Lucene search
+L

108 matches found

Debian CVE
Debian CVE
added 2026/05/08 2:21 p.m.12 views

CVE-2026-43418

In the Linux kernel, the following vulnerability has been resolved: sched/mmcid: Prevent CID stalls due to concurrent forks A newly forked task is accounted as MMCID user before the task is visible in the process' thread list and the global task list. This creates the following problem: CPU1 CPU2...

5.5CVSS5.7AI score0.00107EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.10 views

PT-2026-39079

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists during concurrent fork operations where a newly forked task is accounted as an MMCID user before it becomes visible in the process thread list and the global task...

5.8AI score0.00107EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2026/04/07 12:0 a.m.7 views

Aether - Adaptive Exploit and Threat Hunting Engine for EVM-based Repositories 5.0

Aether is a Python-based framework for analyzing Solidity smart contracts, generating vulnerability findings, producing Foundry-based proof-of-concept PoC tests, and validating exploits on mainnet forks. It combines Solidity AST parsing, taint analysis, control flow graph analysis, cross-contract...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/26 3:7 p.m.9 views

CVE-2026-28809

XML External Entity XXE vulnerability in esaml and its forks allows an attacker to cause the system to read local files and incorporate their contents into processed SAML documents, and potentially perform SSRF via crafted SAML messages. esaml parses attacker-controlled SAML messages using...

6.3CVSS5.8AI score0.00281EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/23 12:30 p.m.5 views

EUVD-2026-14396

XML External Entity XXE vulnerability in esaml and its forks allows an attacker to cause the system to read local files and incorporate their contents into processed SAML documents, and potentially perform SSRF via crafted SAML messages. esaml parses attacker-controlled SAML messages using...

6.3CVSS5.8AI score0.00281EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/23 12:30 p.m.13 views

esaml XXE vulnerability allows local file disclosure and SSRF via crafted SAML messages

XML External Entity XXE vulnerability in esaml and its forks allows an attacker to cause the system to read local files and incorporate their contents into processed SAML documents, and potentially perform SSRF via crafted SAML messages. esaml parses attacker-controlled SAML messages using...

6.3CVSS5.8AI score0.00281EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/23 12:30 p.m.23 views

GHSA-4G2H-VM7X-747C esaml XXE vulnerability allows local file disclosure and SSRF via crafted SAML messages

XML External Entity XXE vulnerability in esaml and its forks allows an attacker to cause the system to read local files and incorporate their contents into processed SAML documents, and potentially perform SSRF via crafted SAML messages. esaml parses attacker-controlled SAML messages using...

6.3CVSS5.8AI score0.00281EPSS
Exploits0References5
NVD
NVD
added 2026/03/23 11:16 a.m.6 views

CVE-2026-28809

XML External Entity XXE vulnerability in esaml and its forks allows an attacker to cause the system to read local files and incorporate their contents into processed SAML documents, and potentially perform SSRF via crafted SAML messages. esaml parses attacker-controlled SAML messages using...

6.3CVSS0.00281EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/23 10:9 a.m.2 views

CVE-2026-28809 XXE in esaml SAML library allows local file read and potential SSRF

XML External Entity XXE vulnerability in esaml and its forks allows an attacker to cause the system to read local files and incorporate their contents into processed SAML documents, and potentially perform SSRF via crafted SAML messages. esaml parses attacker-controlled SAML messages using...

6.3CVSS5.8AI score0.00281EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/23 10:9 a.m.3 views

CVE-2026-28809

XML External Entity XXE vulnerability in esaml and its forks allows an attacker to cause the system to read local files and incorporate their contents into processed SAML documents, and potentially perform SSRF via crafted SAML messages. esaml parses attacker-controlled SAML messages using...

6.3CVSS5.8AI score0.00281EPSS
Exploits0References2
OSV
OSV
added 2026/03/23 10:9 a.m.3 views

CVE-2026-28809 XXE in esaml SAML library allows local file read and potential SSRF

XML External Entity XXE vulnerability in esaml and its forks allows an attacker to cause the system to read local files and incorporate their contents into processed SAML documents, and potentially perform SSRF via crafted SAML messages. esaml parses attacker-controlled SAML messages using...

6.3CVSS6AI score0.00281EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/03/11 5:4 p.m.3 views

CVE-2026-31852 Jellyfin Possible Organization/Secret Compromise from dangerous CI implementation

Jellyfin is an open-source media system. The code-quality.yml GitHub Actions workflow in jellyfin/jellyfin-ios is vulnerable to arbitrary code execution via pull requests from forked repositories. Due to the workflow's elevated permissions nearly all write permissions, this vulnerability enables...

10CVSS6.3AI score0.00445EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/04 6:18 p.m.8 views

Dark Reader gives users the ability to request style sheets from local web servers

Description Dark Reader versions prior to 4.9.117 included a behavior where a website could request a style sheet from a locally running web server, for example http://localhost:8080/style.css, If an address was available and returned a text/css content type. Patches The problem was fixed in...

3.4CVSS5.9AI score0.00108EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/03/03 6:33 a.m.4 views

Malicious Package

Overview ably-forks is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.9AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/26 1:17 a.m.7 views

CVE-2026-27941

OpenLIT is an open source platform for AI engineering. Prior to version 1.37.1, several GitHub Actions workflows in OpenLIT's GitHub repository use the pullrequesttarget event while checking out and executing untrusted code from forked pull requests. These workflows run with the security context ...

9.9CVSS5.6AI score0.00395EPSS
Exploits1References3Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/19 10:50 a.m.9 views

Malicious code in ably-forks (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector af3c510b1758cfff971e520dd0a78157b1e35918897519edc2fa0364bc46159b The package ably-forks was found to contain malicious code. Source: ghsa-malware b26088266049a671acc67187ede8f130532eb10e90e61293e96211f7ad0c1103 Any...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/02/19 10:50 a.m.5 views

MAL-2026-939 Malicious code in ably-forks (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector af3c510b1758cfff971e520dd0a78157b1e35918897519edc2fa0364bc46159b The package ably-forks was found to contain malicious code. Source: ghsa-malware b26088266049a671acc67187ede8f130532eb10e90e61293e96211f7ad0c1103 Any...

5.9AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/18 8:44 p.m.5 views

CVE-2026-1999 Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed unauthorized merging of pull requests

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to merge their own pull request into a repository without having push access by exploiting an authorization bypass in the enableautomerge mutation for pull requests. This issue only affect...

7.1CVSS5.9AI score0.00235EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2026/01/06 11:25 a.m.20 views

VS Code Forks Recommend Missing Extensions, Creating Supply Chain Risk in Open VSX

Popular artificial intelligence AI-powered Microsoft Visual Studio Code VS Code forks such as Cursor, Windsurf, Google Antigravity, and Trae have been found to recommend extensions that are non-existent in the Open VSX registry, potentially opening the door to supply chain risks when bad actors...

6.9AI score
Exploits0
OSV
OSV
added 2025/12/18 11:46 a.m.5 views

BIT-PARSE-2025-67727 Parse Server GitHub CI workflow vulnerable to RCE through Improper Privilege Management

Parse Server is an open source backend that can be deployed to any infrastructure that runs Node.js. In versions prior to 8.6.0, a GitHub CI workflow is triggered in a way that grants the GitHub Actions workflow elevated permissions, giving it access to GitHub secrets and write permissions which...

9.8CVSS6.5AI score0.00365EPSS
Exploits0References4
Rows per page
Query Builder