7963 matches found
CVE-2025-67862
Technical details for CVE-2025-67862 are not publicly available in the provided documents. Monitor for updates.
CVE-2025-67862
An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability CWE-1244 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiPro...
CVE-2026-46284
A flaw was found in the Linux kernel's hugetlb memory management. A local user could exploit this by providing malformed kernel command-line parameters, such as hugepages or hugepagesz, without an '=' separator. This improper handling of input during early parameter parsing can lead to a system...
CVE-2026-11393 Code injection via improper triple-quote escaping in AgentCore CLI Bedrock Agent import
Improper neutralization of triple-quote characters during Python code generation in AgentCore CLI before v0.14.2 might allow an authenticated remote threat actor to execute arbitrary code on AWS AgentCore Runtime under the imported agent's IAM execution role and on the local environment of anothe...
apheris-auth (=0.23.0), apheris-cli (>=0.51.0 <=0.52.0) +1 more potentially affected by CVE-2026-41479 via authlib (=1.7.0)
authlib PYPI version =1.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on authlib and may be impacted: - apheris-auth =0.23.0 - apheris-cli =0.51.0, =1.3.0, =1.3.0b4 Source cves: CVE-2026-41479 Source advisory: OSV:GHSA-W8P2-R796-3VMQ...
CVE-2026-46284
In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix early boot crash on parameters without '=' separator If hugepages, hugepagesz, or defaulthugepagesz are specified on the kernel command line without the '=' separator, early parameter parsing passes NULL to...
CVE-2026-48103
7-Zip is a file archiver with a high compression ratio. Versions 9.34 through 26.00 contain an off-by-one heap out-of-bounds read in the WIM Windows Imaging archive handler's security descriptor lookup. In CHandler::GetSecurity CPP/7zip/Archive/Wim/WimHandler.cpp, the per-image SecurOffsets table...
SUSE-RU-2026:2237-1 Recommended update for aazure-cli, azure-cli-core, azure-cli-telemetry, python-argcomplete, python-azure-ai-agents, python-azure-ai-formrecognizer, python-azure-ai-metricsadvisor, python-azure-ai-projects, python-azure-ai-translation-document, python-azure-ai-translation-text, python-azure-appconfiguration, python-azure-appconfiguration-provider, python-azure-batch, python-azure-cognitiveservices-anomalydetector, python-azure-cognitiveservices-knowledge-qnamaker, python-azure-cognitiveservices-language-luis, python-azure-cognitiveservices-language-spellcheck, python-azure-cognitiveservices-language-textanalytics, python-azure-cognitiveservices-search-autosuggest, python-azure-cognitiveservices-search-customimagesearch, python-azure-cognitiveservices-search-customsearch, python-azure-cognitiveservices-search-entitysearch, python-azure-cognitiveservices-search-imagesearch, python-azure-cognitiveservices-search-videosearch, python-azure-cognitiveservices-search-websearch, python-azure-cognitiveservices-vision-computervision, python-azure-cognitiveservices-vision-contentmoderator, python-azure-cognitiveservices-vision-customvision, python-azure-cognitiveservices-vision-face python-azure-communication-callautomation, python-azure-communication-chat, python-azure-communication-email, python-azure-communication-messages, python-azure-communication-phonenumbers, python-azure-communication-rooms, python-azure-communication-sms, python-azure-core, python-azure-core-tracing-opencensus, python-azure-core-tracing-opentelemetry, python-azure-cosmos, python-azure-data-tables, python-azure-datalake-store, python-azure-developer-devcenter, python-azure-developer-loadtesting, python-azure-digitaltwins-core, python-azure-eventgrid, python-azure-eventhub, python-azure-eventhub-checkpointstoreblob, python-azure-eventhub-checkpointstoreblob-aio, python-azure-graphrbac, python-azure-health-deidentification, python-azure-healthinsights-radiologyinsights, python-azure-identity, python-azure-identity-broker, python-azure-keyvault-administration, python-azure-keyvault-certificates, python-azure-keyvault-keys, python-azure-keyvault-secrets, python-azure-keyvault-securitydomain, python-azure-maps-geolocation, python-azure-maps-route, python-azure-maps-timezone, python-azure-messaging-webpubsubclient, python-azure-messaging-webpubsubservice, python-azure-mgmt-apimanagement, python-azure-mgmt-appcomplianceautomation, python-azure-mgmt-appconfiguration, python-azure-mgmt-appcontainers, python-azure-mgmt-applicationinsights, python-azure-mgmt-appplatform, python-azure-mgmt-arizeaiobservabilityeval, python-azure-mgmt-astro, python-azure-mgmt-authorization, python-azure-mgmt-avs, python-azure-mgmt-azurestackhcivm, python-azure-mgmt-batch, python-azure-mgmt-batchai, python-azure-mgmt-billing, python-azure-mgmt-billingbenefits, python-azure-mgmt-carbonoptimization, python-azure-mgmt-cdn, python-azure-mgmt-chaos, python-azure-mgmt-cloudhealth, python-azure-mgmt-cognitiveservices, python-azure-mgmt-communication, python-azure-mgmt-compute, python-azure-mgmt-computefleet, python-azure-mgmt-computerecommender, python-azure-mgmt-computeschedule, python-azure-mgmt-confluent, python-azure-mgmt-connectedcache, python-azure-mgmt-containerinstance, python-azure-mgmt-containerorchestratorruntime, python-azure-mgmt-containerregistry, python-azure-mgmt-containerservice, python-azure-mgmt-containerservicefleet, python-azure-mgmt-containerservicesafeguards, python-azure-mgmt-core, python-azure-mgmt-cosmosdb, python-azure-mgmt-databasewatcher, python-azure-mgmt-databox, python-azure-mgmt-databoxedge, python-azure-mgmt-datafactory, python-azure-mgmt-datalake-store, python-azure-mgmt-datamigration, python-azure-mgmt-dataprotection, python-azure-mgmt-dellstorage, python-azure-mgmt-dependencymap, python-azure-mgmt-desktopvirtualization, python-azure-mgmt-devcenter, python-azure-mgmt-deviceregistry, python-azure-mgmt-devopsinfrastructure, python-azure-mgmt-devtestlabs, python-azure-mgmt-digitaltwins, python-azure-mgmt-dns, python-azure-mgmt-dnsresolver, python-azure-mgmt-durabletask, python-azure-mgmt-edgeorder, python-azure-mgmt-edgezones, python-azure-mgmt-elastic, python-azure-mgmt-elasticsan, python-azure-mgmt-eventgrid, python-azure-mgmt-eventhub, python-azure-mgmt-extendedlocation, python-azure-mgmt-fabric, python-azure-mgmt-frontdoor, python-azure-mgmt-hardwaresecuritymodules, python-azure-mgmt-hdinsight, python-azure-mgmt-hdinsightcontainers, python-azure-mgmt-healthcareapis, python-azure-mgmt-healthdataaiservices, python-azure-mgmt-hybridcompute, python-azure-mgmt-imagebuilder, python-azure-mgmt-impactreporting, python-azure-mgmt-informaticadatamanagement, python-azure-mgmt-iotfirmwaredefense, python-azure-mgmt-iothub, python-azure-mgmt-iotoperations, python-azure-mgmt-keyvault, python-azure-mgmt-kubernetesconfiguration-extensions, python-azure-mgmt-kubernetesconfiguration-extensiontypes, python-azure-mgmt-kubernetesconfiguration-fluxconfigurations, python-azure-mgmt-kusto, python-azure-mgmt-lambdatesthyperexecute, python-azure-mgmt-largeinstance, python-azure-mgmt-loganalytics, python-azure-mgmt-logz, python-azure-mgmt-media, python-azure-mgmt-migrationassessment, python-azure-mgmt-migrationdiscoverysap, python-azure-mgmt-mobilenetwork, python-azure-mgmt-mongocluster, python-azure-mgmt-mongodbatlas, python-azure-mgmt-monitor, python-azure-mgmt-msi, python-azure-mgmt-mysqlflexibleservers, python-azure-mgmt-neonpostgres, python-azure-mgmt-netapp, python-azure-mgmt-network, python-azure-mgmt-networkcloud, python-azure-mgmt-newrelicobservability, python-azure-mgmt-onlineexperimentation, python-azure-mgmt-oracledatabase, python-azure-mgmt-paloaltonetworksngfw, python-azure-mgmt-pineconevectordb, python-azure-mgmt-planetarycomputer, python-azure-mgmt-playwright, python-azure-mgmt-playwrighttesting, python-azure-mgmt-portalservicescopilot, python-azure-mgmt-postgresqlflexibleservers, python-azure-mgmt-powerbiembedded, python-azure-mgmt-privatedns, python-azure-mgmt-purestorageblock, python-azure-mgmt-quantum, python-azure-mgmt-qumulo, python-azure-mgmt-quota, python-azure-mgmt-rdbms, python-azure-mgmt-recoveryservices, python-azure-mgmt-recoveryservicesbackup, python-azure-mgmt-recoveryservicesdatareplication, python-dnspython, python-trio, python-websocket-client, python-anyio
This update for azure-cli, azure-cli-core, azure-cli-telemetry, python-argcomplete, python-azure-ai-agents, python-azure-ai-formrecognizer, python-azure-ai-metricsadvisor, python-azure-ai-projects, python-azure-ai-translation-document, python-azure-ai-translation-text,...
PT-2026-47356
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.12-1.1 Description A crash can occur during early boot if the kernel command line parameters hugepages, hugepagesz, or default hugepagesz are...
exploittracker
Exploit Tracker Go A small Go CLI that polls the public Po...
CVE-2025-68649
An improper limitation of a pathname to a restricted directory 'path traversal' vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer...
CVE-2025-53680
An improper neutralization of special elements used in an OS command "OS Command Injection" vulnerability CWE-78 vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, FortiAP 7.2 all versions, FortiAP 7.0 all versions, FortiAP 6.4 all versions, FortiAP-U 7.0.0 throug...
CVE-2026-25691
A improper limitation of a pathname to a restricted directory 'path traversal' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with...
CVE-2026-42150
wlc is a Weblate command-line client using Weblate's REST API. Prior to version 2.0.0, the HTML output format in wlc embeds API response data into HTML without escaping, allowing cross-site scripting when the output is rendered in a browser. This issue has been patched in version 2.0.0...
CVE-2026-0261
Multiple command injection vulnerabilities in Palo Alto Networks PAN-OS® software enable an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI. The security ri...
CVE-2026-9255
Missing input source validation in the tool authorization prompt in Kiro CLI before 1.28.0 allows a local attacker to execute arbitrary tools, including shell commands, without user approval by crafting content that is piped to kiro-cli via stdin. We recommend you to upgrade to kiro-cli version...
CVE-2026-6442
Improper validation of bash commands in Snowflake Cortex Code CLI versions prior to 1.0.25 allowed subsequent commands to execute outside the sandbox. An attacker could exploit this by embedding specially crafted commands in untrusted content, such as a malicious repository, causing the CLI agent...
CVE-2026-24085
Memory Corruption when processing display command line information due to improper initialization of a variable...
CVE-2026-48103 GHSL-2026-119 7-Zip WIM SecurityId OOB read
7-Zip is a file archiver with a high compression ratio. Versions 9.34 through 26.00 contain an off-by-one heap out-of-bounds read in the WIM Windows Imaging archive handler's security descriptor lookup. In CHandler::GetSecurity CPP/7zip/Archive/Wim/WimHandler.cpp, the per-image SecurOffsets table...
CVE-2026-48103
7-Zip is a file archiver with a high compression ratio. Versions 9.34 through 26.00 contain an off-by-one heap out-of-bounds read in the WIM Windows Imaging archive handler's security descriptor lookup. In CHandler::GetSecurity CPP/7zip/Archive/Wim/WimHandler.cpp, the per-image SecurOffsets table...