Lucene search
+L

2100 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 4:7 p.m.14 views

Malicious code in @0xlr/stripe-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3eda7bf8681a6253ffc4bc965888e45c5374e4ba8d4fe2e17efcd0f227d7ce5e On npm install, postinstall.js enumerates every entry in process.env sorted, bundles it with hostname, username, homedir, cwd, argv, and platform/arc...

5.5AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.11 views

CVE-2026-41491

Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge. From versions 1.3.0 to before 1.15.14, 1.16.0-rc.1 to before 1.16.14, and 1.17.0-rc.1 to before 1.17.5, a vulnerability has been found in Dapr that allows bypassing access control policies for...

8.1CVSS5.3AI score0.00325EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.11 views

CVE-2026-45331

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, validateurl in backend/openwebui/retrieval/web/utils.py calls validators.ipv6ip, private=True, but the validators library does NOT implement the private keyword for IPv6 — the call...

8.5CVSS5.4AI score0.00286EPSS
Exploits1References1
CVE
CVE
added 2026/06/04 10:39 p.m.60 views

CVE-2023-5502

CVE-2023-5502 affects Arista EOS platforms where 802.1x is configured on access/trunk ports and IP routing is enabled on the access VLAN; a malicious supplicant may bypass 802.1x authentication. Arista’s advisory 0096 documents affected EOS releases (e.g., 4.31.x, 4.30.x, 4.29.x, 4.28.x, 4.27.x, ...

8.2CVSS5.8AI score0.00317EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/01 10:29 a.m.12 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the XCom PATCH endpoint PATCH /api/v2/xcomEntries/key that allows an authenticated UI/API user with XCom write permission on a Dag to set XCom entries under reserved key names e.g. returnvalue that...

8.8CVSS5.6AI score0.0055EPSS
Exploits0References2
PyPA
PyPA
added 2026/06/01 9:16 a.m.11 views

PYSEC-0000-CVE-2026-42359

A bug in Apache Airflow's XCom PATCH endpoint PATCH /api/v2/xcomEntries/key allowed an authenticated UI/API user with XCom write permission on a Dag to set XCom entries under reserved key names e.g. returnvalue that the matching POST endpoint already validated against FORBIDDENXCOMKEYS. The...

8.8CVSS5.8AI score0.0055EPSS
Exploits0References3Affected Software1
PyPA
PyPA
added 2026/06/01 9:16 a.m.14 views

PYSEC-2026-185

A bug in Apache Airflow's XCom PATCH endpoint PATCH /api/v2/xcomEntries/key allowed an authenticated UI/API user with XCom write permission on a Dag to set XCom entries under reserved key names e.g. returnvalue that the matching POST endpoint already validated against FORBIDDENXCOMKEYS. The...

8.8CVSS5.8AI score0.00592EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/06/01 7:49 a.m.20 views

EUVD-2026-33588

A bug in Apache Airflow's XCom PATCH endpoint PATCH /api/v2/xcomEntries/key allowed an authenticated UI/API user with XCom write permission on a Dag to set XCom entries under reserved key names e.g. returnvalue that the matching POST endpoint already validated against FORBIDDENXCOMKEYS. The...

8.8CVSS5.8AI score0.00592EPSS
Exploits0References3
MariaDBUnix
MariaDBUnix
added 2026/05/30 1:59 a.m.11 views

CVE-2026-48165

Disclaimer: This data contains information about vulnerable...

5.7AI score0.00967EPSS
Exploits0
EUVD
EUVD
added 2026/05/28 9:35 a.m.11 views

EUVD-2026-32766

In the Linux kernel, the following vulnerability has been resolved: smb: client: use kzalloc to zero-initialize security descriptor buffer Commit 62e7dd0a39c2d "smb: common: change the data type of numaces to le16" split struct smbacl's le32 numaces field into le16 numaces and le16 reserved. The...

5.9AI score0.00122EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/28 9:35 a.m.31 views

CVE-2026-46139 smb: client: use kzalloc to zero-initialize security descriptor buffer

In the Linux kernel, the following vulnerability has been resolved: smb: client: use kzalloc to zero-initialize security descriptor buffer Commit 62e7dd0a39c2d "smb: common: change the data type of numaces to le16" split struct smbacl's le32 numaces field into le16 numaces and le16 reserved. The...

0.00122EPSS
Exploits0References5
OSV
OSV
added 2026/05/28 9:35 a.m.2 views

CVE-2026-46139 smb: client: use kzalloc to zero-initialize security descriptor buffer

In the Linux kernel, the following vulnerability has been resolved: smb: client: use kzalloc to zero-initialize security descriptor buffer Commit 62e7dd0a39c2d "smb: common: change the data type of numaces to le16" split struct smbacl's le32 numaces field into le16 numaces and le16 reserved. The...

5.5CVSS5.9AI score0.00122EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.27 views

PT-2026-44262

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the SMB client, the build sec desc function uses a buffer allocated with kmalloc, which does not zero-initialize the memory. Due to a change in the struct smb acl where the num aces...

9.8CVSS6.2AI score0.03663EPSS
Exploits18References281
CVE
CVE
added 2026/05/27 3:30 p.m.43 views

CVE-2022-41656

CVE-2022-41656 describes a Missing Authorization vulnerability in the WordPress plugin Account Manager for WooCommerce . Affected versions are up to 2.1.2 (per CVE notices) with a broken access control that allows exploiting incorrectly configured access levels. The core issue is missing authoriz...

4.3CVSS5.8AI score0.00218EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 12:24 p.m.43 views

CVE-2025-71311 fs/ntfs3: Initialize new folios before use

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Initialize new folios before use KMSAN reports an uninitialized value in longestmatchstd, invoked from ntfscompresswrite. When new folios are allocated without being marked uptodate and nireadframe is skipped because th...

0.00155EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Change AMDGPUVARESERVEDTRAPSIZE to 64KB Currently, AMDGPUVARESERVEDTRAPSIZE is hardcoded to 8KB, while KFDCWSRTBATMASIZE is defined as 2 PAGESIZE. On systems with 4K pages, both values match 8KB, so allocation and...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: mm,hugetlb: Take the hugetlblock before decrementing h-resvhugepages. The h-hugepages counters are protected by the hugetlblock, but allochugepage has a corner-case scenario where it can decrement the counter outside of the lock...

5.5CVSS5.9AI score0.00147EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm – Requesting a reserved interrupt for the virtual function The device interrupt vector 3 is an error interrupt for physical functions, and it is also a reserved interrupt for virtual functions. However, the...

5.7AI score0.00182EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: riscv: fixed the reserved memory setup Currently, RISC-V sets up reserved memory using the “early” copy of the device tree. As a result, when trying to access a reserved memory region using ofreservedmemlookup, the pointer to the...

7.1CVSS6.2AI score0.00171EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: EFI: In runtime mode, a potential overflow of the size of the soft-reserved region has been fixed. If there are pages worth ≥ 4GB in a soft-reserved region, the value of mdsize will be reduced...

6CVSS6.2AI score0.00226EPSS
Exploits0References2
Rows per page
Query Builder