22927 matches found
CVE-2026-45822
decode-uri-component through 0.4.1 is vulnerable to denial of service. The decode function splits input on '%' producing N tokens and calls decodeComponents, exhibiting super-linear parsing time: 200 '%ab' tokens takes approximately 0.7s, 700 tokens approximately 6s, and 1400 tokens approximately...
CVE-2026-13149
The CVE-2026-13149 entry concerns the library brace-expansion up to version 5.0.6. The vulnerability is in the expand() function, which exhibits exponential-time complexity proportional to the number of consecutive non-expanding '{}' brace groups. This allows an attacker to craft input that cause...
EUVD-2026-40269
brace-expansion through 5.0.6 is vulnerable to denial of service. The expand function exhibits exponential-time complexity in the number of consecutive non-expanding '' brace groups. An attacker who passes a crafted string to expand, directly or transitively, can cause significant CPU consumption...
CVE-2026-13149
brace-expansion through 5.0.6 is vulnerable to denial of service. The expand function exhibits exponential-time complexity in the number of consecutive non-expanding '' brace groups. An attacker who passes a crafted string to expand, directly or transitively, can cause significant CPU consumption...
EUVD-2026-40267
decode-uri-component through 0.4.1 is vulnerable to denial of service. The decode function splits input on '%' producing N tokens and calls decodeComponents, exhibiting super-linear parsing time: 200 '%ab' tokens takes approximately 0.7s, 700 tokens approximately 6s, and 1400 tokens approximately...
PT-2026-53953
Name of the Vulnerable Software and Affected Versions IBM Db2 versions 11.5.0 through 11.5.9 IBM Db2 versions 12.1.0 through 12.1.4 Description An authenticated user can obtain sensitive information from the monitoring and event tables in IBM Db2 for Linux, UNIX, and Windows, including Db2 Connec...
CVE-2026-43724
creationtimestamp| type| source ---|---|--- 2026-06-29 22:34:58+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mphkcoxiw522 2026-06-30 14:43:35+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116839587167771946 2026-06-30 22:19:34+00:00| seen|...
CVE-2026-43721
creationtimestamp| type| source ---|---|--- 2026-06-29 22:34:13+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mphkbgawne2b 2026-07-01 02:50:06+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0818 2026-07-01 16:01:00+00:00| seen|...
CVE-2026-53434
creationtimestamp| type| source ---|---|--- 2026-06-29 21:39:26+00:00| seen| https://bsky.app/profile/malwareobserver.bsky.social/post/3mphh7h4ldu2c 2026-06-29 22:23:42+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mphjomprh623 2026-06-29 23:09:17+00:00| seen|...
CVE-2026-52760
creationtimestamp| type| source ---|---|--- 2026-06-29 21:38:09+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mphh55tg752z...
CVE-2026-50734
creationtimestamp| type| source ---|---|--- 2026-06-29 21:23:11+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mphgcet34j2s 2026-07-03 10:59:38+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpqfd3inka2b...
CVE-2026-39031
creationtimestamp| type| source ---|---|--- 2026-06-29 20:02:51+00:00| seen| https://bsky.app/profile/malwareobserver.bsky.social/post/3mphbsqpagi2y 2026-06-29 21:41:53+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mphhdtfuob2e...
CVE-2026-56782
creationtimestamp| type| source ---|---|--- 2026-06-29 18:34:38+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mph4uzdfuk25 2026-06-29 22:40:36+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mphkmtrak22m 2026-07-01 12:00:04+00:00| confirmed|...
CVE-2026-57959
Hi.Events through 1.9.0 contains a promo code validation vulnerability where reservation validates usage count before asynchronous UpdateEventStatisticsJob increments it, allowing attackers to redeem limited promo codes unlimited times. Attackers can sequentially reserve multiple orders with the...
CVE-2026-57953
Mythic before 3.4.0.60 contains an authorization bypass vulnerability that allows authenticated spectator-role users to perform unauthorized write operations by accessing the eventingimportautomaticwebhook endpoint registered under spectator-permitted middleware. Attackers with spectator role can...
CVE-2026-57334
creationtimestamp| type| source ---|---|--- 2026-06-29 16:57:51+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpgxhwfjod25 2026-06-29 20:40:40+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mphdweu6zk2k...
CVE-2026-13561
creationtimestamp| type| source ---|---|--- 2026-06-29 15:42:09+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpgtam2pkz2d 2026-06-29 20:08:47+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mphc5ek3da2o...
CVE-2026-13560
creationtimestamp| type| source ---|---|--- 2026-06-29 12:42:54+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpgja2ndnm2n 2026-06-29 20:16:46+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mphclnasu625...
PYSEC-2026-487 PraisonAIAgents has an OS Command Injection via shell=True in Memory Hooks Executor (memory/hooks.py)
Summary The memory hooks executor in praisonaiagents passes a user-controlled command string directly to subprocess.run with shell=True at src/praisonai-agents/praisonaiagents/memory/hooks.py lines 303 to 305. No sanitization, no shlex.quote, no character filter, and no allowlist check exists...
CVE-2026-13533
creationtimestamp| type| source ---|---|--- 2026-06-29 07:59:44+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpfzfpsmfa2j 2026-06-29 10:52:33+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpgd2qkew72w 2026-06-29 19:56:38+00:00| seen|...