Lucene search
K

19538 matches found

CNNVD
CNNVD
added 2026/06/03 12:0 a.m.8 views

OP-TEE Trusted OS 资源管理错误漏洞

OP-TEE Trusted OS is an implementation of the OP-TEE open-source project, which creates an open-source Trusted Execution Environment TEE that utilizes Arm TrustZone technology. In versions 3.16.0 to 4.11.0 of OP-TEE Trusted OS, there was a resource management vulnerability. This vulnerability...

7.8CVSS5.3AI score0.00187EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.11 views

PT-2026-46091

Summary The environment variables used during the rendering of the Kubernetes manifest allow YAML injection, enabling attackers to overwrite existing keys like securityContext and inject multi-document YAML to create additional unintended Kubernetes resources. Details The server interpolates...

10CVSS6.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.12 views

PT-2026-46096

Summary The environment variables KERNEL XXX used during the rendering of the Kubernetes manifest are vulnerable to Server Side Template Injection SSTI. By including Jinja2 template expressions it is possible to execution Python code and OS Commands in the Enterprise Gateway service. The code can...

10CVSS6.4AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-45702

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology...

5.5CVSS5.9AI score0.00155EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-45614

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology...

4.7CVSS5.8AI score0.00096EPSS
Exploits1References3
NVD
NVD
added 2026/06/02 11:16 p.m.14 views

CVE-2026-32625

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, the Model Context Protocol MCP server integration resolves $VAR placeholders against the server's process.env during Zod schema validation of user-supplied MCP server URLs. Any...

9.6CVSS0.0294EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/02 10:35 p.m.9 views

CVE-2026-32625

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, the Model Context Protocol MCP server integration resolves $VAR placeholders against the server's process.env during Zod schema validation of user-supplied MCP server URLs. Any...

9.6CVSS5.8AI score0.0294EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/06/02 10:35 p.m.10 views

EUVD-2026-34046

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, the Model Context Protocol MCP server integration resolves $VAR placeholders against the server's process.env during Zod schema validation of user-supplied MCP server URLs. Any...

9.6CVSS5.8AI score0.0294EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/02 10:1 p.m.12 views

CVE-2026-44709

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, pamusb-pinentry reads the PINENTRYFALLBACKAPP environment variable and executes it directly without any validation. Any process that can set environment variables before pamusb-pinentry is invoked ca...

7.8CVSS6AI score0.00151EPSS
Exploits0References1
NVD
NVD
added 2026/06/02 4:16 p.m.12 views

CVE-2026-10591

Insufficient access control restrictions in the file write tool in Amazon Kiro IDE before version 0.11 might allow remote unauthenticated actors to execute arbitrary commands via crafted instructions that cause writes to execution-sensitive paths such as .vscode/tasks.json, enabling auto-executio...

8.8CVSS0.00373EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/06/02 3:48 p.m.69 views

Exploit for OS Command Injection in Gnu Bash

HackTheBox: Shocker Writeup A structured and professional walk...

10CVSS7.6AI score0.99999EPSS
Exploits130
OSV
OSV
added 2026/06/02 12:48 p.m.8 views

USN-8366-1 luanti vulnerabilities

It was discovered that Luanti, when using LuaJIT, did not properly enforce Lua sandbox restrictions. An attacker could possibly use this issue to execute arbitrary code. CVE-2026-40959 It was discovered that Luanti did not properly restrict access to insecure environments. An attacker could...

9.3CVSS6.1AI score0.00182EPSS
Exploits0References3
Ubuntu
Ubuntu
added 2026/06/02 12:48 p.m.11 views

USN-8366-1: Luanti vulnerabilities

It was discovered that Luanti, when using LuaJIT, did not properly enforce Lua sandbox restrictions. An attacker could possibly use this issue to execute arbitrary code. CVE-2026-40959 It was discovered that Luanti did not properly restrict access to insecure environments. An attacker could...

9.3CVSS6.1AI score0.00182EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/02 10:0 a.m.11 views

Malicious code in bt-signal-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d56152c37c3a078b771d2578dd86495783b51b886c96aa7ebb66a7ec36d72a24 During import, package exfiltrates environment variables and cloud tokens to a hardcoded location. --- Category: MALICIOUS - The campaign has clearly malicious...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/06/02 10:0 a.m.9 views

MAL-2026-5160 Malicious code in bt-signal-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d56152c37c3a078b771d2578dd86495783b51b886c96aa7ebb66a7ec36d72a24 During import, package exfiltrates environment variables and cloud tokens to a hardcoded location. --- Category: MALICIOUS - The campaign has clearly malicious...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/06/02 4:59 a.m.8 views

MAL-2026-5152 Malicious code in quant-backtest-helpers (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ed851ff141e13db6dd7c16a3d4f1b3b92eb9fa6a917f5243ba22ccb933554e43 During import, package exfiltrates environment variables and cloud tokens to a hardcoded location. --- Category: MALICIOUS - The campaign has clearly malicious...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/02 4:59 a.m.19 views

Malicious code in quant-backtest-helpers (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ed851ff141e13db6dd7c16a3d4f1b3b92eb9fa6a917f5243ba22ccb933554e43 During import, package exfiltrates environment variables and cloud tokens to a hardcoded location. --- Category: MALICIOUS - The campaign has clearly malicious...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/02 2:56 a.m.13 views

Malicious code in parsimonius (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a5ab85a46a37da928774b1885049b71d40d675c54683b13711f4e371d932394a Clone of a legitimate package with an added RAT running through a Telegram bot. It can e.g. exfiltrate env variables and execute remote commands. The malicious...

6AI score
Exploits0References1
OSV
OSV
added 2026/06/02 2:56 a.m.12 views

MAL-2026-5151 Malicious code in parsimonius (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a5ab85a46a37da928774b1885049b71d40d675c54683b13711f4e371d932394a Clone of a legitimate package with an added RAT running through a Telegram bot. It can e.g. exfiltrate env variables and execute remote commands. The malicious...

6AI score
Exploits0References1
CBLMariner
CBLMariner
added 2026/06/02 2:56 a.m.10 views

CVE-2026-39821 affecting package vitess for versions less than 19.0.4-10

CVE-2026-39821 affecting package vitess for versions less than 19.0.4-10. A patched version of the package is available...

9.6CVSS5.8AI score0.00478EPSS
Exploits0
Rows per page
Query Builder