Lucene search
+L

392704 matches found

Packet Storm News
Packet Storm News
β€’added 2026/12/29 12:0 a.m.β€’366 views

GNUnet P2P Framework 0.26.2

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP IPv4 and IPv6, TCP IPv4 and IPv6, HTTP, o...

6.8AI score
Exploits0
CVE
CVE
β€’added 2 hours agoβ€’5 views

CVE-2026-16081

The CVE-2026-16081 vulnerability affects Sipeed PicoClaw versions up to 0.2.9, with the root cause in an unspecified function within web/backend/api/auth.go. A manipulation can lead to cross-site request forgery (CSRF) and can be triggered remotely. Public exploitation has been disclosed, and a p...

5.3CVSS4.6AI score
Exploits0References8
BDU FSTEC
BDU FSTEC
β€’added yesterdayβ€’19 views

The vulnerability of the Directum Web Agent component of the Directum RX system, which arises due to insufficient validation of input data, allows a perpetrator to execute arbitrary code.

The vulnerability of the Directum Web Agent component of the Directum RX system exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using a specially crafted file...

8.5CVSS6.1AI score
Exploits0Affected Software1
CVE
CVE
β€’added yesterdayβ€’55 views

CVE-2026-48062

Summary: CodeIgniter versions before 4.7.3 are affected by a validation bypass in the ext_in upload rule. The rule checks the MIME-derived guessed extension instead of the client-provided filename extension, allowing a file like shell.php (with GIF-like content) to pass validation when the upload...

9.8CVSS6AI score0.00078EPSS
Exploits0References3
Cvelist
Cvelist
β€’added yesterdayβ€’20 views

CVE-2026-53727 css_parser: SSRF and Local File Disclosure in `CssParser::Parser#read_remote_file`

cssparser is a Ruby CSS parser. From 2.2.0 until 3.0.0, CssParser::Parserreadremotefile in lib/cssparser/parser.rb, and therefore loaduri! and the @import-following branch of addblock!, issued HTTP and HTTPS requests against any host, port, and URI without a scheme allowlist, host or IP filtering...

8.9CVSS
Exploits0References4
CVE
CVE
β€’added yesterdayβ€’14 views

CVE-2026-53727

Summary: Multiple sources confirm a vulnerability in css_parser prior to 3.0.0 where CssParser::Parser#read_remote_file, Parser#load_uri!, and Parser#add_block! follow HTTP(S) redirects and even service file:// URIs without proper host/scheme filtering, enabling SSRF to internal hosts and potenti...

8.9CVSS5.5AI score
Exploits0References4
EUVD
EUVD
β€’added yesterdayβ€’7 views

EUVD-2026-44940

Prompty: Arbitrary file read via file reference expansion...

7.5CVSS5.2AI score0.01057EPSS
Exploits0References3
Github Security Blog
Github Security Blog
β€’added yesterdayβ€’5 views

Prompty: Arbitrary file read via file reference expansion

Summary Prompty loaders expanded $file:... references in .prompty frontmatter without enforcing that the resolved path stayed within an authorized directory. An attacker-controlled prompt file could use path traversal or an absolute path to cause the host application to read files accessible to t...

7.5CVSS5.2AI score0.01057EPSS
Exploits0References4Affected Software3
EUVD
EUVD
β€’added yesterdayβ€’5 views

EUVD-2026-45266

A flaw was found in xdgmime. A heap-based buffer overflow can be triggered in xdgmimemagicparsemagicline in the xdgmimemagic.c file on little-endian systems when an attacker-controlled MIME magic file in a user-writable XDG data location e.g., in the $XDGDATAHOME/mime/magic path is parsed by an...

7.1CVSS5.6AI score
Exploits0References3
Cvelist
Cvelist
β€’added yesterdayβ€’18 views

CVE-2026-50289 systeminformation: OS command injection in networkInterfaces() via interfaces(5) source-directive path on Linux

systeminformation is a System and OS information library for node.js. Prior to 5.31.7, networkInterfaces on Linux is vulnerable to OS command injection through the Debian/Ubuntu interfaces5 source directive because lib/network.js checkLinuxDCHPInterfaces reads /etc/network/interfaces, extracts a...

8.7CVSS
Exploits0References3
Cvelist
Cvelist
β€’added yesterdayβ€’19 views

CVE-2026-15415 Path traversal and arbitrary file write in the workflow linters of aws-healthomics-mcp-server

AWS HealthOmics is a HIPAA-eligible service that fully manages the compute, storage, and workflow engine infrastructure required to run bioinformatics analyses at scale for clinical diagnostics, drug discovery, and agricultural research. Improper limitation of a pathname to a restricted directory...

6.8CVSS
Exploits0References3
CVE
CVE
β€’added yesterdayβ€’6 views

CVE-2026-48373

CVE-2026-48373 describes a heap-based buffer overflow in Acrobat Reader that could allow arbitrary code execution in the context of the current user. The vulnerability requires user interaction (victim opens a malicious file); no vector details are provided beyond this condition. The affected pro...

7.8CVSS6.1AI score
Exploits0References1
EUVD
EUVD
β€’added yesterdayβ€’5 views

EUVD-2026-45290

Acrobat Reader is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.1AI score
Exploits0References1
Github Security Blog
Github Security Blog
β€’added yesterdayβ€’5 views

mcp-memory-keeper: Arbitrary local file read in context_import via unvalidated filePath

Impact contextimport passed the caller-supplied filePath directly to fs.readFileSync with no path confinement. A malicious MCP client β€” or an LLM agent that is prompt-injected into calling the tool β€” could point filePath at any file readable by the server process, outside any session or export...

5.5AI score
Exploits0References6Affected Software1
Patchstack
Patchstack
β€’added yesterdayβ€’7 views

NPM: mcp-memory-keeper: Arbitrary local file read in context_import via unvalidated filePath

NPM: mcp-memory-keeper: Arbitrary local file read in contextimport via unvalidated filePath vulnerability discovered by ? in WordPress Npm mcp-memory-keeper versions 0.13.0...

5.3AI score
Exploits0References6Affected Software1
EUVD
EUVD
β€’added yesterdayβ€’6 views

EUVD-2026-45288

IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated attacker to create a malicious flow pointing to an attacker-controlled URL that returns a specially crafted Content-Disposition header e.g., filename="../../../target/path" , enabling arbitrary file write operations with...

8.8CVSS5.4AI score
Exploits0References1
Cvelist
Cvelist
β€’added yesterdayβ€’21 views

CVE-2026-7667 Path Traversal Vulnerability in API Request Component Content-Disposition Header Processing

IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated attacker to create a malicious flow pointing to an attacker-controlled URL that returns a specially crafted Content-Disposition header e.g., filename="../../../target/path" , enabling arbitrary file write operations with...

8.8CVSS
Exploits0References1
Cvelist
Cvelist
β€’added yesterdayβ€’23 views

CVE-2026-7755 MCP Server Configuration Validator Bypass via File Upload API

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow remote code execution due to incomplete validation enforcement on MCP server configuration files...

8.8CVSS
Exploits0References1
CVE
CVE
β€’added yesterdayβ€’19 views

CVE-2026-7755

The IBM Security Bulletin confirms CVE-2026-7755 affects Langflow OSS versions 1.0.0–1.10.0, where the File Manager API may bypass MCP server configuration validation during file uploads. A maliciously crafted MCP configuration file (e.g., mcp_servers .json) could be uploaded via upload_user_file...

8.8CVSS6.3AI score
Exploits0References1
CVE
CVE
β€’added yesterdayβ€’19 views

CVE-2026-7872

Summary: The vulnerability CVE-2026-7872 affects Langflow OSS 1.0.0–1.10.0, via a path traversal flaw in the File component’s tar archive extraction. An authenticated attacker can craft a tar with symbolic links, bypassing validation and causing extraction to create links outside the intended dir...

7.5CVSS5.5AI score
Exploits0References1
Rows per page
Query Builder