Lucene search
K

10159 matches found

Debian CVE
Debian CVE
added 2026/06/30 10:37 p.m.5 views

CVE-2026-13807

Use after free in Import in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a malicious file. Chromium security severity: High...

7.5CVSS6.2AI score0.00286EPSS
Exploits0
CVE
CVE
added 2026/06/30 10:37 p.m.14 views

CVE-2026-13807

CVE-2026-13807 describes a use-after-free in Import for Google Chrome on iOS, exploited by convincing a user to perform specific UI gestures to run arbitrary code via a malicious file. Affected product: Google Chrome for iOS (before 150.0.7871.47). Root cause: use-after-free in the Import path. I...

7.5CVSS6.2AI score0.00286EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/30 5:16 p.m.10 views

CVE-2026-58174

Hermes WebUI before 0.51.521 validates the workspace of an imported session under the active named profile but constructs the Session object without setting its profile in the /api/session/import handler, so the imported session is persisted with a null profile. Because a null profile is treated ...

6.5CVSS0.00265EPSS
Exploits0References5
CVE
CVE
added 2026/06/30 3:55 p.m.12 views

CVE-2026-58174

Hermes WebUI

6.5CVSS5.8AI score0.00265EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/30 3:55 p.m.6 views

EUVD-2026-40355

Hermes WebUI before 0.51.521 validates the workspace of an imported session under the active named profile but constructs the Session object without setting its profile in the /api/session/import handler, so the imported session is persisted with a null profile. Because a null profile is treated ...

6.5CVSS5.8AI score0.00265EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/30 3:55 p.m.5 views

CVE-2026-58174

Hermes WebUI before 0.51.521 validates the workspace of an imported session under the active named profile but constructs the Session object without setting its profile in the /api/session/import handler, so the imported session is persisted with a null profile. Because a null profile is treated ...

6.5CVSS5.8AI score0.00265EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.6 views

PT-2026-54084

Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 150.0.7871.47 Description A use after free issue exists in the Import component. This occurs when a remote attacker convinces a user to perform specific UI gestures, potentially leading to arbitrary code...

9.6CVSS6.6AI score0.00413EPSS
Exploits0References439
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-40941

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a package import signature validation bypass allows which...

7.1CVSS6.7AI score0.00159EPSS
Exploits0References3
NVD
NVD
added 2026/06/29 6:16 p.m.12 views

CVE-2026-57953

Mythic before 3.4.0.60 contains an authorization bypass vulnerability that allows authenticated spectator-role users to perform unauthorized write operations by accessing the eventingimportautomaticwebhook endpoint registered under spectator-permitted middleware. Attackers with spectator role can...

5.4CVSS0.00249EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/29 5:21 p.m.9 views

EUVD-2026-40138

Mythic before 3.4.0.60 contains an authorization bypass vulnerability that allows authenticated spectator-role users to perform unauthorized write operations by accessing the eventingimportautomaticwebhook endpoint registered under spectator-permitted middleware. Attackers with spectator role can...

5.4CVSS5.8AI score0.00249EPSS
Exploits0References4
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-463 PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode)

Summary executecode in praisonaiagents/tools/pythontools.py v1.6.37, subprocess sandbox mode can be fully bypassed using print.self to retrieve the real Python builtins module, from which import can be extracted via vars and runtime string construction. This achieves arbitrary OS command executio...

9.9CVSS6.4AI score0.0012EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-346 gramps-webapi: Zip Slip Path Traversal in Media Archive Import

Summary A path traversal vulnerability Zip Slip exists in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with directory-traversal filenames to write arbitrary files outside the intended temporary extraction directory on the...

9.1CVSS6AI score0.00401EPSS
Exploits0References7
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-395 LlamaIndex includes an exec call for `import {cls_name}`

An issue was discovered in llamaindex before 0.10.38. download/integration.py includes an exec call for import clsname...

9.8CVSS7.3AI score0.00528EPSS
Exploits0References8
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-351 H2O Deserialization of Untrusted Data Vulnerability

A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4 allows unauthenticated remote attackers to execute arbitrary code via deserialization of untrusted data. The vulnerability exists in the endpoints POST /99/ImportSQLTable and POST /3/SaveToHiveTable, where user-controlled JDBC URLs are...

9.8CVSS7.8AI score0.01441EPSS
Exploits1References6
OSV
OSV
added 2026/06/29 7:28 a.m.11 views

MAL-2026-6590 Malicious code in envfile-sync-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 097a9a647e6d99cd53b881cae4fdd747d03b319388107c946c70b8804d3d917b On every import of envfile-sync-cli, src/index.js calls process.dlopen on bin/native/parser.node — a 2.9MB Windows PE executable sha256...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:21 a.m.10 views

Malicious code in @epic-common/observability-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 73d7457ccefffe2de1f0464f21ac2eadfb981be593d2b34ceb0d5cde1174da0b Package targets the private @epic-common scope Epic Games and is published to the public npm registry as a dependency-confusion vehicle. On import of...

5.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/28 11:3 a.m.9 views

Malicious code in fsociety-tools (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88731d75288f663967fc64dde12b04eb43a2eb3d4113486bf35b1cf3d89ae537 On import, fsocietytools/init.py loads tokens.py, which at module load time instantiates TokenManager. The constructor concatenates eight large strin...

5.9AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-28385

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery SSRF vulnerability in the image import functionality allows authenticated users with t...

5CVSS6AI score0.0017EPSS
Exploits1References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 9:41 p.m.8 views

Malicious code in @osmura/treeify (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4643c1f27e4916ea6090f1e6196c980fa1d65b96899a80b1f57633eaf16a61a9 The package republishes the upstream treeify library Luke Plaster, repo notatestuser/treeify verbatim under the unrelated @osmura scope, preserving t...

5.9AI score
Exploits0References3
OSV
OSV
added 2026/06/26 5:16 p.m.3 views

DEBIAN-CVE-2026-28385

In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery SSRF vulnerability in the image import functionality allows authenticated users with the cancreateimages entitlement to interact with internal network infrastructure via the /images endpoint. When importing an image from a...

5CVSS5.8AI score0.0017EPSS
Exploits1References1
Rows per page
Query Builder