Lucene search
K

121070 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.6 views

RHEL 9 : vim (RHSA-2026:28049)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28049 advisory. Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: arbitrary command execution via modeline sandbox...

8.2CVSS7.3AI score0.00552EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.4 views

Amazon Linux 2023 : python3.14-pip, python3.14-pip-wheel (ALAS2023-2026-1838)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1838 advisory. A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially...

8CVSS6.2AI score0.0032EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.3 views

Amazon Linux 2023 : compat-poppler22, compat-poppler22-cpp (ALAS2023-2026-1851)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1851 advisory. A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the...

7.8CVSS6.1AI score0.00252EPSS
Exploits0References4
Debian
Debian
added 2026/06/21 5:26 p.m.6 views

[SECURITY] [DSA 6359-1] gst-plugins-good1.0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6359-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 21, 2026 https://www.debian.org/security/faq -...

8.8CVSS6.2AI score0.00828EPSS
Exploits0
Snyk
Snyk
added 2026/06/21 5:11 p.m.5 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound due to improper handling of integer values in the storeAtts function. An attacker can cause memory corruption or potentially execute arbitrary code by providing specially crafted input that triggers the...

7.5CVSS6.2AI score0.00102EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/21 5:11 p.m.6 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the xmlwf process when the -d parameter is used to specify an output directory. An attacker can cause unintended behavior or potentially execute arbitrary code by providing a specially crafted output...

7.3CVSS6.2AI score0.00098EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/21 5:11 p.m.5 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the resolveSystemId function. An attacker can cause unexpected behavior or potentially execute arbitrary code by providing specially crafted input that triggers an integer overflow during processing...

7.5CVSS6.2AI score0.0011EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/21 5:9 p.m.5 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the endDoctypeDecl process when handling NOTATION declarations. An attacker can cause memory corruption or potentially execute arbitrary code by providing specially crafted XML input. Remediation A fix...

7.5CVSS6.2AI score0.0011EPSS
Exploits0References2
Debian
Debian
added 2026/06/21 2:0 p.m.6 views

[SECURITY] [DSA 6356-1] imagemagick security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6356-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 21, 2026 https://www.debian.org/security/faq -...

7.5CVSS6.3AI score0.00353EPSS
Exploits0
CVE
CVE
added 2026/06/21 1:26 p.m.15 views

CVE-2025-71348

CVE-2025-71348 affects the picklescan utility (pre-0.0.28) where malicious pickle payloads can invoke torch.utils._config_module.load_config during unpickling, bypassing detection and enabling remote code execution in supply-chain contexts. Documents describe a bypass in reduce methods that allow...

8.1CVSS6.7AI score0.00397EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/06/21 1:26 p.m.30 views

CVE-2025-71348 picklescan - Arbitrary Code Execution via torch.utils._config_module.load_config Bypass

picklescan before 0.0.28 fails to detect malicious pickle files that invoke torch.utils.configmodule.loadconfig function within reduce methods. Attackers can craft pickle files embedding arbitrary code that evades detection but executes during pickle.load, enabling remote code execution in supply...

8.1CVSS0.00397EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/21 12:0 a.m.6 views

Debian dsa-6356 : imagemagick - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6356 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6356-1 [email protected] https://www.debian.org/securit...

7.5CVSS6.5AI score0.00353EPSS
Exploits0References20
Tenable Nessus
Tenable Nessus
added 2026/06/21 12:0 a.m.12 views

Debian dsa-6358 : libhttp-daemon-perl - security update

The remote Debian 13 host has a package installed that is affected by a vulnerability as referenced in the dsa-6358 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6358-1 [email protected] https://www.debian.org/security/...

9.1CVSS6.2AI score0.01231EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/20 12:28 a.m.10 views

kernel: rxrpc: Fix RxGK token loading to check bounds

A flaw was found in the Linux kernel's rxrpc subsystem. An unprivileged local user could exploit an integer overflow vulnerability in the rxrpcpreparsexdryfsrxgk function. This flaw occurs when processing specially crafted key and ticket lengths, causing an incorrect memory allocation size...

7.8CVSS7.8AI score0.00143EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/19 7:35 p.m.7 views

Deserialization of Untrusted Data

Overview stanza is an A Python NLP Library for Many Human Languages, by the Stanford NLP Group Affected versions of this package are vulnerable to Deserialization of Untrusted Data while loading the lemma classifier due to unsafe fallback to torch.load..., weightsonly=False when the safe load...

7.7CVSS6.2AI score
Exploits0References2
Snyk
Snyk
added 2026/06/19 7:35 p.m.7 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the CRI checkpoint import. An attacker can cause arbitrary code execution by crafting a checkpoint image that forces the system to pull a malicious image and assign it an arbitrary local...

9.9CVSS6.5AI score0.00354EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/19 5:14 p.m.8 views

kernel: ALSA: aloop: Fix peer runtime UAF during format-change stop

A flaw was found in the Linux kernel's ALSA Advanced Linux Sound Architecture aloop driver. This Use-After-Free UAF vulnerability occurs when loopbackcheckformat stops the capture side during a format change, while a concurrent close operation detaches or frees the runtime. An attacker could...

7.8CVSS6.1AI score0.00103EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/19 4:39 p.m.7 views

kernel: ALSA: aloop: Fix peer runtime UAF during format-change stop

A flaw was found in the Linux kernel's ALSA Advanced Linux Sound Architecture aloop driver. This Use-After-Free UAF vulnerability occurs when loopbackcheckformat stops the capture side during a format change, while a concurrent close operation detaches or frees the runtime. An attacker could...

7.8CVSS6.1AI score0.00103EPSS
Exploits0References5
NVD
NVD
added 2026/06/19 3:16 p.m.11 views

CVE-2016-20090

Comodo Dragon Browser versions up to 52.15.25.663 contain a privilege escalation vulnerability in the DragonUpdater service due to an unquoted service path running with SYSTEM privileges. A local attacker can insert a malicious executable in the service path and execute arbitrary code with elevat...

8.5CVSS0.00122EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/19 2:16 p.m.8 views

EUVD-2016-10906

Wise Care 365 4.27 and Wise Disk Cleaner 9.29 contain unquoted service path vulnerabilities in the WiseBootAssistant and SpyHunter 4 Service respectively, allowing local users to execute arbitrary code with SYSTEM privileges. Attackers can insert malicious executables in the system root path that...

8.5CVSS6.2AI score0.0012EPSS
Exploits0References4
Rows per page
Query Builder