Lucene search
K

326 matches found

OSV
OSV
added 2026/03/23 10:45 p.m.2 views

CVE-2026-33046 Indico discloses local files resulting in Remote Code Execution through LaTeX injection

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.12, due to vulnerabilities in TeXLive and obscure LaTeX syntax that allowed circumventing Indico's LaTeX sanitizer, it is possible to use specially-crafted LaT...

7.7CVSS6AI score0.00782EPSS
Exploits0References8
CVE
CVE
added 2026/03/23 10:45 p.m.16 views

CVE-2026-33046

CVE-2026-33046 affects Indico (event management system) where, in versions prior to 3.3.12, TeXLive/LaTeX sanitizer bypass via specially crafted LaTeX snippets could read local files or execute code with server user privileges when server-side LaTeX rendering is enabled (XELATEX_PATH set). If ser...

8.8CVSS5.9AI score0.00782EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/23 10:45 p.m.2 views

CVE-2026-33046 Indico discloses local files resulting in Remote Code Execution through LaTeX injection

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.12, due to vulnerabilities in TeXLive and obscure LaTeX syntax that allowed circumventing Indico's LaTeX sanitizer, it is possible to use specially-crafted LaT...

7.7CVSS5.9AI score0.00782EPSS
Exploits0References6
OSV
OSV
added 2026/03/23 8:43 p.m.2 views

GHSA-RM2Q-F7JV-3CFP Indico discloses local files resulting in Remote Code Execution through LaTeX injection

!NOTE If server-side LaTeX rendering is not in use ie XELATEXPATH was not set in indico.conf, this vulnerability does not apply. Impact Due to vulnerabilities in TeXLive and obscure LaTeX syntax that allowed circumventing Indico's LaTeX sanitizer, it is possible to use specially-crafted LaTeX...

7.7CVSS6AI score0.00782EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/03/23 8:43 p.m.5 views

Indico discloses local files resulting in Remote Code Execution through LaTeX injection

!NOTE If server-side LaTeX rendering is not in use ie XELATEXPATH was not set in indico.conf, this vulnerability does not apply. Impact Due to vulnerabilities in TeXLive and obscure LaTeX syntax that allowed circumventing Indico's LaTeX sanitizer, it is possible to use specially-crafted LaTeX...

8.8CVSS6AI score0.00782EPSS
Exploits0References8Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.7 views

PT-2026-27251

!NOTE If server-side LaTeX rendering is not in use ie XELATEX PATH was not set in indico.conf, this vulnerability does not apply. Impact Due to vulnerabilities in TeXLive and obscure LaTeX syntax that allowed circumventing Indico's LaTeX sanitizer, it is possible to use specially-crafted LaTeX...

7.7CVSS6AI score0.00782EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2026/03/20 8:20 p.m.2 views

CVE-2026-33150

libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a use-after-free vulnerability in the iouring subsystem of libfuse allows a local attacker to crash FUSE filesystem processes and potentially execute arbitrary code. When iouring thread creati...

7.8CVSS6AI score0.0031EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/03/20 8:20 p.m.20 views

CVE-2026-33150

CVE-2026-33150 affects libfuse: the io_uring subsystem vulnerability exists from 3.18.0 up to just before 3.18.2. When io_uring thread creation fails due to resource exhaustion (e.g., cgroup pids.max), fuse_uring_start() frees the ring pool but stores a dangling pointer in the session state, caus...

7.8CVSS6AI score0.0031EPSS
Exploits0References6Affected Software1
Packet Storm News
Packet Storm News
added 2026/03/17 12:0 a.m.11 views

Wazuh 4.14.4

Wazuh is a free and open source security platform that unifies XDR and SIEM capabilities. It protects workloads across on-premises, virtualized, containerized, and cloud-based environments. This is the source code release...

5.9AI score
Exploits0
CBLMariner
CBLMariner
added 2026/03/10 10:56 p.m.3 views

CVE-2025-58190 affecting package containerized-data-importer for versions less than 1.62.0-2

CVE-2025-58190 affecting package containerized-data-importer for versions less than 1.62.0-2. A patched version of the package is available...

5.3CVSS5.8AI score0.00482EPSS
Exploits1
CBLMariner
CBLMariner
added 2026/03/10 10:56 p.m.4 views

CVE-2025-47911 affecting package containerized-data-importer for versions less than 1.62.0-2

CVE-2025-47911 affecting package containerized-data-importer for versions less than 1.62.0-2. A patched version of the package is available...

5.3CVSS5.8AI score0.00502EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/03/09 2:32 p.m.3 views

CVE-2025-47911 affecting package containerized-data-importer for versions less than 1.55.0-28

CVE-2025-47911 affecting package containerized-data-importer for versions less than 1.55.0-28. A patched version of the package is available...

5.3CVSS5.8AI score0.00502EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/05 12:0 a.m.4 views

openSUSE 16 Security Update : containerized-data-importer (openSUSE-SU-2026:20279-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20279-1 advisory. Update to version 1.64.0. Security issues fixed: - CVE-2024-28180: improper handling of highly compressed data bsc1235204. - CVE-2024-45338:...

7.5CVSS6AI score0.01956EPSS
Exploits0References9
GithubExploit
GithubExploit
added 2026/03/01 6:46 p.m.140 views

devops-security-pipeline-poc

DevOps Security Pipeline POC A security-integrated CI/CD pipe...

6AI score
Exploits0
OPENSUSE Linux
OPENSUSE Linux
added 2026/02/28 12:0 a.m.6 views

Security update for containerized-data-importer (important)

openSUSE security update: security update for containerized-data-importer ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20279-1 Rating: important References: bsc1235204 bsc1235365 bsc1239205 Cross-References: CVE-2024-28180 CVE-2024-45338...

8.7CVSS6.7AI score0.01956EPSS
Exploits0References3
OSV
OSV
added 2026/02/26 4:3 p.m.9 views

OPENSUSE-SU-2026:20279-1 Security update for containerized-data-importer

This update for containerized-data-importer fixes the following issues: Update to version 1.64.0. Security issues fixed: - CVE-2024-28180: improper handling of highly compressed data bsc1235204. - CVE-2024-45338: denial of service due to non-linear parsing of case-insensitive content bsc1235365. ...

7.5CVSS5.8AI score0.01956EPSS
Exploits0References6
OSV
OSV
added 2026/02/26 4:3 p.m.2 views

SUSE-SU-2026:20550-1 Security update for containerized-data-importer

This update for containerized-data-importer fixes the following issues: Update to version 1.64.0. Security issues fixed: - CVE-2024-28180: improper handling of highly compressed data bsc1235204. - CVE-2024-45338: denial of service due to non-linear parsing of case-insensitive content bsc1235365. ...

7.5CVSS6.7AI score0.01956EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/02/19 12:0 a.m.6 views

SUSE SLES15 Security Update : cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer (SUSE-SU-2026:0571-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:0571-1 advisory. Update to version 1.64.0 - Release notes https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.64.0 Also cdi was rebuilt...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/02/17 6:46 p.m.5 views

SUSE-SU-2026:0571-1 Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer

This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues: Update to version 1.64.0 - Release notes...

5.5AI score
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/02/11 12:0 a.m.3 views

Wazuh 4.14.3

Wazuh is a free and open source security platform that unifies XDR and SIEM capabilities. It protects workloads across on-premises, virtualized, containerized, and cloud-based environments. This is the source code release...

5.6AI score
Exploits0
Rows per page
Query Builder