Lucene search
K

3327 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.8 views

EulerOS Virtualization 2.10.0 : python3 (EulerOS-SA-2026-2060)

According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : If the value passed to os.path.expandvars is user-controlled a performance degradation is possible when expanding environment...

6CVSS6.7AI score0.0056EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.11 views

EulerOS Virtualization 2.13.0 : python3 (EulerOS-SA-2026-2188)

According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : If the value passed to os.path.expandvars is user-controlled a performance degradation is possible when expanding environment...

7.5CVSS7.2AI score0.01525EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.11 views

EulerOS Virtualization 2.12.0 : python3 (EulerOS-SA-2026-2110)

According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : If the value passed to os.path.expandvars is user-controlled a performance degradation is possible when expanding environment...

6CVSS5.6AI score0.0056EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.10 views

EulerOS Virtualization 2.12.1 : python3 (EulerOS-SA-2026-2085)

According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : If the value passed to os.path.expandvars is user-controlled a performance degradation is possible when expanding environment...

6CVSS6.7AI score0.0056EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.9 views

CVE-2026-45255

When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog1 to prompt the user to select a network. This is implemented using a shell script, and the code which handled network names was not careful to prevent expansion by...

7.5CVSS5.8AI score0.00305EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.9 views

CVE-2026-27851

When safe filter is used with variable expansion, all following pipelines on the same string are incorrectly interpreted as safe too, enabling unsafe data to be unescaped. This can enable SQL / LDAP injection attacks when used in authentication. Avoid using safe filter until on fixed version. No...

9.1CVSS5.6AI score0.00406EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.11 views

CVE-2026-44115

OpenClaw before 2026.4.22 contains an exec allowlist analysis vulnerability allowing shell expansion hiding in unquoted heredoc bodies. Attackers can bypass allowlist validation by embedding shell expansion tokens in heredoc bodies to execute unapproved commands at runtime...

8.8CVSS6AI score0.00362EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/05 2:30 p.m.6 views

CVE-2026-10879

DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL placeholder characters to numbered binders of the form :pN, but only allocates three characters per binder in the buffer. Placeholders 10-99 require fou...

5.7AI score0.00413EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.26 views

Atlassian Jira Service Management Data Center and Server 5.15.2 < 10.3.20 / 10.4.x < 11.3.5 (JSDSERVER-16574)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16574 advisory. - The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior...

7.5CVSS6.3AI score0.0043EPSS
Exploits0References2
OSV
OSV
added 2026/06/04 6:9 p.m.11 views

ROOT-APP-NPM-CVE-2025-5889 CVE-2025-5889 in @rootio/brace-expansion - Patched by Root

Root has patched CVE-2025-5889 in the @rootio/brace-expansion package for Root:npm. Multiple fixed versions available...

3.1CVSS6.1AI score0.00459EPSS
Exploits0
OSV
OSV
added 2026/06/04 1:42 p.m.6 views

ROOT-APP-NPM-CVE-2026-25547 CVE-2026-25547 in @rootio/isaacs__brace-expansion - Patched by Root

Root has patched CVE-2026-25547 in the @rootio/isaacsbrace-expansion package for Root:npm. Multiple fixed versions available...

6.5CVSS6.8AI score0.00481EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/06/04 2:24 a.m.10 views

SUSE CVE-2026-42342

React Router is a router for React. In versions 7.0.0 through 7.14.x of react-router and versions 2.10.0 through 2.17.4 of @remix-run/server-runtime, certain crafted requests can consume disproportionate server resources via unbounded path expansion in the manifest endpoint, resulting in response...

7.5CVSS5.8AI score0.00299EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/03 9:14 p.m.15 views

XML Entity Expansion

Overview docling is a SDK and CLI for parsing PDF, DOCX, HTML, and more, to a unified document representation for powering downstream workflows such as gen AI applications. Affected versions of this package are vulnerable to XML Entity Expansion in backend/xml/usptobackend.py‎'s use of parseStrin...

9.4CVSS5.5AI score0.00334EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/03 9:5 p.m.13 views

EUVD-2026-34000

React Router vulnerable to DoS via unbounded path expansion in manifest endpoint...

7.5CVSS5.8AI score0.00299EPSS
Exploits0References2
OSV
OSV
added 2026/06/03 9:5 p.m.7 views

GHSA-8X6R-G9MW-2R78 React Router vulnerable to DoS via unbounded path expansion in __manifest endpoint

There exists a potential DOS attack vector in React Router Framework Mode applications as well as Remix v2.10.0 - 2.17.4. Certain requests can be crafted to consume disproportionate resources on the server, resulting in response time degredation and/or service unavailability for end users. !NOTE...

7.5CVSS5.8AI score0.00299EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/03 9:5 p.m.13 views

React Router vulnerable to DoS via unbounded path expansion in __manifest endpoint

There exists a potential DOS attack vector in React Router Framework Mode applications as well as Remix v2.10.0 - 2.17.4. Certain requests can be crafted to consume disproportionate resources on the server, resulting in response time degredation and/or service unavailability for end users. !NOTE...

7.5CVSS5.8AI score0.00299EPSS
Exploits0References3Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/03 7:19 a.m.19 views

Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary IBM Maximo Application Suite uses pytest-9.0.2-py3-none-any.whl, WebSphere Application Server Liberty, dompurify-3.2.7.tgz, requests-2.32.5-py3-none-any.whl, yaml-1.10.2.tgz, brace-expansion-1.1.12.tgz and dompurify-3.3.2.tgz which are vulnerable to CVE-2025-71176, CVE-2025-14923,...

9.8CVSS6.9AI score0.0047EPSS
Exploits1Affected Software1
NVD
NVD
added 2026/06/02 8:16 p.m.16 views

CVE-2026-42342

React Router is a router for React. In versions 7.0.0 through 7.14.x of react-router and versions 2.10.0 through 2.17.4 of @remix-run/server-runtime, certain crafted requests can consume disproportionate server resources via unbounded path expansion in the manifest endpoint, resulting in response...

7.5CVSS0.00299EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/02 6:23 p.m.52 views

CVE-2026-42342 React Router vulnerable to DoS via unbounded path expansion in __manifest endpoint

React Router is a router for React. In versions 7.0.0 through 7.14.x of react-router and versions 2.10.0 through 2.17.4 of @remix-run/server-runtime, certain crafted requests can consume disproportionate server resources via unbounded path expansion in the manifest endpoint, resulting in response...

7.5CVSS0.00299EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/02 6:23 p.m.11 views

CVE-2026-42342 React Router vulnerable to DoS via unbounded path expansion in __manifest endpoint

React Router is a router for React. In versions 7.0.0 through 7.14.x of react-router and versions 2.10.0 through 2.17.4 of @remix-run/server-runtime, certain crafted requests can consume disproportionate server resources via unbounded path expansion in the manifest endpoint, resulting in response...

7.5CVSS5.8AI score0.00299EPSS
Exploits0References1
Rows per page
Query Builder