Lucene search
K

760 matches found

CVE
CVE
added 2026/05/07 12:56 a.m.16 views

CVE-2026-44597

CVE-2026-44597 affects Tor before 0.4.9.7. The issue is an out-of-bounds read when END, TRUNCATE, or a TRUNCATED cell lacks a reason in its payload (TROVE-2026-011). Impact as per sources includes high confidentiality and availability risks (CVSS). Exploitation details are not provided in the doc...

9.1CVSS5.8AI score0.0045EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/07 12:56 a.m.7 views

CVE-2026-44597

Tor before 0.4.9.7 has an out-of-bounds read when an END, a TRUNCATE, or a TRUNCATED cell lacks a reason in its payload, aka TROVE-2026-011...

3.7CVSS5.8AI score0.0045EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/07 12:56 a.m.35 views

CVE-2026-44597

Tor before 0.4.9.7 has an out-of-bounds read when an END, a TRUNCATE, or a TRUNCATED cell lacks a reason in its payload, aka TROVE-2026-011...

3.7CVSS0.0045EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/07 12:56 a.m.7 views

CVE-2026-44597

Tor before 0.4.9.7 has an out-of-bounds read when an END, a TRUNCATE, or a TRUNCATED cell lacks a reason in its payload, aka TROVE-2026-011...

3.7CVSS5.8AI score0.0045EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/05/07 12:56 a.m.10 views

CVE-2026-44597

Tor before 0.4.9.7 has an out-of-bounds read when an END, a TRUNCATE, or a TRUNCATED cell lacks a reason in its payload, aka TROVE-2026-011...

9.1CVSS5.8AI score0.0045EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.11 views

PT-2026-38337

Name of the Vulnerable Software and Affected Versions Tor versions prior to 0.4.9.7 Description A NULL pointer dereference occurs when a CERT cell is received out of order. A NULL pointer dereference is a runtime error that happens when a program attempts to read or write to a memory address that...

7.5CVSS5.8AI score0.0033EPSS
Exploits0References14
UbuntuCve
UbuntuCve
added 2026/05/07 12:0 a.m.9 views

CVE-2026-44597

Tor before 0.4.9.7 has an out-of-bounds read when an END, a TRUNCATE, or a TRUNCATED cell lacks a reason in its payload, aka TROVE-2026-011...

9.1CVSS5.8AI score0.0045EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.13 views

PT-2026-38321

Name of the Vulnerable Software and Affected Versions Tor versions prior to 0.4.9.7 Description An out-of-bounds read occurs during cell payload processing when an END, a TRUNCATE, or a TRUNCATED cell lacks a reason in its payload. Recommendations Update to version 0.4.9.7 or later...

9.1CVSS5.8AI score0.0045EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.13 views

PT-2026-38338

Name of the Vulnerable Software and Affected Versions Tor versions prior to 0.4.9.7 Description An out-of-bounds read of one byte can occur when processing a malformed BEGIN cell. Recommendations Update to version 0.4.9.7 or later...

9.1CVSS5.8AI score0.00342EPSS
Exploits0References14
UbuntuCve
UbuntuCve
added 2026/05/07 12:0 a.m.10 views

CVE-2026-44603

Tor before 0.4.9.7 has an out-of-bounds read by one byte via a malformed BEGIN cell, aka TROVE-2026-007...

9.1CVSS5.8AI score0.00342EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/05/07 12:0 a.m.7 views

CVE-2026-44602

Tor before 0.4.9.7 has a NULL pointer dereference when a CERT cell is received out of order, aka TROVE-2026-006...

7.5CVSS5.8AI score0.0033EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/06 8:48 p.m.4 views

CVE-2026-40296

PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. The HTML writer skips htmlspecialchars escaping when a cell's formatted value differs from the original value. When a cell has a custom number format containing the text placeholder @ along with any additional literal...

5.4CVSS5.4AI score0.00225EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 8:53 p.m.13 views

Kimai vulnerable to formula Injection via tag names in XLSX export

Summary Any ROLEUSER can create a tag with a formula string as its name e.g. =SUM54+51 via POST /api/tags and assign it to a timesheet. When an admin exports timesheets to XLSX, ArrayFormatter.formatValue joins tag names with implode and returns the result unchanged. OpenSpout promotes any...

6.8CVSS5.8AI score0.0022EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/05/05 3:45 a.m.37 views

CVE-2026-7810 UsamaK98 python-notebook-mcp server.py add_cell path traversal

A flaw has been found in UsamaK98 python-notebook-mcp up to a05a232815809a7e425b5fa7be26e0d4369894c2. Impacted is the function createnotebook/readnotebook/editcell/addcell of the file server.py. This manipulation causes path traversal. It is possible to initiate the attack remotely. The exploit h...

7.5CVSS0.0041EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/05 3:45 a.m.11 views

CVE-2026-7810 UsamaK98 python-notebook-mcp server.py add_cell path traversal

A flaw has been found in UsamaK98 python-notebook-mcp up to a05a232815809a7e425b5fa7be26e0d4369894c2. Impacted is the function createnotebook/readnotebook/editcell/addcell of the file server.py. This manipulation causes path traversal. It is possible to initiate the attack remotely. The exploit h...

7.5CVSS6.8AI score0.0041EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2026/05/05 12:0 a.m.8 views

Rayhunter IMSI Catcher Detector

Rayhunter is a project for detecting IMSI catchers, also known as cell-site simulators or stingrays. It was first designed to run on a cheap mobile hotspot called the Orbic RC400L, but thanks to community efforts, it can support some other devices as well. It's also designed to be as easy to...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.16 views

Python Notebook MCP 路径遍历漏洞

Python Notebook MCP is an interactive tool developed by Usama Khatab, allowing AI assistants to operate Jupyter notebooks. Python Notebook MCP has a path traversal vulnerability, which stems from issues with the functions createnotebook/readnotebook/editcell/addcell in the file server.py,...

7.5CVSS7.1AI score0.0041EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/04 4:37 p.m.6 views

CVE-2026-42811

In plain terms, Apache Polaris is supposed to issue short-lived GCS credentials that only work for one table's files, but a crafted namespace or table name can cause those credentials to work across the configured bucket instead. Apache Polaris builds Google Cloud Storage downscoped credentials b...

9.9CVSS5.7AI score0.00431EPSS
Exploits0References2
CVE
CVE
added 2026/05/04 4:37 p.m.16 views

CVE-2026-42811

CVE-2026-42811 : Apache Polaris builds Google Cloud Storage downscoped credentials via a Credential Access Boundary (CAB) with CEL conditions intended to constrain to a table path. The CEL string uses the bucket and table path; if a namespace/table identifier contains special content (e.g., a sin...

9.9CVSS5.7AI score0.00431EPSS
Exploits0References2Affected Software1
The Hacker News
The Hacker News
added 2026/04/30 1:55 p.m.25 views

ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories

The internet is noisy this week. We are seeing some wild new tactics, like people using fake cell towers to send scam texts, while some developers are accidentally downloading tools that peek into their private files during a simple install. It is definitely a busy time to be online. Security is...

10CVSS8AI score0.99999EPSS
Exploits125
Rows per page
Query Builder