Lucene search
K

36705 matches found

NVD
NVD
added 5 days ago8 views

CVE-2026-57954

Elide through 7.1.17 fails to enforce @ReadPermission on client-supplied sort expressions in SortingImpl.getValidSortingRules, allowing attackers to sort collections by forbidden fields. Attackers can infer hidden field values through row ordering analysis, leaking relative field ordering across...

5.3CVSS0.00168EPSS
Exploits0References2
NVD
NVD
added 5 days ago9 views

CVE-2026-57320

Unauthenticated Cross Site Scripting XSS in BEAR = 1.1.8 versions...

7.1CVSS0.0018EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago5 views

CVE-2026-57320

Unauthenticated Cross Site Scripting XSS in BEAR = 1.1.8 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 5 days ago6 views

CVE-2026-50171

A flaw was found in the @angular/common package of Angular. The formatNumber function, which is also used by DecimalPipe, PercentPipe, and CurrencyPipe, does not properly validate the upper bounds of the digitsInfo parameter. A remote attacker could exploit this by providing a maliciously crafted...

8.2CVSS5.6AI score0.00161EPSS
Exploits0References4
OSV
OSV
added 5 days ago6 views

PYSEC-2026-404 Ludwig framework is vulnerable to insecure deserialization through its predict() method.

The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization CWE-502 through its predict method. When a user provides a dataset file path to the predict method, the framework automatically determines the file format. If the file is a pickle .pkl file, it is loaded using...

9.8CVSS6.5AI score0.006EPSS
Exploits0References5
OSV
OSV
added 5 days ago6 views

PYSEC-2026-406 mamba language model framework vulnerable to insecure deserialization when loading pre-trained models from HuggingFace Hub

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.frompretrained method uses torch.load to load the pytorchmodel.bin weight file without enabling the security-restrictive...

9.8CVSS6.1AI score0.00409EPSS
Exploits0References5
OSV
OSV
added 5 days ago5 views

PYSEC-2026-405 Ludwig framework is vulnerable to insecure deserialization in its model serving component

The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization CWE-502 in its model serving component. When starting a model server with the ludwig serve command, the framework loads model weight files using torch.load without enabling the security-restrictive weightsonly=True...

9.8CVSS6.5AI score0.00497EPSS
Exploits0References5
OSV
OSV
added 5 days ago5 views

PYSEC-2026-519 Ray OS Command Injection vulnerability

A command injection exists in Ray's cpuprofile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without authentication...

9.8CVSS7.2AI score0.81512EPSS
Exploits22References7
Tenable Nessus
Tenable Nessus
added 5 days ago10 views

Linux Distros Unpatched Vulnerability : CVE-2026-55677

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Echo is a Go web framework. Prior to 4.15.3 and 5.2.0, Echo's router and static file handler disagree on URL path decoding. The router matches routes using the...

7.5CVSS5.8AI score0.0043EPSS
Exploits0References3
Nuclei
Nuclei
added 6 days ago42 views

OctoberCMS - Account Takeover

octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. The issue has been patched in Build 472 and v1.1.5. id:...

9.1CVSS7.5AI score0.90418EPSS
Exploits1References3
CVE
CVE
added 2026/06/27 1:19 a.m.10 views

CVE-2023-37524

Technical details (affected product/version, root cause, and remediation) are not publicly available in the provided documents. Monitor for updates from official sources regarding CVE-2023-37524.

7.7CVSS5.8AI score0.00108EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.12 views

PT-2026-53036

Name of the Vulnerable Software and Affected Versions HCL Traveler for Microsoft Outlook HTMO affected versions not specified Description The application is susceptible to security weaknesses because it relies on .NET Framework 4.5, which has reached end-of-life. As this framework no longer...

7.7CVSS5.7AI score0.00108EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/27 12:0 a.m.8 views

EulerOS 2.0 SP15 : kata-containers (EulerOS-SA-2026-2484)

"According to the versions of the kata-containers package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input...

9.1CVSS6.8AI score0.01557EPSS
Exploits1References2
NVD
NVD
added 2026/06/26 5:16 p.m.7 views

CVE-2026-55677

Echo is a Go web framework. Prior to 4.15.3 and 5.2.0, Echo's router and static file handler disagree on URL path decoding. The router matches routes using the raw encoded path preserving %2F as-is, while StaticDirectoryHandler unescapes %2F to / before resolving filesystem paths. This allows an...

7.5CVSS0.0043EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 5:3 p.m.4 views

Security Bulletin: Vulnerabilities in Spring Security, Apache Tomcat, Netty, Lodash, Spring Framework and Node.js might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Spring Security, Apache Tomcat, Netty, Lodash, Spring Framework and Node.js. Vulnerabilities include the authentication, authorization, and other security controls being rendered inactive on intended requests,...

8.2CVSS7.3AI score0.01617EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/06/26 4:15 p.m.8 views

EUVD-2026-39800

Echo is a Go web framework. Prior to 4.15.3 and 5.2.0, Echo's router and static file handler disagree on URL path decoding. The router matches routes using the raw encoded path preserving %2F as-is, while StaticDirectoryHandler unescapes %2F to / before resolving filesystem paths. This allows an...

7.5CVSS5.8AI score0.0043EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 4:15 p.m.33 views

CVE-2026-55677 Echo: Encoded slash (%2F) bypasses route-level protection and exposes static files

Echo is a Go web framework. Prior to 4.15.3 and 5.2.0, Echo's router and static file handler disagree on URL path decoding. The router matches routes using the raw encoded path preserving %2F as-is, while StaticDirectoryHandler unescapes %2F to / before resolving filesystem paths. This allows an...

7.5CVSS0.0043EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 4:15 p.m.14 views

CVE-2026-55677

Echo (Go framework) prior to 4.15.3 and 5.2.0 has a router vs static file handler decoding mismatch: the router uses the raw encoded path while StaticDirectoryHandler unescapes %2F to /, enabling bypass of route-level access controls to read static files without authorization. The vulnerability i...

7.5CVSS5.8AI score0.0043EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/26 4:15 p.m.5 views

CVE-2026-55677

Echo is a Go web framework. Prior to 4.15.3 and 5.2.0, Echo's router and static file handler disagree on URL path decoding. The router matches routes using the raw encoded path preserving %2F as-is, while StaticDirectoryHandler unescapes %2F to / before resolving filesystem paths. This allows an...

7.5CVSS5.8AI score0.0043EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/26 3:9 p.m.7 views

CVE-2026-41567

A flaw was found in Moby, the open-source container framework, and Docker Engine. A malicious container image can exploit this vulnerability to achieve arbitrary code execution with full daemon privileges, including host root access. This occurs when a user uploads a compressed archive to the...

7.5CVSS6.4AI score0.00153EPSS
Exploits0References4
Rows per page
Query Builder