Lucene search
K

731 matches found

NVD
NVD
added 2 days ago7 views

CVE-2026-14699

A weakness has been identified in zcaceres markdownify-mcp up to 1.1.0. The affected element is the function assertPathAllowed of the file src/Markdownify.ts. Executing a manipulation can lead to symlink following. The attack can only be executed locally. The pull request to fix this issue awaits...

4.8CVSS0.00137EPSS
Exploits0References7
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-41724

A weakness has been identified in zcaceres markdownify-mcp up to 1.1.0. The affected element is the function assertPathAllowed of the file src/Markdownify.ts. Executing a manipulation can lead to symlink following. The attack can only be executed locally. The pull request to fix this issue awaits...

4.8CVSS5.6AI score0.00137EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2 days ago5 views

CVE-2026-14699

A weakness has been identified in zcaceres markdownify-mcp up to 1.1.0. The affected element is the function assertPathAllowed of the file src/Markdownify.ts. Executing a manipulation can lead to symlink following. The attack can only be executed locally. The pull request to fix this issue awaits...

4.8CVSS5.6AI score0.00137EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2026/06/25 9:16 p.m.7 views

CVE-2026-38640

A reachable unwrap in the assertfail function /assert/mod.rs of relibc commit 61f42d allows attackers to cause a Denial of Service DoS via a crafted string...

7.5CVSS0.00446EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.7 views

PT-2026-52580

Name of the Vulnerable Software and Affected Versions relibc affected versions not specified Description A reachable unwrap in the assert fail function located in /assert/mod.rs allows attackers to cause a Denial of Service DoS by providing a crafted string. An unwrap is a operation that attempts...

5.8AI score0.00446EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/25 12:0 a.m.5 views

CVE-2026-38640

A reachable unwrap in the assertfail function /assert/mod.rs of relibc commit 61f42d allows attackers to cause a Denial of Service DoS via a crafted string...

5.9AI score0.00446EPSS
Exploits0References5
CVE
CVE
added 2026/06/25 12:0 a.m.8 views

CVE-2026-38640

CVE-2026-38640 affects relibc. A reachable unwrap in the __assert_fail function (/assert/mod.rs) from commit 61f42d may cause a Denial of Service via a crafted string. The vulnerability is evidenced in multiple sources (NVD record, cve lists, and third-party reports) with CVSS:3.1/AV:N/AC:L/PR:N/...

7.5CVSS5.9AI score0.00446EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.12 views

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a missing bounds check in smartcardunpackreadsizealign libfreerdp/utils/smartcardpack.c:1703 allowed a malicious RDP server to crash the FreeRDP client through a reachable WINPRASSERT → abort mechanism. This...

6.5CVSS5.8AI score0.00256EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/06/23 10:55 a.m.4 views

urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers

A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via ProxyManager.connectionfromurl.urlopen with assertsamehost=False, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitiv...

8.2CVSS5.9AI score0.00527EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/23 10:47 a.m.5 views

urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers

A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via ProxyManager.connectionfromurl.urlopen with assertsamehost=False, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitiv...

8.2CVSS5.9AI score0.00527EPSS
Exploits0References5
CVE
CVE
added 2026/06/22 10:18 p.m.32 views

CVE-2026-41523

vLLM prior to 0.22.0 is affected by an assert-based security check in the activation function loading that can permit arbitrary code execution when a malicious HuggingFace model is loaded and vLLM runs in Python optimized mode. The attacker-controlled inputs are the activation function names from...

7.5CVSS6.5AI score0.00463EPSS
Exploits1References6Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/22 2:50 p.m.5 views

urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers

A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via ProxyManager.connectionfromurl.urlopen with assertsamehost=False, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitiv...

8.2CVSS5.9AI score0.00527EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/19 8:8 a.m.9 views

Malicious code in assert-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e21fa9c37e9944a00f7e85c7476f8fd4dc6bcd1f8fcd064a90488ef93d5bd12 [email protected] impersonates the chai assertion library bundles chai's source, contributors, and API surface under a different author and homepage...

6AI score
Exploits0References2
OSV
OSV
added 2026/06/19 8:8 a.m.8 views

MAL-2026-6200 Malicious code in assert-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e21fa9c37e9944a00f7e85c7476f8fd4dc6bcd1f8fcd064a90488ef93d5bd12 [email protected] impersonates the chai assertion library bundles chai's source, contributors, and API surface under a different author and homepage...

6AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.12 views

PT-2026-50140

Name of the Vulnerable Software and Affected Versions vLLM versions prior to 0.22.0 Description An assert-based security check in the activation function loading process allows an unauthenticated attacker to achieve arbitrary code execution on the server. This occurs when vLLM is run in Python...

7.5CVSS7.4AI score0.00463EPSS
Exploits1References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 11:33 p.m.6 views

Malicious code in chai-smart-assert (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 44c476c94a62f5a3949ef8e6173aae3a6fa9b4411d7b157d06ea96835fbf258c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score
Exploits0References1
OSV
OSV
added 2026/06/15 11:33 p.m.7 views

MAL-2026-5843 Malicious code in chai-smart-assert (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 44c476c94a62f5a3949ef8e6173aae3a6fa9b4411d7b157d06ea96835fbf258c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/15 4:36 p.m.12 views

tmp: Type-confusion bypass of _assertPath allows path traversal via non-string prefix/postfix/template

Summary The assertPath guard added to [email protected] rejects only string values that contain the substring ... It is bypassed when prefix, postfix, or template is supplied as a non-string value Array, Buffer, or any object whose includes'..' returns falsy but whose stringification still contains ../...

8.2CVSS5.6AI score0.00496EPSS
Exploits1References3Affected Software1
Redos
Redos
added 2026/06/15 12:0 a.m.5 views

ROS-20260615-73-0014

The vulnerability of the smartcardunpackreadsizealign function libfreerdp/utils/smartcardpack.c:1703 is related to the use of the assert or similar operator in the RDP client FreeRDP. Exploiting this vulnerability may allow a remote attacker to cause the application to terminate abnormally...

6.5CVSS6.4AI score0.00256EPSS
Exploits1
NVD
NVD
added 2026/06/01 5:16 p.m.13 views

CVE-2026-37227

FlexRIC v2.0.0 contains reachable assert0 calls in stub message handlers for whitelisted but unimplemented E2AP message types in the near-RT RIC. A remote unauthenticated attacker can send a decodable E2AP PDU of such a type e.g., E2nodeConfigurationUpdate to crash the near-RT RIC process port...

7.5CVSS0.00415EPSS
Exploits0References2
Rows per page
Query Builder