Lucene search
K

28 matches found

Github Security Blog
Github Security Blog
added 2026/05/29 9:22 p.m.20 views

ouroboros-ai Vulnerable to Remote Code Execution via Untrusted Project-Directory .env

Impact A Remote Code Execution RCE vulnerability was discovered in Ouroboros. If a user clones a malicious repository and runs Ouroboros commands within that directory, it can lead to arbitrary code execution and potential system takeover. The vulnerability CWE-426: Untrusted Search Path & CWE-15...

6.4AI score0.00557EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/05/29 9:22 p.m.3 views

Untrusted Search Path

Overview ouroboros-ai is a Specification-first workflow engine for AI coding agents. Works with Claude Code and Codex CLI. Affected versions of this package are vulnerable to Untrusted Search Path in the process of loading environment variables from the local .env file in the project directory. A...

8.8CVSS6.2AI score0.00557EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 6:59 p.m.6 views

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value through the source.view path in font/sfnt. An attacker can force the parser to allocate a large read buffer by supplying a corrupt or malicious font file that advertises data beyond the file's...

6.1CVSS5.9AI score0.00112EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/21 6:59 p.m.20 views

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value through the source.view path in font/sfnt. An attacker can force the parser to allocate a large read buffer by supplying a corrupt or malicious font file that advertises data beyond the file's...

6.1CVSS5.9AI score0.00112EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/21 6:59 p.m.14 views

Memory Allocation with Excessive Size Value

Overview golang.org/x/image/webp is a Package webp implements a decoder for WEBP images. Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value. An attacker can cause a crash by supplying a WEBP image with an invalid, very large declared size, triggering a...

8.2CVSS5.5AI score0.0034EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/28 12:24 a.m.5 views

SUSE CVE-2026-33745

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.39.0, the cpp-httplib HTTP client forwards stored Basic Auth, Bearer Token, and Digest Auth credentials to arbitrary hosts when following cross-origin HTTP redirects 301/302/307/308. A malicious or...

7.5CVSS5.7AI score0.00262EPSS
Exploits1References3
Snyk
Snyk
added 2026/03/27 2:20 a.m.2 views

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the Authorization header when following cross-origin HTTP redirects. An attacker can obtain sensitive authentication credentials by redirecting a client to an attacker-controlled host. Remediatio...

9.1CVSS5.9AI score0.00262EPSS
Exploits1References2
NVD
NVD
added 2026/03/27 1:16 a.m.3 views

CVE-2026-33745

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.39.0, the cpp-httplib HTTP client forwards stored Basic Auth, Bearer Token, and Digest Auth credentials to arbitrary hosts when following cross-origin HTTP redirects 301/302/307/308. A malicious or...

7.4CVSS0.00262EPSS
Exploits1References1
OSV
OSV
added 2026/03/27 1:16 a.m.8 views

UBUNTU-CVE-2026-33745

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.39.0, the cpp-httplib HTTP client forwards stored Basic Auth, Bearer Token, and Digest Auth credentials to arbitrary hosts when following cross-origin HTTP redirects 301/302/307/308. A malicious or...

7.4CVSS5.7AI score0.00262EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/27 12:46 a.m.5 views

CVE-2026-33745 cpp-httplib Client Leaks Authentication Credentials to Untrusted Hosts on Cross-Origin HTTP Redirect

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.39.0, the cpp-httplib HTTP client forwards stored Basic Auth, Bearer Token, and Digest Auth credentials to arbitrary hosts when following cross-origin HTTP redirects 301/302/307/308. A malicious or...

7.4CVSS5.7AI score0.00262EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/27 12:46 a.m.4 views

EUVD-2026-16515

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.39.0, the cpp-httplib HTTP client forwards stored Basic Auth, Bearer Token, and Digest Auth credentials to arbitrary hosts when following cross-origin HTTP redirects 301/302/307/308. A malicious or...

7.4CVSS5.6AI score0.00262EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/27 12:46 a.m.5 views

CVE-2026-33745

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.39.0, the cpp-httplib HTTP client forwards stored Basic Auth, Bearer Token, and Digest Auth credentials to arbitrary hosts when following cross-origin HTTP redirects 301/302/307/308. A malicious or...

7.4CVSS5.6AI score0.00262EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2026/03/27 12:46 a.m.5 views

CVE-2026-33745

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.39.0, the cpp-httplib HTTP client forwards stored Basic Auth, Bearer Token, and Digest Auth credentials to arbitrary hosts when following cross-origin HTTP redirects 301/302/307/308. A malicious or...

7.4CVSS5.5AI score0.00262EPSS
Exploits1
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.10 views

cpp-httplib 信息泄露漏洞

cpp-httplib is a C++ library developed by Yhirose, which includes HTTP/HTTPS server and client components. Versions of cpp-httplib prior to 0.39.0 contained an information leakage vulnerability. This vulnerability stemmed from the HTTP client forwarding stored credentials when following...

7.4CVSS5.8AI score0.00262EPSS
Exploits1References1
NVD
NVD
added 2026/03/24 12:16 a.m.5 views

CVE-2026-33242

Salvo is a Rust web framework. Versions 0.39.0 through 0.89.2 have a Path Traversal and Access Control Bypass vulnerability in the salvo-proxy component. The vulnerability allows an unauthenticated external attacker to bypass proxy routing constraints and access unintended backend paths e.g.,...

7.5CVSS0.00565EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/02/10 3:32 p.m.5 views

Important: Red Hat Security Advisory: DevWorkspace Operator 0.39.0 release.

DevWorkspace Operator 0.39.0 has been released. The DevWorkspace Operator extends OpenShift to provide DevWorkspace support...

7.5CVSS6.6AI score0.00591EPSS
Exploits3References4
GithubExploit
GithubExploit
added 2025/12/25 8:21 a.m.228 views

Exploit for CVE-2025-59532

CVE-2025-59532 Docker Environment A Docker-based research env...

8.6CVSS7AI score0.00815EPSS
Exploits1
Kubernetes Security Advisories
Kubernetes Security Advisories
added 2025/12/17 7:23 p.m.4 views

Credential caching in Headlamp with Helm enabled

Original tracking issue: https://github.com/kubernetes-sigs/headlamp/issues/4282 CVSS Rating: High 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Description of vulnerability A security issue was discovered in the in-cluster version of Headlamp where unauthenticated users may be able to reuse...

8.8CVSS5.7AI score
Exploits2
RedhatCVE
RedhatCVE
added 2025/09/24 8:30 p.m.11 views

CVE-2025-59532

Codex CLI is a coding agent from OpenAI that runs locally. In versions 0.2.0 to 0.38.0, due to a bug in the sandbox configuration logic, Codex CLI could treat a model-generated cwd as the sandbox’s writable root, including paths outside of the folder where the user started their session. This log...

8.6CVSS7.1AI score0.00815EPSS
Exploits1References1
NVD
NVD
added 2025/09/22 9:16 p.m.19 views

CVE-2025-59532

Codex CLI is a coding agent from OpenAI that runs locally. In versions 0.2.0 to 0.38.0, due to a bug in the sandbox configuration logic, Codex CLI could treat a model-generated cwd as the sandbox’s writable root, including paths outside of the folder where the user started their session. This log...

8.6CVSS0.00815EPSS
Exploits1References3
Rows per page
Query Builder