Lucene search
K

1159 matches found

vulnrichment
vulnrichment
added 2026/06/04 5:55 p.m.8 views

CVE-2026-41237 Froxlor has an incomplete fix for CVE-2026-30932

Froxlor is open source server administration software. In version 2.3.6 and earlier, the LOC record regex uses \s+ which matches newlines allowing embedded newlines to pass, TLSA matchingType=0 has no upper bound on hex data length, and all validators return raw input without zone-file escaping...

8.6CVSS5.4AI score0.00269EPSS
Exploits0References3
cve
cve
added 2026/06/04 5:55 p.m.20 views

CVE-2026-41237

Froxlor CVE-2026-41237 affects versions 2.3.6 and earlier, where the LOC record regex uses \s+ allowing embedded newlines, TLSA matchingType=0 has no upper bound on hex data length, and validators return raw input without zone-file escaping. Version 2.3.7 includes an updated patch. Technical deta...

8.6CVSS5.8AI score0.00269EPSS
Exploits0References3
euvd
euvd
added 2026/06/04 5:55 p.m.11 views

EUVD-2026-34316

Froxlor is open source server administration software. In version 2.3.6 and earlier, the LOC record regex uses \s+ which matches newlines allowing embedded newlines to pass, TLSA matchingType=0 has no upper bound on hex data length, and all validators return raw input without zone-file escaping...

8.6CVSS5.8AI score0.00269EPSS
Exploits0References3
nvd
nvd
added 2026/06/04 4:16 p.m.13 views

CVE-2026-10813

A flaw has been found in LMCache up to 0.4.6. This affects the function hexhashtoint16 of the file lmcache/integration/vllm/utils.py of the component KV Cache Handler. Executing a manipulation can lead to use of weak hash. The attack needs to be launched locally. The attack requires a high level ...

3.6CVSS0.00075EPSS
Exploits0References7
cve
cve
added 2026/06/04 2:45 p.m.22 views

CVE-2026-10813

Technical details about CVE-2026-10813 are not publicly available in the provided documents. Monitor for updates from LMCache advisories for affected components, impact, and patch availability.

3.6CVSS5.1AI score0.00075EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/04 12:0 a.m.19 views

PT-2026-46251

A flaw has been found in LMCache up to 0.4.6. This affects the function hex hash to int16 of the file lmcache/integration/vllm/utils.py of the component KV Cache Handler. Executing a manipulation can lead to use of weak hash. The attack needs to be launched locally. The attack requires a high lev...

3.6CVSS5.1AI score0.00075EPSS
Exploits0References8
susecve
susecve
added 2026/06/03 2:24 a.m.12 views

SUSE CVE-2026-42795

Symlink following vulnerability in Gleam's Hex package export allows files outside the project root to be embedded in the generated package tarball. The file collection helpers gleamfiles, nativefiles, privatefiles in compiler-cli/src/fs.rs use followlinkstrue when walking publishable directories...

5.1CVSS5.9AI score0.00132EPSS
Exploits0References3
euvd
euvd
added 2026/06/02 1:41 p.m.11 views

EUVD-2026-33928

Symlink following vulnerability in Gleam's Hex package export allows files outside the project root to be embedded in the generated package tarball. The file collection helpers gleamfiles, nativefiles, privatefiles in compiler-cli/src/fs.rs use followlinkstrue when walking publishable directories...

5.1CVSS5.9AI score0.00132EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2026/06/02 1:41 p.m.9 views

CVE-2026-42795 Symlink Following in Hex Package Export Allows Embedding Files Outside Project Root

Symlink following vulnerability in Gleam's Hex package export allows files outside the project root to be embedded in the generated package tarball. The file collection helpers gleamfiles, nativefiles, privatefiles in compiler-cli/src/fs.rs use followlinkstrue when walking publishable directories...

5.1CVSS5.9AI score0.00132EPSS
Exploits0References4
cvelist
cvelist
added 2026/06/02 1:41 p.m.34 views

CVE-2026-42795 Symlink Following in Hex Package Export Allows Embedding Files Outside Project Root

Symlink following vulnerability in Gleam's Hex package export allows files outside the project root to be embedded in the generated package tarball. The file collection helpers gleamfiles, nativefiles, privatefiles in compiler-cli/src/fs.rs use followlinkstrue when walking publishable directories...

5.1CVSS0.00132EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/06/02 1:41 p.m.10 views

CVE-2026-42795

Symlink following vulnerability in Gleam's Hex package export allows files outside the project root to be embedded in the generated package tarball. The file collection helpers gleamfiles, nativefiles, privatefiles in compiler-cli/src/fs.rs use followlinkstrue when walking publishable directories...

5.1CVSS5.9AI score0.00132EPSS
Exploits0References5
osv
osv
added 2026/06/02 1:41 p.m.12 views

EEF-CVE-2026-42795 Symlink Following in Hex Package Export Allows Embedding Files Outside Project Root

Summary Symlink following vulnerability in Gleam's Hex package export allows files outside the project root to be embedded in the generated package tarball. The file collection helpers gleamfiles, nativefiles, privatefiles in compiler-cli/src/fs.rs use followlinkstrue when walking publishable...

5.1CVSS5.9AI score0.00132EPSS
Exploits0References3
cve
cve
added 2026/06/02 1:41 p.m.35 views

CVE-2026-42795

Gleam: Symlink following in Hex package export vulnerability (CVE-2026-42795) allows embedding files outside the project root into the generated Hex package. Root cause: file collection in compiler-cli/src/fs.rs uses follow_links(true) for publishable directories (e.g., src/, priv/) and add_path_...

5.1CVSS5.9AI score0.00132EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/02 12:0 a.m.14 views

PT-2026-45756

Name of the Vulnerable Software and Affected Versions Gleam versions 0.10.0-rc1 through 1.17.0 Description A symlink following issue in the Hex package export allows files outside the project root to be embedded in the generated package tarball. The file collection helpers gleam files, native...

5.1CVSS5.6AI score0.00132EPSS
Exploits0References15
hackerone
hackerone
added 2026/05/31 5:50 p.m.24 views

curl: curl/libcurl 8.20.0 NOPROXY bypass via uppercase-hex IPv4 aliases leaks off-proxy Basic credentials to the configured proxy

Summary: curl/libcurl 8.20.0 fails to enforce CURLOPTNOPROXY, --noproxy, and NOPROXY consistently for uppercase-hex IPv4 aliases such as 0X7f.1 on glibc-based systems that accept these legacy numeric IPv4 forms. When a canonical IP literal is excluded from proxying, curl sends the canonical form...

5.8AI score
Exploits0
osv
osv
added 2026/05/26 8:37 a.m.18 views

MAL-2026-4791 Malicious code in react-cleaner (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11c3d7a072dc204b4c150fae46302a31dafd46c85518d4ba7128fc7d36bf6a53 [email protected] is a pino-logger impersonator package main is pino.js, homepage https://getpino.io, module layout mirrors pino's lib/ tree that, ...

6.1AI score
Exploits0References2
alpinelinux
alpinelinux
added 2026/05/21 7:35 a.m.14 views

CVE-2026-7836

An incorrect calculation in the hextoint macro in Netatalk 2.0.0 through 4.4.2 due to improper uppercase character handling allows a remote authenticated attacker to cause limited data modification via crafted hexadecimal input...

3.1CVSS5.8AI score0.00257EPSS
Exploits0
ptsecurity
ptsecurity
added 2026/05/21 12:0 a.m.16 views

PT-2026-42431

Name of the Vulnerable Software and Affected Versions Netatalk versions 2.0.0 through 4.4.2 Description An incorrect calculation in the hextoint macro occurs due to improper handling of uppercase characters. This allows a remote authenticated attacker to cause limited data modification by providi...

3.1CVSS5.8AI score0.00257EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: cfg80211: The PMK parameter is now passed as binary data, rather than hexadecimal data. It appears that the hexadecimal passphrase mechanism does not work on newer chips/firmwares e.g., BCM4387. There was actually...

5.3AI score0.00191EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Ruby 2.5

REXML is an XML toolkit for Ruby. The REXML gem prior to version 3.3.9 has a ReDoS vulnerability when it parses an XML document containing many digits between “&” and “x…” in a hexadecimal character reference &x…. This issue does not occur in Ruby 3.2 or later versions. Ruby 3.1 is the only...

8.7CVSS6.7AI score0.01429EPSS
Exploits0References2
Rows per page
Query Builder