Lucene search
K

120967 matches found

OSV
OSV
added 2026/06/08 7:36 p.m.7 views

USN-8408-1 php-twig vulnerability

It was discovered that Twig did not properly validate PHP callables when using a source policy. An authenticated user could possibly use this issue to execute arbitrary code...

9.9CVSS5.8AI score0.00738EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/08 6:39 p.m.8 views

libyang: libyang: Denial of Service or arbitrary code execution via maliciously crafted LYB binary blob

A flaw was found in libyang, a YANG data modeling language library. An integer overflow in the lybreadstring function can lead to a heap buffer overflow when parsing a maliciously crafted LYB binary blob. A remote attacker, by supplying this malicious LYB data to any libyang consumer such as a...

7.5CVSS6.4AI score0.00428EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/08 6:39 p.m.11 views

Important: Red Hat Security Advisory: libyang security update

An update for libyang is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

7.5CVSS6.2AI score0.00428EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/08 6:21 p.m.21 views

actual Allows Electron to Run As Node

Summary A electron run as node vulnerability was identified in actual macOS application, version 25.x Electron 39.2.7. Vulnerability Type: Electron Run As Node Description ELECTRONRUNASNODE fuse enabled Electron 39.2.7 — app can be converted to Node.js REPL for arbitrary code execution Impact An...

4.8CVSS6AI score0.00126EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/08 5:28 p.m.13 views

USN-8407-1 strongswan vulnerability

Elliott Childre discovered that strongSwan incorrectly handled the cloning of certain identities. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly execute arbitrary code...

5.6AI score
Exploits0References2
Ubuntu
Ubuntu
added 2026/06/08 5:28 p.m.13 views

USN-8407-1: strongSwan vulnerability

Elliott Childre discovered that strongSwan incorrectly handled the cloning of certain identities. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly execute arbitrary code...

5.6AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/08 4:50 p.m.9 views

CVE-2026-25856 OpenBullet2 0.3.2 Authenticated RCE via Job Configuration Interface

OpenBullet2 through version 0.3.2 contains an authenticated remote code execution vulnerability that allows authenticated users to execute arbitrary C code on the server host by creating or modifying job configurations. Attackers can leverage the plain C execution mode, which lacks reference...

8.8CVSS6.6AI score0.00473EPSS
Exploits0References2
OSV
OSV
added 2026/06/08 1:54 p.m.10 views

JLSEC-2026-607

Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled column as a "refint" cascade primary key and facilitate...

8.8CVSS6.4AI score0.00378EPSS
Exploits0References1
OSV
OSV
added 2026/06/08 1:54 p.m.7 views

JLSEC-2026-601

Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds. This may execute arbitrary code as the operating system user running the database. In applications that pass gigabyte-scale user...

8.8CVSS6AI score0.00668EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2026/06/08 12:43 p.m.9 views

USN-8399-1: Pillow vulnerabilities

It was discovered that Pillow incorrectly handled large glyph advance values in fonts. An attacker could possibly use this issue to cause Pillow to crash, resulting in a denial of service. CVE-2026-42308 It was discovered that Pillow incorrectly handled nested coordinate lists in certain APIs. An...

8.6CVSS7.6AI score0.0015EPSS
Exploits0
OSV
OSV
added 2026/06/08 12:20 p.m.6 views

USN-8397-1 jpeg-xl vulnerability

It was discovered that libjxl did not properly handle certain crafted PBM images. An attacker could possibly use this issue to cause libjxl to crash, resulting in a denial of service, or execute arbitrary code...

7.3CVSS5.8AI score0.00367EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2026/06/08 12:20 p.m.11 views

USN-8397-1: libjxl vulnerability

It was discovered that libjxl did not properly handle certain crafted PBM images. An attacker could possibly use this issue to cause libjxl to crash, resulting in a denial of service, or execute arbitrary code...

7.3CVSS5.8AI score0.00367EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/08 3:27 a.m.23 views

kernel: netfilter: nf_tables: release flowtable after rcu grace period on error

A flaw was found in the Linux kernel's netfilter component, specifically within the nftables subsystem. An error in releasing a flowtable after an RCU Read-Copy-Update grace period could lead to a use-after-free vulnerability. This issue could expose the flowtable to the packet path and...

7.8CVSS5.7AI score0.00119EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/08 1:52 a.m.20 views

Important: Red Hat Security Advisory: cockpit-image-builder security update

An update for cockpit-image-builder is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS6.8AI score0.01735EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.13 views

AgentCore CLI 代码注入漏洞

AgentCore CLI is an open-source AI agent development and deployment command-line tool developed by Amazon Web Services. Versions of AgentCore CLI prior to 0.14.2 contained a code injection vulnerability. This vulnerability stemmed from improper use of triple quotes in Python code generation. It...

9CVSS6.3AI score0.0034EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.10 views

PT-2026-47593

It was discovered that libjxl did not properly handle certain crafted PBM images. An attacker could possibly use this issue to cause libjxl to crash, resulting in a denial of service, or execute arbitrary code...

7.3CVSS5.8AI score0.00367EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.10 views

TencentOS Server 4: hplip (TSSA-2026:0404)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0404 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

9.8CVSS6.3AI score0.01333EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.16 views

PT-2026-47441

Name of the Vulnerable Software and Affected Versions YesWiki versions prior to 4.6.6 Description An unsafe execution issue exists in the Bazar form field calculator CalcField.php. The application uses a complex recursive regular expression to sanitize user-defined mathematical formulas before th...

9.8CVSS5.9AI score0.00561EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.14 views

TencentOS Server 4: perl-IO-Compress (TSSA-2026:0426)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0426 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

7.8CVSS6.1AI score0.00292EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.6 views

MiracleLinux 8 : httpd:2.4 (AXSA:2026-762:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-762:01 advisory. httpd: Apache HTTP Server: HTTP/2 DoS by Memory Increase CVE-2025-53020 httpd: modproxyajp: heap-based buffer over-read and memory disclosure in...

9.8CVSS7.3AI score0.04409EPSS
Exploits1References7
Rows per page
Query Builder