ Last Modified: April 22, 2026, 1:46 a.m.

8.2

CVSS4.0

CVE-2026-41458 - OwnTone Server < 29.1 Race Condition DoS via DAAP Login

OwnTone Server versions 28.4 through 29.0 contain a race condition vulnerability in the DAAP login handler that allows unauthenticated attackers to crash the server by exploiting unsynchronized access to the global DAAP session list. Attackers can flood the DAAP /login endpoint with concurrent requ…

πŸ“… Published: April 22, 2026, 1:46 a.m. πŸ”„ Last Modified: April 22, 2026, 1:46 a.m.

2.7

CVSS3.1

CVE-2026-6416 - Tanium addressed an uncontrolled resource consumption vulnerability in Interact.

Tanium addressed an uncontrolled resource consumption vulnerability in Interact.

πŸ“… Published: April 22, 2026, 1:46 a.m. πŸ”„ Last Modified: April 22, 2026, 1:46 a.m.

6.9

CVSS4.0

CVE-2026-41457 - OwnTone Server < 29.1 SQL Injection via query and filter Parameters

OwnTone Server versions 28.4 through 29.0 contain a SQL injection vulnerability in DAAP query and filter handling that allows attackers to inject arbitrary SQL expressions by supplying malicious values through the query= and filter= parameters for integer-mapped DAAP fields. Attackers can exploit i…

πŸ“… Published: April 22, 2026, 1:46 a.m. πŸ”„ Last Modified: April 22, 2026, 1:46 a.m.

8.7

CVSS4.0

CVE-2026-41146 - facil.io and downstream iodine ruby gem vulnerable to uncontrolled resource consumption and loop wi…

facil.io is a C micro-framework for web applications. Prior to commit 5128747363055201d3ecf0e29bf0a961703c9fa0, `fio_json_parse` can enter an infinite loop when it encounters a nested JSON value starting with `i` or `I`. The process spins in user space and pegs one CPU core at ~100% instead of retu…

πŸ“… Published: April 22, 2026, 1:07 a.m. πŸ”„ Last Modified: April 22, 2026, 1:07 a.m.

8.8

CVSS4.0

CVE-2026-41145 - MinIO has an Unauthenticated Object Write via Query-String Credential Signature Bypass in Unsigned-…

MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's `STREAMING-UNSIGNED-PAYLOAD-TRAILER` code path allows any user who knows a valid access key to write arbitrary obj…

πŸ“… Published: April 22, 2026, 12:54 a.m. πŸ”„ Last Modified: April 22, 2026, 12:54 a.m.

8.8

CVSS4.0

CVE-2026-40344 - MinIO has an Unauthenticated Object Write via Missing Signature Verification in Unsigned-Trailer Up…

MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's Snowball auto-extract handler (`PutObjectExtractHandler`) allows any user who knows a valid access key to write ar…

πŸ“… Published: April 22, 2026, 12:49 a.m. πŸ”„ Last Modified: April 22, 2026, 12:49 a.m.

0

CVSS3.1

CVE-2026-41144 - FΒ΄ (F Prime) has Integer Overflow in FileUplink

FΒ΄ (F Prime) is a framework that enables development and deployment of spaceflight and other embedded software applications. Prior to version 4.2.0, the bounds check byteOffset + dataSize > fileSize uses U32 addition that wraps around on overflow. An attacker-crafted DataPacket with byteOffset=0xFF…

πŸ“… Published: April 21, 2026, 11:58 p.m. πŸ”„ Last Modified: April 21, 2026, 11:58 p.m.
Total resulsts: 345713
Page 2 of 34,572
Β« previous page Β» next page
Filters