Lucene search
K

3323 matches found

Vulnrichment
Vulnrichment
added 2026/05/29 5:43 p.m.15 views

CVE-2026-44652 SillyTavern: SSRF vulnerability in the CORS proxy middleware

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, corsProxyMiddleware forwards req.params.url directly into fetchurl, .... It only blocks circular...

6.9CVSS5.8AI score0.00375EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 5:43 p.m.13 views

EUVD-2026-33399

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, corsProxyMiddleware forwards req.params.url directly into fetchurl, .... It only blocks circular...

6.9CVSS5.8AI score0.00375EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

SillyTavern 代码问题漏洞

SillyTavern is a frontend interface for the SillyTavern open-source language model. Versions of SillyTavern prior to 1.18.0 had code vulnerabilities. This vulnerability stemmed from the corsProxyMiddleware module, which directly forwarded req.params.url to fetchurl, .... This allowed loop request...

6.9CVSS5.9AI score0.00375EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/05/28 8:9 a.m.8 views

net: bridge: use a stable FDB dst snapshot in RCU readers

...

7CVSS5.4AI score0.00123EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/27 9:32 p.m.12 views

CVE-2026-45322

Microsoft UFO open-source framework for intelligent automation across devices and platforms. Microsoft UFO tagged releases up to and including v3.0.0 contain an OS command injection vulnerability in the shell action replay path. In affected releases, ShellReceiver.runshell passes a command string...

7.8CVSS5.7AI score0.01722EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/27 5:17 p.m.10 views

CVE-2026-46086

A flaw was found in the Linux kernel. Inconsistent handling of local Forwarding Database FDB entries in the bridge networking component's RCU Read-Copy-Update readers can lead to a null-pointer dereference. A local attacker could exploit this by triggering a concurrent update to an FDB entry,...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References4
OSV
OSV
added 2026/05/27 2:17 p.m.7 views

UBUNTU-CVE-2026-46086

In the Linux kernel, the following vulnerability has been resolved: net: bridge: use a stable FDB dst snapshot in RCU readers Local FDB entries can be rewritten in place by fdbdeletelocal, which updates f-dst to another port or to NULL while keeping the entry alive. Several bridge RCU readers...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/27 12:58 p.m.13 views

EUVD-2026-32469

In the Linux kernel, the following vulnerability has been resolved: net: bridge: use a stable FDB dst snapshot in RCU readers Local FDB entries can be rewritten in place by fdbdeletelocal, which updates f-dst to another port or to NULL while keeping the entry alive. Several bridge RCU readers...

5.8AI score0.00123EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/05/27 12:58 p.m.9 views

CVE-2026-46086

In the Linux kernel, the following vulnerability has been resolved: net: bridge: use a stable FDB dst snapshot in RCU readers Local FDB entries can be rewritten in place by fdbdeletelocal, which updates f-dst to another port or to NULL while keeping the entry alive. Several bridge RCU readers...

5.5CVSS5.7AI score0.00123EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/27 12:58 p.m.60 views

CVE-2026-46076 KVM: nSVM: Raise #UD if unhandled VMMCALL isn't intercepted by L1

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Raise UD if unhandled VMMCALL isn't intercepted by L1 Explicitly synthesize a UD for VMMCALL if L2 is active, L1 does NOT want to intercept VMMCALL, nestedsvml2tlbflushenabled is true, and the hypercall is something...

7.9CVSS0.00121EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2026/05/27 8:16 a.m.18 views

Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent

...

9.1CVSS5.8AI score0.00525EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.12 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the net module using the unnecessary WARNONONCE macro when accessing the forwarding path array...

5.8AI score0.00156EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2026/05/27 12:0 a.m.10 views

CVE-2026-46086

net: bridge: use a stable FDB dst snapshot in RCU readers...

5.8AI score0.00123EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from bridge FDB entries not using stable dst snapshots during RCU reading operations. This vulnerabili...

5.8AI score0.00123EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.19 views

PT-2026-43953

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A flaw exists in the bridge component of the Linux kernel where local Forwarding Database FDB entries can be rewritten in place by the fdb delete local function. This process updates the...

5.5CVSS5.8AI score0.00123EPSS
Exploits0
CVE
CVE
added 2026/05/26 10:1 p.m.59 views

CVE-2026-45298

Dozzle CVE-2026-45298 describes a pre-auth SSRF in default deployments. Before version 10.5.2, POST /api/notifications/test-webhook accepts an attacker-controlled URL and headers, forwards them to a WebhookDispatcher, and returns the downstream response status code plus up to 1 MB of the response...

8.6CVSS5.9AI score0.01491EPSS
Exploits1References2Affected Software1
Amazon
Amazon
added 2026/05/26 12:0 a.m.21 views

Important: oci-add-hooks

Issue Overview: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...

7.5CVSS7.5AI score0.00813EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/25 2:0 p.m.9 views

CVE-2026-47071

Uncontrolled Resource Consumption vulnerability in benoitc hackney allows Flooding. The SOCKS5 transport in src/hackneysocks5.erl correctly applies the caller-supplied timeout to the SOCKS5 negotiation phase, but then upgrades the connection to TLS using the two-argument form ssl:connect/2, which...

8.2CVSS5.7AI score0.00703EPSS
Exploits1References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/25 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-39832

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When adding a key to a remote agent constraint extensions such as [email protected] were not serialized in the request. Destination...

9.1CVSS6.1AI score0.00525EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.30 views

PT-2026-43068

Name of the Vulnerable Software and Affected Versions hackney versions 0.10.0 through 4.0.0 Description Uncontrolled Resource Consumption in the SOCKS5 transport within src/hackney socks5.erl allows flooding. While the caller-supplied timeout is applied during the SOCKS5 negotiation phase, the...

8.2CVSS5.8AI score0.00703EPSS
Exploits1References9
Rows per page
Query Builder