Lucene search
K

14598 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-389 litellm vulnerable to remote code execution based on using eval unsafely

BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote code execution. The vulnerability exists in the adddeployment function, which decodes and decrypts environment variables from base64 and assigns them to os.environ. An attacker can exploit this by sendin...

9.8CVSS7.6AI score0.00875EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/29 4:30 a.m.7 views

EUVD-2026-40032

A flaw has been found in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function GetFileInfo of the file hrsystem/application/models/Employeemodel.php of the component View Endpoint. Executing a manipulation of the argument ID can lead to sql injection. The attack...

6.5CVSS6.4AI score0.00204EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/29 4:30 a.m.7 views

CVE-2026-13535

A flaw has been found in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function GetFileInfo of the file hrsystem/application/models/Employeemodel.php of the component View Endpoint. Executing a manipulation of the argument ID can lead to sql injection. The attack...

6.5CVSS6.4AI score0.00204EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/06/29 12:0 a.m.5 views

CVE-2026-51221

CVE-2026-51221 describes a buffer overflow in the Get_Attribute_List() function of the EIPStackGroup OpENer project (commit 76b95c) that can cause a Denial of Service when processing a crafted CPF packet. Affected component is the OpENer EIP stack; the root cause is a buffer overflow in the Get_A...

7.5CVSS6AI score0.00351EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/29 12:0 a.m.20 views

CVE-2026-51221

A buffer overflow in the GetAttributeList function of EIPStackGroup OpENer commit 76b95c allows attackers to cause a Denial of Service DoS via supplying a crafted Common Packet Format CPF packet...

0.00351EPSS
Exploits0References2
Amazon
Amazon
added 2026/06/29 12:0 a.m.5 views

Critical: rclone

Issue Overview: Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until 1.74.3, rclone rcd --rc-serve accepts unauthenticated GET and HEAD requests to paths of the form: /remote:path/object. The remote value is parsed from th...

9.8CVSS5.8AI score0.00701EPSS
Exploits0
Amazon
Amazon
added 2026/06/29 12:0 a.m.6 views

Critical: rclone

Issue Overview: Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until 1.74.3, rclone rcd --rc-serve accepts unauthenticated GET and HEAD requests to paths of the form: /remote:path/object. The remote value is parsed from th...

9.8CVSS5.9AI score0.00701EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/28 11:0 p.m.36 views

CVE-2026-13513 MyScale MyScaleDB SegmentId.h getCacheKey data authenticity

A security flaw has been discovered in MyScale MyScaleDB up to 1.8.0. This vulnerability affects the function SegmentId::getCacheKey in the library src/VectorIndex/Common/SegmentId.h. The manipulation results in insufficient verification of data authenticity. It is possible to launch the attack...

5CVSS0.00133EPSS
Exploits0References7
Nuclei
Nuclei
added 2026/06/28 3:8 p.m.16 views

dotCMS Core Publish Audit API - Unauthenticated SQL Injection

dotCMS Core 25.11.04-1 through 26.04.28-02 contains an SQL injection caused by unsanitized input in Publish Audit API endpoints /api/auditPublishing/get and /api/auditPublishing/getAll, letting remote unauthenticated attackers read, modify, or destroy arbitrary database content, exploit requires ...

10CVSS6AI score0.01584EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/06/28 11:15 a.m.8 views

CVE-2026-13491

A vulnerability was detected in 78 xiaozhi-esp32 up to 2.2.6. This vulnerability affects the function Application::GetInstance of the file main/protocols/mqttprotocol.cc of the component MQTT Goodbye Handler. Performing a manipulation of the argument sessionid results in denial of service. The...

6.3CVSS4.9AI score0.00411EPSS
Exploits0References8Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-53219

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: xtables: avoid leaking percpu counter pointers The native and compat get-entries paths copy the fixed rule entry header from the kernelized rule blob...

5.5CVSS6.1AI score0.00128EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-53203

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - accel/ivpu: Add buffer overflow check in MS getinfoioctl Add validation that the info size returned from the metric stream info query is not exceeded when check...

7.1CVSS6.2AI score0.00153EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:10 a.m.6 views

netfilter: nft_ct: bail out on template ct in get eval

...

7.8CVSS5.8AI score0.00128EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:5 a.m.5 views

mm/memory-failure: fix hugetlb_lock AA deadlock in get_huge_page_for_hwpoison

...

5.5CVSS5.8AI score0.00099EPSS
Exploits0
OSV
OSV
added 2026/06/26 8:24 p.m.3 views

JLSEC-2026-647 It is possible to cause an use-after-free write in SANM decoding with a carefully crafted...

It is possible to cause an use-after-free write in SANM decoding with a carefully crafted animation using subversion storedframe. Stored frames can later be referenced by FTCH chunks. For files using subversion storedframe. Leaving ctx-hasdimensions set to false. A subsequent chunk with type...

8.7CVSS6AI score0.00167EPSS
Exploits0References4
NVD
NVD
added 2026/06/26 6:16 p.m.9 views

CVE-2026-47221

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.18.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the router filter contains a null pointer dereference vulnerability when handling HTTP 303 See Other internal redirects for body-less non-GET/HEAD requests...

7.5CVSS0.00445EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/26 5:35 p.m.7 views

EUVD-2026-39823

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.18.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the router filter contains a null pointer dereference vulnerability when handling HTTP 303 See Other internal redirects for body-less non-GET/HEAD requests...

5.9CVSS6AI score0.00445EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2026/06/26 2:10 a.m.6 views

SUSE CVE-2026-53203

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Add buffer overflow check in MS getinfoioctl Add validation that the info size returned from the metric stream info query is not exceeded when checked against the allocated buffer size. If the firmware returns a size...

7.1CVSS6AI score0.00153EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/26 2:9 a.m.8 views

SUSE CVE-2026-53219

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtables: avoid leaking percpu counter pointers The native and compat get-entries paths copy the fixed rule entry header from the kernelized rule blob to userspace before overwriting the entry's counter fields with a...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/26 1:27 a.m.35 views

CVE-2026-13226 Groundhogg <= 4.5.4 - Authenticated (Custom+) SQL Injection via 'after' Parameter

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'after' parameter in all versions up to, and including, 4.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS0.00281EPSS
Exploits0References8
Rows per page
Query Builder