Lucene search
K

601864 matches found

IBM Security Bulletins
IBM Security Bulletins
added in 20 minutes1 views

Security Bulletin: Multiple Vulnerabilities in IBM Library Support for Spring

Summary Multiple vulnerabilities were addressed in IBM Library Support for Spring 3.4.20 Vulnerability Details CVEID:CVE-2026-41003 DESCRIPTION: An attacker able to influence values in RelyingPartyRegistration may be able to run arbitrary code on HTML forms generated by Spring Security filters...

8.1CVSS0.00393EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added in 17 minutes1 views

Security Bulletin: Multiple Vulnerabilities in IBM Library Support for Spring

Summary Multiple vulnerabilities were addressed in IBM Library Support for Spring 3.3.22 Vulnerability Details CVEID:CVE-2026-41003 DESCRIPTION: An attacker able to influence values in RelyingPartyRegistration may be able to run arbitrary code on HTML forms generated by Spring Security filters...

8.1CVSS0.00489EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added in 15 minutes0 views

Security Bulletin: Multiple Vulnerabilities in IBM Library Support for Spring

Summary Multiple vulnerabilities were addressed in IBM Library Support for Spring 3.2.28 Vulnerability Details CVEID:CVE-2026-41003 DESCRIPTION: An attacker able to influence values in RelyingPartyRegistration may be able to run arbitrary code on HTML forms generated by Spring Security filters...

8.1CVSS0.00489EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added in 11 minutes0 views

Security Bulletin: Multiple Vulnerabilities in IBM Library Support for Spring

Summary Multiple vulnerabilities were addressed in IBM Library Support for Spring 2.7.40 Vulnerability Details CVEID:CVE-2026-41003 DESCRIPTION: An attacker able to influence values in RelyingPartyRegistration may be able to run arbitrary code on HTML forms generated by Spring Security filters...

8.1CVSS0.00489EPSS
Exploits0Affected Software1
GithubExploit
GithubExploit
added 1 hour ago5 views

tools-hacking

HackerAI Tools Collection Koleksi lengkap 85 tools hackin...

6AI score
Exploits0
GithubExploit
GithubExploit
added 2 hours ago5 views

Exploit for Path Traversal in Gogs

─── Ghostlink ─── 🏴 AMN SECURITY 🏴 مركز أبحاث...

8.8CVSS7.3AI score0.7654EPSS
Exploits16
EUVD
EUVD
added 3 hours ago6 views

EUVD-2026-42724

A Use of Incorrectly-Resolved Name or Reference vulnerability in the URL filtering plugin of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass web filtering and access downstream resources that should be unreachable. If an MX Series device is...

6.9CVSS6AI score
Exploits0References2
NVD
NVD
added 3 hours ago5 views

CVE-2026-54760

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.1, the SQLChatAgent SQL-injection mitigation, with default allowdangerousoperations=False, combines a raw-text regex blocklist DANGEROUSSQLPATTERNS with a sqlglot SELECT-only statement allowlist...

9.3CVSS
Exploits0References1
Github Security Blog
Github Security Blog
added 3 hours ago3 views

Tesla vulnerable to multipart part smuggling via unescaped `content-disposition` values

Summary Tesla.Multipart.partheadersfordisposition/1 interpolates Content-Disposition parameter values field name, filename, and other opts verbatim into the part header line without encoding or escaping any special characters. An attacker who controls a filename, field name, or other disposition...

2.1CVSS6.1AI score0.00143EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 3 hours ago3 views

Tesla has decompression bomb on response body

Summary Any Tesla client pipeline that includes Tesla.Middleware.DecompressResponse or Tesla.Middleware.Compression eagerly decompresses HTTP response bodies with no size limit. A server under attacker control or reached via a redirect can return a tiny gzip-encoded payload that expands into...

8.2CVSS6AI score0.00329EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added yesterday3 views

Mistune: Potential DoS via quadratic-time parsing in parse_link_text

Summary Mistune is vulnerable to a CPU exhaustion DoS due to superlinear approximately On² behavior in parselinktext. A relatively small input consisting of repeated characters causes significant parsing slowdown. Affected component mistune/inlineparser.py → parselinktext Description When parsing...

8.7CVSS7.1AI score0.0035EPSS
Exploits0References6Affected Software1
CVE
CVE
added yesterday15 views

CVE-2026-54760

CVE-2026-54760: Langroid’s SQLChatAgent dangerous-function blocklist can be bypassed. Prior to version 0.65.1, the mitigation combines a raw-text regex (_DANGEROUS_SQL_PATTERNS) with a sqlglot-based SELECT-only allowlist. Attackers can defeat the regex using PostgreSQL forms such as quoted identi...

9.3CVSS6AI score
Exploits0References1
Cvelist
Cvelist
added yesterday6 views

CVE-2026-54760 Langroid: SQLChatAgent dangerous-function blocklist can be bypassed with quoted or schema-qualified pg_read_file calls

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.1, the SQLChatAgent SQL-injection mitigation, with default allowdangerousoperations=False, combines a raw-text regex blocklist DANGEROUSSQLPATTERNS with a sqlglot SELECT-only statement allowlist...

9.3CVSS
Exploits0References1
Github Security Blog
Github Security Blog
added yesterday3 views

mint: Unbounded streams map growth via PUSH_PROMISE without follow-up HEADERS

Summary Mint's HTTP/2 client accepts PUSHPROMISE frames from any server it connects to and inserts every promised stream into a per-connection map without consulting maxconcurrentstreams. A malicious or compromised HTTP/2 server can flood the client with PUSHPROMISE frames and withhold the matchi...

8.2CVSS6AI score0.00384EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added yesterday3 views

mint: Unbounded CONTINUATION/HEADERS frame accumulation (CONTINUATION flood)

Summary Mint's HTTP/2 client accumulates CONTINUATION header-block fragments into a per-connection buffer with no cap on size or frame count. A malicious or compromised HTTP/2 server can drive the client's memory to arbitrary size by streaming an endless chain of CONTINUATION frames after a HEADE...

8.2CVSS6.2AI score0.00384EPSS
Exploits0References6Affected Software1
NVD
NVD
added yesterday4 views

CVE-2026-59853

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the /api/storage/getCriteria endpoint returns saved search criteria from data/storage/criteria.json without the publish-access filtering used by sibling storage endpoints, allowing a publish-mode Reader to read private...

6.5CVSS
Exploits0References3
NVD
NVD
added yesterday5 views

CVE-2026-59833

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, SiYuan renders note and package content to HTML through the Lute engine with sanitization enabled, but Lute's dangerous javascript scheme block does not check form action or SVG xlink:href attributes, allowing stored...

8.6CVSS
Exploits0References3
NVD
NVD
added yesterday3 views

CVE-2026-59834

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the block search endpoint POST /api/search/fullTextSearchBlock concatenates attacker-controlled paths values into SQL predicates used by non-SQL search modes, allowing an unauthenticated publish visitor to inject a UNI...

7.5CVSS
Exploits0References4
NVD
NVD
added yesterday4 views

CVE-2026-33655

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to 0.12.0-alpha.1, the default SSRF protection configuration did not apply IP filtering to hostnames; with ApplyIPFilterForDomain disabled by default, URL validation checked domain allow/blo...

7.7CVSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in validator-string (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41a95b09ecd097cf7db1496950d26195169adb7ad2d8065a3458771389094be4 Package name validator-string impersonates the widely-used npm package validator and copies its README, homepage, and API surface. package.json...

6.4AI score
Exploits0References1
Rows per page
Query Builder