Lucene search
+L

96 matches found

OSV
OSV
added 2026/07/01 12:0 a.m.4 views

OPENSUSE-SU-2026:11166-1 c3p0-0.14.1-1.1 on GA media

These are all security issues fixed in the c3p0-0.14.1-1.1 package on the GA media of openSUSE Tumbleweed...

6.3CVSS5.8AI score0.00284EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.12 views

CVE-2026-45222

Summarize versions through 0.14.1, fixed in commit 0cfb0fb, creates the daemon configuration directory and file with default filesystem permissions that may be world-readable on Unix-like systems, allowing local attackers to read bearer tokens and API credentials stored in /.summarize/daemon.json...

6.9CVSS5.5AI score0.00098EPSS
Exploits0References1
NVD
NVD
added 2026/05/28 7:16 p.m.12 views

CVE-2026-4944

vllm-project/vllm version 0.14.1 contains a vulnerability where the trustremotecode=True parameter is hardcoded in two model implementation files vllm/modelexecutor/models/nemotronvl.py and vllm/modelexecutor/models/kimik25.py. This bypasses the user's explicit --trust-remote-code=False setting,...

8.8CVSS0.00747EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 6:4 p.m.10 views

CVE-2026-4944 Hardcoded trust_remote_code=True in vllm-project/vllm Bypasses User Security Control

vllm-project/vllm version 0.14.1 contains a vulnerability where the trustremotecode=True parameter is hardcoded in two model implementation files vllm/modelexecutor/models/nemotronvl.py and vllm/modelexecutor/models/kimik25.py. This bypasses the user's explicit --trust-remote-code=False setting,...

8.8CVSS7.9AI score0.00747EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/11 9:31 p.m.16 views

@steipete/summarize allows local attackers to read bearer tokens and API credentials stored in ~/.summarize/daemon.json

Summarize versions through 0.14.1, fixed in commit 0cfb0fb, creates the daemon configuration directory and file with default filesystem permissions that may be world-readable on Unix-like systems, allowing local attackers to read bearer tokens and API credentials stored in /.summarize/daemon.json...

6.9CVSS5.8AI score0.00098EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/05/11 9:31 p.m.18 views

GHSA-QP7V-GJGG-4MJ6 @steipete/summarize allows local attackers to read bearer tokens and API credentials stored in ~/.summarize/daemon.json

Summarize versions through 0.14.1, fixed in commit 0cfb0fb, creates the daemon configuration directory and file with default filesystem permissions that may be world-readable on Unix-like systems, allowing local attackers to read bearer tokens and API credentials stored in /.summarize/daemon.json...

6.9CVSS5.8AI score0.00098EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/11 6:0 p.m.8 views

CVE-2026-45222 Summarize Insecure Daemon Configuration File Permissions

Summarize versions through 0.14.1, fixed in commit 0cfb0fb, creates the daemon configuration directory and file with default filesystem permissions that may be world-readable on Unix-like systems, allowing local attackers to read bearer tokens and API credentials stored in /.summarize/daemon.json...

6.9CVSS5.8AI score0.00098EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/09 3:59 a.m.13 views

EUVD-2026-28896

pyp2spec generates working Fedora RPM spec file for Python projects. Prior to version 0.14.1, pyp2spec was writing PyPI package metadata e.g. the summary field into the generated spec file without escaping RPM macro directives. When a packager then runs rpmbuild, those directives get evaluated, s...

7.8CVSS6AI score0.00197EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/09 12:0 a.m.10 views

pyp2spec 输入验证错误漏洞

pyp2spec is a Python tool for generating Fedora RPM specification files from the individual developer Karolina Surma. An input validation error vulnerability exists in pyp2spec versions prior to 0.14.1, which stems from the failure to escape RPM macro commands when generating a spec file, which...

7.8CVSS5.9AI score0.00197EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/04 8:14 p.m.16 views

Arbitrary Code Injection

Overview pyp2spec is a Generate a valid Fedora specfile from Python package from PyPI Affected versions of this package are vulnerable to Arbitrary Code Injection in the process of writing package metadata into the generated spec file without escaping RPM macro directives. An attacker can execute...

8.5CVSS6.1AI score0.00197EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.5 views

Fedora 45 : pyp2spec (2026-9ba2d85db0)

The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-9ba2d85db0 advisory. Automatic update for pyp2spec-0.14.1-1.fc45. Changelog Tue Apr 21 2026 Packit - 0.14.1-1 - Update to 0.14.1 upstream release - Resolves: rhbz2460051 -...

5.8AI score
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/03/04 12:27 a.m.4 views

SUSE CVE-2026-25229

Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have a broken access control vulnerability which allows authenticated users with write access to any repository to modify labels belonging to other repositories. The UpdateLabel function in the Web UI...

6.5CVSS5.8AI score0.00254EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/04 12:27 a.m.4 views

SUSE CVE-2026-25232

Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have an access control bypass vulnerability which allows any repository collaborator with Write permissions to delete protected branches including the default branch by sending a direct POST request, completely bypassing th...

8.8CVSS5.8AI score0.00436EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/04 12:27 a.m.9 views

SUSE CVE-2026-25242

Gogs is an open source self-hosted Git service. Versions 0.13.4 and below expose unauthenticated file upload endpoints by default. When the global RequireSigninView setting is disabled default, any remote user can upload arbitrary files to the server via /releases/attachments and...

9.8CVSS5.8AI score0.00618EPSS
Exploits1References3
OSV
OSV
added 2026/02/23 6:23 p.m.5 views

GO-2026-4500 Unauthenticated File Upload in Gogs in gogs.io/gogs

Unauthenticated File Upload in Gogs in gogs.io/gogs. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the...

9.8CVSS5.5AI score0.00618EPSS
Exploits1References5
OSV
OSV
added 2026/02/23 6:23 p.m.6 views

GO-2026-4498 Gogs has a Protected Branch Deletion Bypass in Web Interface in gogs.io/gogs

Gogs has a Protected Branch Deletion Bypass in Web Interface in gogs.io/gogs. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please...

8.8CVSS5.5AI score0.00436EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/02/20 7:22 a.m.4 views

CVE-2026-25229

Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have a broken access control vulnerability which allows authenticated users with write access to any repository to modify labels belonging to other repositories. The UpdateLabel function in the Web UI...

6.5CVSS5.7AI score0.00254EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/20 7:22 a.m.6 views

CVE-2026-25242

Gogs is an open source self-hosted Git service. Versions 0.13.4 and below expose unauthenticated file upload endpoints by default. When the global RequireSigninView setting is disabled default, any remote user can upload arbitrary files to the server via /releases/attachments and...

9.8CVSS5.8AI score0.00618EPSS
Exploits1References1
NVD
NVD
added 2026/02/19 7:17 a.m.8 views

CVE-2026-25229

Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have a broken access control vulnerability which allows authenticated users with write access to any repository to modify labels belonging to other repositories. The UpdateLabel function in the Web UI...

6.5CVSS0.00254EPSS
Exploits1References2
NVD
NVD
added 2026/02/19 7:17 a.m.8 views

CVE-2026-25232

Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have an access control bypass vulnerability which allows any repository collaborator with Write permissions to delete protected branches including the default branch by sending a direct POST request, completely bypassing th...

8.8CVSS0.00436EPSS
Exploits1References4
Rows per page
Query Builder