Lucene search
+L

12968 matches found

OSV
OSV
added 2026/07/06 9:15 p.m.4 views

CVE-2026-59710 showdown - Stored XSS via Unescaped Table Header ID Attribute Injection

showdown contains a stored cross-site scripting vulnerability in the parseHeaders function of src/subParsers/makehtml/tables.js that fails to properly escape table header ID attributes. Attackers can inject arbitrary HTML and script-executing SVG elements through double-quote characters in markdo...

5.3CVSS5.9AI score0.00198EPSS
Exploits0References6
OSV
OSV
added 2026/07/06 8:42 p.m.9 views

GHSA-Q9P7-WQXG-MRHC Langroid: Sandbox Escape to Remote Code Execution via Incomplete `eval()` Mitigation in TableChatAgent

Advisory Details Title: Sandbox Escape to Remote Code Execution via Incomplete eval Mitigation in TableChatAgent Description: Summary Langroid is vulnerable to a critical Sandbox Escape leading to Remote Code Execution RCE in its TableChatAgent and VectorStore capabilities. When these agents...

10CVSS6.3AI score0.00912EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/07/06 8:42 p.m.6 views

Langroid: Sandbox Escape to Remote Code Execution via Incomplete `eval()` Mitigation in TableChatAgent

Advisory Details Title: Sandbox Escape to Remote Code Execution via Incomplete eval Mitigation in TableChatAgent Description: Summary Langroid is vulnerable to a critical Sandbox Escape leading to Remote Code Execution RCE in its TableChatAgent and VectorStore capabilities. When these agents...

10CVSS6.3AI score0.00912EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/07/06 8:33 p.m.37 views

CVE-2026-14471 Authenticated SQL injection in the metrics-service retention policy subsystem of mcp-gateway-registry

Improper Neutralization of Special Elements in the metrics-service retention policy management component in Amazon mcp-gateway-registry before 1.0.13 might allow an authenticated remote user to execute arbitrary SQL queries via a crafted tablename value that is interpolated into SQL statements in...

8.6CVSS0.00325EPSS
Exploits0References3
NVD
NVD
added 2026/07/06 8:16 p.m.5 views

CVE-2026-59089

A flaw was found in GIMP. The PlayStation TIM loader, responsible for handling PlayStation image files, incorrectly calculates the size of the Color Look-Up Table CLUT due to an integer overflow. This occurs when multiplying numcolors and numcluts, both 16-bit unsigned short integers, resulting i...

5.5CVSS0.00208EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/07/06 2:31 p.m.11 views

kernel: tcp: fix potential race in tcp_v6_syn_recv_sock()

A flaw was found in the Linux kernel. A race condition exists in the TCP Transmission Control Protocol IPv6 Internet Protocol version 6 socket handling, specifically within the tcpv6synrecvsock function. This occurs because a child socket becomes visible in the TCP hash table before its...

9.8CVSS6.6AI score0.00298EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.12 views

PT-2026-56029

Name of the Vulnerable Software and Affected Versions showdown affected versions not specified Description A stored cross-site scripting issue exists in the parseHeaders function within src/subParsers/makehtml/tables.js. The software fails to properly escape table header ID attributes, allowing...

6.1CVSS5.9AI score0.00198EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.13 views

PT-2026-56031

Name of the Vulnerable Software and Affected Versions FOSSBilling versions prior to 0.8.0 Description A race condition in the cart checkout flow allows an authenticated client to apply a promo code more times than its configured maximum limit. By sending concurrent checkout requests before the...

6.9CVSS6AI score0.0022EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.15 views

PT-2026-56063

Name of the Vulnerable Software and Affected Versions Langroid versions prior to 0.65.2 Description A sandbox escape exists in the TableChatAgent and VectorStore capabilities that allows unauthenticated remote code execution RCE on the host system. The issue occurs when agents evaluate...

10CVSS6.5AI score0.00912EPSS
Exploits0References16
OSV
OSV
added 2026/07/05 4:19 p.m.4 views

UBUNTU-CVE-2026-14759

A security flaw has been discovered in radareorg radare2 up to 6.1.6. This issue affects the function rbinjavainnerclassesattrcalcsize of the file shlr/java/class.c of the component RBinJava Line Number Table Parser. Performing a manipulation results in heap-based buffer overflow. The attack...

7.8CVSS6AI score0.00153EPSS
Exploits1References10
EUVD
EUVD
added 2026/07/05 3:15 p.m.10 views

EUVD-2026-41769

A security flaw has been discovered in radareorg radare2 up to 6.1.6. This issue affects the function rbinjavainnerclassesattrcalcsize of the file shlr/java/class.c of the component RBinJava Line Number Table Parser. Performing a manipulation results in heap-based buffer overflow. The attack...

4.8CVSS6.1AI score0.00153EPSS
Exploits1References7
CVE
CVE
added 2026/07/05 3:15 p.m.26 views

CVE-2026-14759

radare2 (radareorg) up to version 6.1.6 is affected by CVE-2026-14759 in the RBinJava Line Number Table Parser. The vulnerability is located in function r_bin_java_inner_classes_attr_calc_size (file shlr/java/class.c) and leads to a heap-based buffer overflow when a manipulation is performed. The...

7.8CVSS6.1AI score0.00153EPSS
Exploits1References7Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.16 views

PT-2026-55809

Name of the Vulnerable Software and Affected Versions radareorg radare2 versions prior to 6.1.7 Description A heap-based buffer overflow occurs in the RBinJava Line Number Table Parser component within the r bin java inner classes attr calc size function located in the shlr/java/class.c file. Thi...

7.8CVSS6.1AI score0.00153EPSS
Exploits1References11
NVD
NVD
added 2026/07/03 6:16 a.m.10 views

CVE-2026-12557

The Ninja Forms - File Uploads plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.3.29. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to read all...

5.3CVSS0.00223EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/03 4:30 a.m.8 views

EUVD-2026-41484

The Ninja Forms - File Uploads plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.3.29. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to read all...

5.3CVSS5.8AI score0.00223EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.16 views

PT-2026-55494

Name of the Vulnerable Software and Affected Versions Ninja Forms - File Uploads versions prior to 3.3.30 Description An authorization bypass exists because the plugin fails to properly verify if a user is authorized to perform specific actions. This allows unauthenticated attackers to read all...

5.3CVSS6AI score0.00223EPSS
Exploits0References6
OSV
OSV
added 2026/07/02 8:44 p.m.5 views

GHSA-2V8P-FQPX-2Q3W jxl-oxide: integer subtraction overflow panic in cluster_from_table via crafted JXL input (DoS)

Summary Logic bug in decodesimpletableslow may cause integer arithmetic overflow when decoding Modular image with certain kind of MA tree, which may panic with overflow-checks enabled. Impact Denial of service: any application passing untrusted JXL data to JxlImage::renderframe or equivalent can ...

6.2CVSS5.9AI score
Exploits0References2
Cvelist
Cvelist
added 2026/07/02 7:56 p.m.36 views

CVE-2026-58466 AutoBangumi < 3.2.8 - Hard-coded Default Credentials via add_default_user()

AutoBangumi before 3.2.8 contains a hard-coded default credentials vulnerability that allows unauthenticated attackers to authenticate as the administrator by using the publicly known default credentials seeded at startup via adddefaultuser in the database user module when the users table is empt...

9.8CVSS0.00505EPSS
Exploits0References4
NVD
NVD
added 2026/07/02 10:16 a.m.9 views

CVE-2026-9834

The WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin for WordPress is vulnerable to OS Command Injection in all versions up to and including 7.11 via the wpdbexcludetable parameter. This is due to the direct concatenation of user-supplied $POST'wpdbexcludetable' valu...

7.2CVSS0.01588EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/07/02 8:33 a.m.36 views

CVE-2026-9834 WP Database Backup <= 7.11 - Authenticated (Administrator+) OS Command Injection via 'wp_db_exclude_table' Parameter

The WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin for WordPress is vulnerable to OS Command Injection in all versions up to and including 7.11 via the wpdbexcludetable parameter. This is due to the direct concatenation of user-supplied $POST'wpdbexcludetable' valu...

7.2CVSS0.01588EPSS
Exploits0References8
Rows per page
Query Builder