Lucene search
+L

121 matches found

NVD
NVD
added 2026/04/04 12:16 a.m.7 views

CVE-2026-34778

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, a service worker running in a session could spoof reply messages on the internal IPC channel used by webContents.executeJavaScript and...

6.5CVSS0.00123EPSS
Exploits0References1
CVE
CVE
added 2026/04/03 11:59 p.m.29 views

CVE-2026-34778

Electron: Service worker spoof IPC replies flaw allows a session service worker to spoof internal IPC replies used by webContents.executeJavaScript, causing the main-process promise to resolve with attacker-controlled data. Affected only if service workers are registered and the result of execute...

6.5CVSS5.8AI score0.00123EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/04/03 2:44 a.m.2 views

Insufficient Verification of Data Authenticity

Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via the webContents.executeJavaScript function. An attacker...

6.5CVSS5.9AI score0.00123EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/30 11:13 p.m.5 views

CVE-2026-33984

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A remote attacker could exploit a heap buffer overflow vulnerability in the resizevbarentry function. This occurs when an error in buffer resizing leads to attacker-controlled pixel data being written into an...

7.5CVSS6.1AI score0.00398EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/17 8:5 p.m.12 views

Unauthenticated Remote Code Execution in Langflow via Public Flow Build Endpoint

Summary The POST /api/v1/buildpublictmp/flowid/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses attacker-controlled flow data containing arbitrary Python code in node definitions instead of the stored flow...

9.8CVSS6.5AI score0.98191EPSS
Exploits22References12Affected Software1
Debian CVE
Debian CVE
added 2026/03/10 4:16 p.m.6 views

CVE-2026-30930

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize method wraps string values in single quotes but does not escape embedded single...

9.8CVSS5.7AI score0.00364EPSS
Exploits1
NVD
NVD
added 2026/03/10 7:43 a.m.7 views

CVE-2026-28690

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a stack buffer overflow vulnerability exists in the MNG encoder. There is a bounds checks missing that could corrupting the stack with attacker-controlled data...

6.9CVSS0.00096EPSS
Exploits0References1
CVE
CVE
added 2026/03/09 9:39 p.m.47 views

CVE-2026-28690

ImageMagick contains a stack write buffer overflow in the MNG encoder, affecting versions prior to 7.1.2-16 and 6.9.13-41 due to missing bounds checks that can allow attacker‑controlled data to corrupt the stack. The vulnerability has a CVSS 3.1 base score of 6.9 (MEDIUM) with LOCAL attack vector...

6.9CVSS6.1AI score0.00096EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2026/02/18 9:23 a.m.8 views

Denial Of Service (DoS)

ajv is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to passing attacker-controlled values from $data references directly into the JavaScript RegExp constructor without validation. This allowing malicious regex patterns that trigger catastrophic backtracking a...

7.5CVSS5.6AI score0.00492EPSS
Exploits1References38Affected Software1
CNNVD
CNNVD
added 2026/02/11 12:0 a.m.10 views

Manga/Image Translator 代码问题漏洞

Manga/Image Translator is a text-to-image translation tool developed by zyddnys’ individual developers. Beta versions of Manga/Image Translator, such as 0.3 and earlier, had code vulnerabilities. These vulnerabilities stemmed from the use of pickle.loads to deserialize request bodies controlled b...

9.3CVSS6.2AI score0.00923EPSS
Exploits1References6
CVE
CVE
added 2026/01/20 1:1 a.m.153 views

CVE-2026-23876

CVE-2026-23876 – ImageMagick heap buffer overflow (ReadXBMImage) Affected software: ImageMagick versions prior to 7.1.2-13 and 6.9.13-38.Root cause: heap buffer overflow in the XBM image decoder during processing of crafted images.Impact: attacker can write data past the allocated heap buffer, po...

9.8CVSS5.9AI score0.00609EPSS
Exploits1References6Affected Software1
Snyk
Snyk
added 2025/12/23 11:4 p.m.5 views

Deserialization of Untrusted Data

Overview langchain-core is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the dumps and dumpd functions when user-controlled data containing the lc key is serialized and later deserialized. This key...

9.3CVSS8.2AI score0.1383EPSS
Exploits5References2
Veracode
Veracode
added 2025/11/09 8:59 a.m.9 views

OS Command Injection

@react-native-community/cli is vulnerable to OS Command Injection. The vulnerability is due to an exposed endpoint that accepts attacker-controlled POST data and passes it to system execution paths without proper sanitization, which allows an unauthenticated network attacker to run arbitrary...

9.8CVSS7.6AI score0.62378EPSS
Exploits5References13Affected Software2
EUVD
EUVD
added 2025/10/30 12:31 a.m.7 views

EUVD-2025-36737

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped...

5.3CVSS6.2AI score0.00443EPSS
Exploits0References5
NVD
NVD
added 2025/10/29 11:16 p.m.7 views

CVE-2025-58189

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped...

5.3CVSS0.00443EPSS
Exploits0References5
OSV
OSV
added 2025/10/29 11:16 p.m.5 views

UBUNTU-CVE-2025-58189

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped...

5.3CVSS6.9AI score0.00443EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/10/29 10:10 p.m.12 views

CVE-2025-58189 ALPN negotiation error contains attacker controlled information in crypto/tls

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped...

0.00443EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/10/29 10:10 p.m.5 views

CVE-2025-58189 ALPN negotiation error contains attacker controlled information in crypto/tls

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped...

6.3AI score0.00443EPSS
Exploits0References4
CVE
CVE
added 2025/10/29 10:10 p.m.42 views

CVE-2025-58189

CVE-2025-58189 : IBM bulletin details this vulnerability: when Conn.Handshake fails during ALPN negotiation, the error may include attacker-controlled data (the client-sent ALPN protocols) and is not escaped. This can reveal sensitive info in logs. CVSS v3.1 base score 5.3 (Network, Low/None impa...

5.3CVSS6.3AI score0.00443EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/10/29 10:10 p.m.11 views

CVE-2025-58189 ALPN negotiation error contains attacker controlled information in crypto/tls

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped...

5.3CVSS6.7AI score0.00443EPSS
Exploits0References8
Rows per page
Query Builder