Lucene search
K

6949 matches found

OSV
OSV
added 2026/05/13 4:27 a.m.4 views

MAL-2026-3683 Malicious code in @dropout-ai/runtime (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2121b923a39177ed68ce5cf066cbb07891b7cb5d20ecf5ec66f2c953634eff10 On require/import, src/index.js replaces global.fetch with a wrapper that intercepts every fetch whose URL matches openai.com, anthropic.com,...

5.8AI score
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

SAMSUNG System Support Service 安全漏洞

SAMSUNG System Support Service is a support component for Samsung devices provided by the South Korean company Samsung. Versions of SAMSUNG System Support Service prior to 8.0.8.0 contained security vulnerabilities. These vulnerabilities were due to improper permission management, and could allow...

6.3CVSS5.8AI score0.00091EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.13 views

SAMSUNG SMR 安全漏洞

SAMSUNG SMR is a system patch package developed by Samsung Electronics of South Korea. It provides patches for Samsung mobile applications. Versions prior to SAMSUNG SMR May-2026 Release 1 contained security vulnerabilities. These vulnerabilities stemmed from improper export of Android applicatio...

7.8CVSS5.8AI score0.00094EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.8 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the functions netshapernlgetdoit and netshapernlcapgetdoit. These functions incorrectly call nlmsgfree...

7.8CVSS5.8AI score0.00119EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.8 views

vm2 安全漏洞

vm2 is a high-level virtual machine/sandbox for Node.js developed by Patrik Simek from Czech Republic. It allows for the execution of untrusted code using Node’s built-in modules listed in the allowlist. Versions of vm2 prior to 3.11.0 have security vulnerabilities; these vulnerabilities stem fro...

5.8CVSS6AI score0.00248EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.9 views

PT-2026-40572

Improper export of android application components in OmaCP prior to SMR May-2026 Release 1 allows local attackers to trigger privileged functions...

5.1CVSS5.8AI score0.00094EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.9 views

U-SPEED AC1200 安全漏洞

The U-SPEED AC1200 is a Gigabit dual-band Wi-Fi router produced by the U-SPEED company. The U-SPEED AC1200 Gigabit Wi-Fi Router T18-21K V1.0 version has a security vulnerability. This vulnerability stems from improper access control; the UART interface exposed by the device lacks an authenticatio...

6.8CVSS5.8AI score0.00299EPSS
Exploits1References2
OSV
OSV
added 2026/05/12 6:30 p.m.5 views

GHSA-G76P-4VG5-F4QH llm CLI tool contains a code injection vulnerability via `--functions` command-line argument

The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec function...

9.8CVSS6.3AI score0.00327EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/12 6:30 p.m.9 views

EUVD-2026-29559

The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec function...

6.3AI score0.00327EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.12 views

llm CLI tool contains a code injection vulnerability via `--functions` command-line argument

The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec function...

9.8CVSS6.3AI score0.00327EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/12 6:30 p.m.6 views

GHSA-CFPG-C974-JFHQ PySyft server-side arbitrary Python execution after code approval

PySyft Syft Datasite/Server versions 0.9.5 and earlier are vulnerable to remote code execution due to insufficient validation and sandboxing of user-submitted code. The system allows low-privileged users to submit Python functions via @sy.syftfunction for remote execution on the server. While a...

9.8CVSS6.7AI score0.00631EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.10 views

PySyft server-side arbitrary Python execution after code approval

PySyft Syft Datasite/Server versions 0.9.5 and earlier are vulnerable to remote code execution due to insufficient validation and sandboxing of user-submitted code. The system allows low-privileged users to submit Python functions via @sy.syftfunction for remote execution on the server. While a...

9.8CVSS6.7AI score0.00631EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/12 6:16 p.m.7 views

DEBIAN-CVE-2026-31236

The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec function...

9.8CVSS6.3AI score0.00327EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 6:16 p.m.8 views

CVE-2026-31236

The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec function...

9.8CVSS0.00327EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/05/12 6:16 p.m.7 views

CVE-2026-31236

The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec function...

9.8CVSS6.3AI score0.00327EPSS
Exploits0References3
NVD
NVD
added 2026/05/12 4:16 p.m.8 views

CVE-2026-31220

PySyft Syft Datasite/Server versions 0.9.5 and earlier are vulnerable to remote code execution due to insufficient validation and sandboxing of user-submitted code. The system allows low-privileged users to submit Python functions via @sy.syftfunction for remote execution on the server. While a...

9.8CVSS0.00631EPSS
Exploits0References2
OSV
OSV
added 2026/05/12 8:56 a.m.7 views

BIT-PHP-MIN-2026-6104 Global buffer over-read in mb_convert_encoding() with attacker-supplied encoding

In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mbconvertencoding or related mbstring functions, the code incorrectly assumes that when strncasecmp returns 0 it means the strings have the same length. This can lead to...

9.1CVSS5.9AI score0.00469EPSS
Exploits0References2
OSV
OSV
added 2026/05/12 8:50 a.m.8 views

BIT-LIBPHP-2026-6104 Global buffer over-read in mb_convert_encoding() with attacker-supplied encoding

In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mbconvertencoding or related mbstring functions, the code incorrectly assumes that when strncasecmp returns 0 it means the strings have the same length. This can lead to...

9.1CVSS5.9AI score0.00469EPSS
Exploits0References2
OSV
OSV
added 2026/05/12 4:24 a.m.6 views

MAL-2026-3562 Malicious code in @uipath/packager-tool-functions (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ecd70af63416c44f0ddb62846ccd313a62afda6fb1664a7cc989789cd983a6cf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References6
CVE
CVE
added 2026/05/12 3:56 a.m.20 views

CVE-2026-7287

The CVE affects Zyxel NWA1100-N customized firmware 1.00(AACE.1)C0, specifically the webs binary and its functions formWep(), formWlAc(), formPasswordSetup(), formUpgradeCert(), and formDelcert(). The root cause is a buffer overflow in these functions, which could allow an attacker to trigger a d...

7.5CVSS6AI score0.00309EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder