Lucene search
K

256747 matches found

Wolfi
Wolfi
added yesterday3 views

GHSA-Q5H6-FCF5-49G9 vulnerabilities

Vulnerabilities for packages: py3-nltk...

5.9AI score
Exploits0
Wolfi
Wolfi
added yesterday3 views

GHSA-P4GQ-832X-FM9V vulnerabilities

Vulnerabilities for packages: py3-nltk...

5.9AI score
Exploits0
Chainguard
Chainguard
added yesterday2 views

GHSA-Q5H6-FCF5-49G9 vulnerabilities

Vulnerabilities for packages: py3-nltk...

5.9AI score
Exploits0
Chainguard
Chainguard
added yesterday3 views

CVE-2021-42740 vulnerabilities

Vulnerabilities for packages: py3-captum...

9.8CVSS7.1AI score0.0434EPSS
Exploits0
Chainguard
Chainguard
added yesterday2 views

GHSA-MP2F-45PM-3CG9 vulnerabilities

Vulnerabilities for packages: py3-captum...

5.9AI score
Exploits0
Chainguard
Chainguard
added yesterday2 views

GHSA-P4GQ-832X-FM9V vulnerabilities

Vulnerabilities for packages: py3-nltk, apache-beam-python-3.12-sdk...

5.9AI score
Exploits0
NVD
NVD
added yesterday3 views

CVE-2026-60104

Bitwarden Server before 2026.6.0 does not verify that the email in a POST /auth-requests/admin-request body belongs to the authenticated caller, allowing a low-privileged organization member to obtain another user's vault key and a victim-scoped access token by creating a Trusted Device Encryptio...

9.3CVSS
Exploits0References5
Cvelist
Cvelist
added yesterday7 views

CVE-2026-14361 Consul-template is vulnerable to path redirection in writeToFile through symlink attack

The consul-template library before version 0.42.1 is vulnerable to a path redirection issue in the writeToFile template helper that may allow template output to be written outside the intended directory or to overwrite an existing file. This vulnerability CVE-2026-14361 is fixed in consul-templat...

4.7CVSS
Exploits0References1
Debian CVE
Debian CVE
added yesterday3 views

CVE-2026-58254

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.8, message trace destination checks were applied to ordinary client connections but not consistently to messages arriving through leafnode connections, allowing a leafnode...

5.3CVSS5.9AI score
Exploits0
CVE
CVE
added yesterday49 views

CVE-2026-55760

Handlebars.java (Java) CVE-2026-55760 affects the library when user-controlled input is passed to Handlebars.compile() using FileTemplateLoader or ClassPathTemplateLoader. Prior to version 4.5.2, this allows path traversal and arbitrary file reads via template names derived from URL path paramete...

7.5CVSS6AI score
Exploits0References3
EUVD
EUVD
added yesterday3 views

EUVD-2026-42337

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Include.parse joins and normalizes user-supplied include paths without verifying that the result remains within the intended markdown directory, allowing crafted include paths to access files outside that directory wh...

5.9CVSS6AI score
Exploits0References3
NVD
NVD
added yesterday7 views

CVE-2026-59725

Socket.IO enables bidirectional and low-latency communication for every platform. From 4.1.0 before 6.6.7, Engine.IO protocol v4 polling transport does not properly close the HTTP response for invalid binary POST requests with Content-Type: application/octet-stream, allowing an unauthenticated...

7.5CVSS
Exploits0References3
RedHat Linux
RedHat Linux
added yesterday3 views

Apache Tomcat: Apache Tomcat: Missing Encryption of Sensitive Data due to EncryptInterceptor bypass

A flaw was found in Apache Tomcat. This vulnerability, categorized as Missing Encryption of Sensitive Data, arises from a bypass in the EncryptInterceptor, a component designed to ensure data encryption. This bypass, introduced as a fix for CVE-2026-29146, allows sensitive data to remain...

7.5CVSS6.1AI score0.15831EPSS
Exploits6References5
Circl
Circl
added yesterday4 views

CVE-2026-59253

creationtimestamp| type| source ---|---|--- 2026-07-08 16:12:39+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq5j5g5ct72l...

5.3CVSS5.9AI score
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-59895

Hono (server-side JS framework) contains a CS/XSS flaw in cx() within hono/css: class name construction concatenates strings and marks the result as pre-escaped, bypassing HTML escaping. This allows untrusted className values used in a JSX class attribute during server-side rendering to break out...

6.1CVSS6.1AI score
Exploits0References3
RedHat Linux
RedHat Linux
added yesterday3 views

golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname for example, xn--example-.com returns example.com instead of an error. Applications that validate the ASCII form then convert to Unicode may grant acce...

9.6CVSS6.6AI score0.00478EPSS
Exploits0References8
CVE
CVE
added yesterday8 views

CVE-2026-59873

CVE-2026-59873 affects node-tar (Node.js) prior to v7.5.19. The issue arises because the library did not enforce hard upper bounds on total decompressed data, entry counts, or decompression ratio in extraction/parsing code (e.g., src/extract.ts), enabling a crafted gzip input to cause resource ex...

9.2CVSS5.9AI score
Exploits0References3
NVD
NVD
added yesterday6 views

CVE-2026-10698

Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer Custom Reports modules. This issue affects MOVEit Transfer: from 2025.0.0 before 2025.0.8, from 2025.1.0 before 2025.1.4, from 2026.0.0 before 2026.0.1...

7.2CVSS
Exploits0References1
EUVD
EUVD
added yesterday3 views

EUVD-2026-42286

SeaweedFS is a distributed storage system. In versions 4.08 through 4.33, requests signed with SigV4 service s3tables are routed to the S3Tables management API where authorization collapses account-less S3 identities into the shared admin account and fails open, allowing an authenticated...

4.3CVSS5.9AI score
Exploits0References4
NVD
NVD
added yesterday5 views

CVE-2026-15034

A vulnerability has been found in flask-dashboard Flask-MonitoringDashboard up to 5.0.2. Affected by this issue is some unknown functionality. Such manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used...

5.3CVSS
Exploits0References9
Rows per page
Query Builder