Lucene search
K

22927 matches found

NVD
NVD
added 2026/06/30 9:16 a.m.11 views

CVE-2026-45822

decode-uri-component through 0.4.1 is vulnerable to denial of service. The decode function splits input on '%' producing N tokens and calls decodeComponents, exhibiting super-linear parsing time: 200 '%ab' tokens takes approximately 0.7s, 700 tokens approximately 6s, and 1400 tokens approximately...

8.7CVSS0.00304EPSS
Exploits0References3
CVE
CVE
added 2026/06/30 8:30 a.m.48 views

CVE-2026-13149

The CVE-2026-13149 entry concerns the library brace-expansion up to version 5.0.6. The vulnerability is in the expand() function, which exhibits exponential-time complexity proportional to the number of consecutive non-expanding '{}' brace groups. This allows an attacker to craft input that cause...

8.7CVSS5.7AI score0.00361EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/30 8:30 a.m.8 views

EUVD-2026-40269

brace-expansion through 5.0.6 is vulnerable to denial of service. The expand function exhibits exponential-time complexity in the number of consecutive non-expanding '' brace groups. An attacker who passes a crafted string to expand, directly or transitively, can cause significant CPU consumption...

8.7CVSS5.7AI score0.00361EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 8:30 a.m.34 views

CVE-2026-13149

brace-expansion through 5.0.6 is vulnerable to denial of service. The expand function exhibits exponential-time complexity in the number of consecutive non-expanding '' brace groups. An attacker who passes a crafted string to expand, directly or transitively, can cause significant CPU consumption...

8.7CVSS0.00361EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/30 8:5 a.m.6 views

EUVD-2026-40267

decode-uri-component through 0.4.1 is vulnerable to denial of service. The decode function splits input on '%' producing N tokens and calls decodeComponents, exhibiting super-linear parsing time: 200 '%ab' tokens takes approximately 0.7s, 700 tokens approximately 6s, and 1400 tokens approximately...

8.7CVSS5.8AI score0.00304EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.11 views

PT-2026-53953

Name of the Vulnerable Software and Affected Versions IBM Db2 versions 11.5.0 through 11.5.9 IBM Db2 versions 12.1.0 through 12.1.4 Description An authenticated user can obtain sensitive information from the monitoring and event tables in IBM Db2 for Linux, UNIX, and Windows, including Db2 Connec...

6.5CVSS5.9AI score0.00303EPSS
Exploits0References3
Circl
Circl
added 2026/06/29 10:34 p.m.10 views

CVE-2026-43724

creationtimestamp| type| source ---|---|--- 2026-06-29 22:34:58+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mphkcoxiw522 2026-06-30 14:43:35+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116839587167771946 2026-06-30 22:19:34+00:00| seen|...

7.8CVSS6.1AI score0.00142EPSS
Exploits0References8
Circl
Circl
added 2026/06/29 10:34 p.m.9 views

CVE-2026-43721

creationtimestamp| type| source ---|---|--- 2026-06-29 22:34:13+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mphkbgawne2b 2026-07-01 02:50:06+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0818 2026-07-01 16:01:00+00:00| seen|...

6.5CVSS5.9AI score0.00245EPSS
Exploits0References4
Circl
Circl
added 2026/06/29 9:39 p.m.7 views

CVE-2026-53434

creationtimestamp| type| source ---|---|--- 2026-06-29 21:39:26+00:00| seen| https://bsky.app/profile/malwareobserver.bsky.social/post/3mphh7h4ldu2c 2026-06-29 22:23:42+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mphjomprh623 2026-06-29 23:09:17+00:00| seen|...

9.1CVSS5.9AI score0.00368EPSS
Exploits0References13
Circl
Circl
added 2026/06/29 9:38 p.m.9 views

CVE-2026-52760

creationtimestamp| type| source ---|---|--- 2026-06-29 21:38:09+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mphh55tg752z...

6.1CVSS5.8AI score0.00563EPSS
Exploits0References1
Circl
Circl
added 2026/06/29 9:23 p.m.6 views

CVE-2026-50734

creationtimestamp| type| source ---|---|--- 2026-06-29 21:23:11+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mphgcet34j2s 2026-07-03 10:59:38+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpqfd3inka2b...

7.5CVSS5.9AI score0.00796EPSS
Exploits0References2
Circl
Circl
added 2026/06/29 8:2 p.m.6 views

CVE-2026-39031

creationtimestamp| type| source ---|---|--- 2026-06-29 20:02:51+00:00| seen| https://bsky.app/profile/malwareobserver.bsky.social/post/3mphbsqpagi2y 2026-06-29 21:41:53+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mphhdtfuob2e...

5.5CVSS5.8AI score0.00089EPSS
Exploits1References2
Circl
Circl
added 2026/06/29 6:34 p.m.7 views

CVE-2026-56782

creationtimestamp| type| source ---|---|--- 2026-06-29 18:34:38+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mph4uzdfuk25 2026-06-29 22:40:36+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mphkmtrak22m 2026-07-01 12:00:04+00:00| confirmed|...

9.8CVSS5.9AI score0.03016EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2026/06/29 5:24 p.m.6 views

CVE-2026-57959

Hi.Events through 1.9.0 contains a promo code validation vulnerability where reservation validates usage count before asynchronous UpdateEventStatisticsJob increments it, allowing attackers to redeem limited promo codes unlimited times. Attackers can sequentially reserve multiple orders with the...

8.2CVSS5.8AI score0.00193EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/29 5:21 p.m.5 views

CVE-2026-57953

Mythic before 3.4.0.60 contains an authorization bypass vulnerability that allows authenticated spectator-role users to perform unauthorized write operations by accessing the eventingimportautomaticwebhook endpoint registered under spectator-permitted middleware. Attackers with spectator role can...

5.4CVSS5.8AI score0.00249EPSS
Exploits0References5
Circl
Circl
added 2026/06/29 4:57 p.m.6 views

CVE-2026-57334

creationtimestamp| type| source ---|---|--- 2026-06-29 16:57:51+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpgxhwfjod25 2026-06-29 20:40:40+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mphdweu6zk2k...

6.5CVSS5.8AI score0.00196EPSS
Exploits0References2
Circl
Circl
added 2026/06/29 3:42 p.m.11 views

CVE-2026-13561

creationtimestamp| type| source ---|---|--- 2026-06-29 15:42:09+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpgtam2pkz2d 2026-06-29 20:08:47+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mphc5ek3da2o...

6.5CVSS6.6AI score0.01158EPSS
Exploits0References2
Circl
Circl
added 2026/06/29 12:42 p.m.7 views

CVE-2026-13560

creationtimestamp| type| source ---|---|--- 2026-06-29 12:42:54+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpgja2ndnm2n 2026-06-29 20:16:46+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mphclnasu625...

6.5CVSS6.6AI score0.01158EPSS
Exploits0References2
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-487 PraisonAIAgents has an OS Command Injection via shell=True in Memory Hooks Executor (memory/hooks.py)

Summary The memory hooks executor in praisonaiagents passes a user-controlled command string directly to subprocess.run with shell=True at src/praisonai-agents/praisonaiagents/memory/hooks.py lines 303 to 305. No sanitization, no shlex.quote, no character filter, and no allowlist check exists...

9.3CVSS6.3AI score0.00229EPSS
Exploits1References5
Circl
Circl
added 2026/06/29 7:59 a.m.13 views

CVE-2026-13533

creationtimestamp| type| source ---|---|--- 2026-06-29 07:59:44+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpfzfpsmfa2j 2026-06-29 10:52:33+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpgd2qkew72w 2026-06-29 19:56:38+00:00| seen|...

6.9CVSS6AI score0.00286EPSS
Exploits0References3
Rows per page
Query Builder