Lucene search
K

5142 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Platform/x86: dell-sysman: Fixed reference leak issue. If a duplicate attribute is found using ksetfindobj, a reference to that attribute is returned. This means that we need to handle it accordingly. In such cases, use kobjectpu...

5.5CVSS5.9AI score0.00189EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/19 12:31 a.m.8 views

EUVD-2026-37961

PraisonAI before 1.5.115 contains an information disclosure vulnerability in the MultiAgentLedger component that allows attackers to access sensitive data by registering agents with duplicate IDs. Attackers can exploit the lack of agent ID uniqueness enforcement to share ledger instances and expo...

7.1CVSS5.2AI score0.00256EPSS
Exploits0References4
NVD
NVD
added 2026/06/18 11:16 p.m.14 views

CVE-2026-56077

PraisonAI before 1.5.115 contains an information disclosure vulnerability in the MultiAgentLedger component that allows attackers to access sensitive data by registering agents with duplicate IDs. Attackers can exploit the lack of agent ID uniqueness enforcement to share ledger instances and expo...

7.1CVSS0.00256EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/18 10:12 p.m.21 views

CVE-2026-56077 PraisonAI - Information Disclosure via Shared MultiAgentLedger State

PraisonAI before 1.5.115 contains an information disclosure vulnerability in the MultiAgentLedger component that allows attackers to access sensitive data by registering agents with duplicate IDs. Attackers can exploit the lack of agent ID uniqueness enforcement to share ledger instances and expo...

7.1CVSS0.00256EPSS
Exploits0References3
CVE
CVE
added 2026/06/18 10:12 p.m.20 views

CVE-2026-56077

CVE-2026-56077 concerns PraisonAI before 1.5.115, where an information disclosure vulnerability exists in the MultiAgentLedger component. The root cause is failure to enforce unique agent IDs during registration, enabling attackers to share ledger instances and access sensitive data including sys...

7.1CVSS5.2AI score0.00256EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/18 10:12 p.m.8 views

CVE-2026-56077

PraisonAI before 1.5.115 contains an information disclosure vulnerability in the MultiAgentLedger component that allows attackers to access sensitive data by registering agents with duplicate IDs. Attackers can exploit the lack of agent ID uniqueness enforcement to share ledger instances and expo...

7.1CVSS5.3AI score0.00256EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.11 views

PT-2026-50808

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 1.5.115 Description An information disclosure issue exists in the MultiAgentLedger component. The system fails to enforce the uniqueness of agent IDs, allowing attackers to register agents with duplicate IDs. This...

7.1CVSS5.9AI score0.00256EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.12 views

PT-2026-50730

Name of the Vulnerable Software and Affected Versions OpenFGA versions prior to 1.18.0 Description When using MySQL as the datastore, the system may return identical responses for two distinct check requests. This occurs when authorization decisions depend on case-sensitive user strings...

2.1CVSS5.8AI score
Exploits0References4
CVE
CVE
added 2026/06/17 7:59 p.m.23 views

CVE-2026-54388

Tinyproxy (≤ 1.11.3) is affected by CVE-2026-54388. The issue occurs when a request contains multiple Content-Length headers with differing values: Tinyproxy forwards all duplicate headers to the backend but uses the first value to determine how many body bytes to consume. This desynchronizes pro...

9.3CVSS5.6AI score0.00439EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/17 7:59 p.m.6 views

CVE-2026-54388

Tinyproxy through 1.11.3, fixed in commit 364cdb6, fails to reject requests containing multiple Content-Length headers with differing values, forwarding all duplicate headers to the backend while using the first value to determine how many request body bytes to consume. Remote attackers can...

9.3CVSS5.6AI score0.00439EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/17 7:59 p.m.20 views

CVE-2026-54388 Tinyproxy - HTTP Request Smuggling via Duplicate Content-Length Headers

Tinyproxy through 1.11.3, fixed in commit 364cdb6, fails to reject requests containing multiple Content-Length headers with differing values, forwarding all duplicate headers to the backend while using the first value to determine how many request body bytes to consume. Remote attackers can...

9.3CVSS0.00439EPSS
Exploits0References4
OSV
OSV
added 2026/06/17 6:35 p.m.6 views

GHSA-4MPJ-78P6-RJ59 Duplicate Advisory: PickleScan's profile.run blocklist mismatch allows exec() bypass

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7wx9-6375-f5wh. This link is maintained to preserve external references. Original Description picklescan before 1.0.4 contains an incomplete blocklist for the profile module that fails to block the module-level...

9.8CVSS6.3AI score0.0046EPSS
Exploits0References3
OSV
OSV
added 2026/06/17 6:35 p.m.5 views

GHSA-CC5P-54X3-HCF8 Duplicate Advisory: Picklescan (scan_pytorch) Bypass via dynamic eval MAGIC_NUMBER

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-97f8-7cmv-76j2. This link is maintained to preserve external references. Original Description picklescan before 1.0.3 contains a scanning bypass vulnerability in the scanpytorch function that allows attackers to...

7.1CVSS6.1AI score0.00434EPSS
Exploits0References5
OSV
OSV
added 2026/06/17 6:35 p.m.3 views

GHSA-6V84-V468-3C7F Duplicate Advisory: Picklescan has Incomplete List of Disallowed Inputs

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-84r2-jw7c-4r5q. This link is maintained to preserve external references. Original Description picklescan before 0.0.33 contains an incomplete deny-list that fails to block pydoc.locate and operator.methodcaller...

9.8CVSS6.2AI score0.00623EPSS
Exploits0References4
OSV
OSV
added 2026/06/17 6:35 p.m.3 views

GHSA-5GP7-4733-2W2V Duplicate Advisory: Picklescan Bypasses Unsafe Globals Check using pty.spawn

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hgrh-qx5j-jfwx. This link is maintained to preserve external references. Original Description PickleScan before 0.0.33 fails to include the pty.spawn function in its unsafe globals list, allowing attackers to...

8.8CVSS6.1AI score0.00384EPSS
Exploits0References3
OSV
OSV
added 2026/06/16 9:31 p.m.4 views

GHSA-27PQ-2PH8-8X25 Duplicate Advisory: Shell positional parameters could weaken strict inline-eval checks

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5cj2-3jr2-5h77. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.2 contains an inline-eval bypass vulnerability allowing authenticated operators to weaken stri...

8.1CVSS5.5AI score0.0026EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/16 4:53 p.m.6 views

gnutls: gnutls: Denial of Service via DTLS packet reordering vulnerability

A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security DTLS packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This...

7.5CVSS5.3AI score0.01335EPSS
Exploits0References5
NVD
NVD
added 2026/06/15 6:16 p.m.10 views

CVE-2026-8358

LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identifier for two different kinds of change. The importer then treated one change object as a different, larger type and wrote past the end of its...

6.9CVSS0.00171EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 4:24 p.m.6 views

CVE-2026-8358 Heap buffer overflow in spreadsheet tracked-changes import

LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identifier for two different kinds of change. The importer then treated one change object as a different, larger type and wrote past the end of its...

6.9CVSS5.6AI score0.00171EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 4:24 p.m.10 views

EUVD-2026-36740

LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identifier for two different kinds of change. The importer then treated one change object as a different, larger type and wrote past the end of its...

6.9CVSS5.6AI score0.00171EPSS
Exploits0References1
Rows per page
Query Builder