Lucene search
K

21603 matches found

EUVD
EUVD
added 2026/06/29 1:0 p.m.8 views

EUVD-2026-40089

A security vulnerability has been detected in weng-xianhu EyouCMS up to 1.7.1. This issue affects some unknown processing of the file /index.php of the component API. Such manipulation of the argument clicklike leads to sql injection. The attack can be executed remotely. The exploit has been...

5.8CVSS5.6AI score0.0021EPSS
Exploits0References7
CVE
CVE
added 2026/06/29 1:0 p.m.15 views

CVE-2026-13569

The CVE-2026-13569 entry concerns weng-xianhu EyouCMS (up to version 1.7.1). A vulnerability in the API’s /index.php processing of the click_like argument enables SQL injection. The issue can be exploited remotely and public exploit information has been disclosed. The documents do not provide a p...

5.8CVSS5.6AI score0.0021EPSS
Exploits0References7
OSV
OSV
added 2026/06/29 12:4 p.m.8 views

ROOT-APP-PYPI-GHSA-6V7P-G79W-8964 GHSA-6v7p-g79w-8964 in rootio-msgpack - Patched by Root

Root has patched GHSA-6v7p-g79w-8964 in the rootio-msgpack package for Root:PyPI. Multiple fixed versions available...

5.8AI score
Exploits0
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-396 llama-index-core Command Injection vulnerability

A command injection vulnerability exists in the run-llama/llamaindex repository, specifically within the safeeval function. Attackers can bypass the intended security mechanism, which checks for the presence of underscores in code generated by LLM, to execute arbitrary code. This is achieved by...

9.8CVSS8.1AI score0.02862EPSS
Exploits1References7
OSV
OSV
added 2026/06/29 11:50 a.m.12 views

PYSEC-2026-397 llama-index-core Prompt Injection vulnerability leading to Arbitrary Code Execution

A vulnerability was identified in the executils class of the llamaindex package, specifically within the safeeval function, allowing for prompt injection leading to arbitrary code execution. This issue arises due to insufficient validation of input, which can be exploited to bypass method...

9.8CVSS7.6AI score0.00951EPSS
Exploits0References7
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-293 BBOT's insufficient sanitization issues in gitdumper.py can lead to RCE

Summary bbot's gitdumper.py insufficiently sanitises a .git/config file, leading to Remote Code Execution RCE. bbot's gitdumper.py can be made to consume a malicious .git/index file, leading to arbitrary file write which can be used to achieve Remote Code Execution RCE. Impact A user who uses bbo...

9.6CVSS6.2AI score0.00447EPSS
Exploits0References7
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-398 llama-index-packs-finchat SQL Injection vulnerability

A vulnerability in the FinanceChatLlamaPack of the llama-index-packs-finchat package, versions up to v0.3.0, allows for SQL injection in the runsqlquery function of the databaseagent. This vulnerability can be exploited by an attacker to inject arbitrary SQL queries, leading to remote code...

10CVSS8AI score0.01311EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/06/29 8:43 a.m.5 views

CVE-2026-57235

A flaw was found in Nokogiri, an XML and HTML library for Ruby. This vulnerability allows an attacker to trigger an out-of-bounds read by providing a specially crafted large negative index to certain methods. This can lead to a denial of service DoS by crashing the application on CRuby, or by...

8.2CVSS5.8AI score0.00331EPSS
Exploits0References4
CVE
CVE
added 2026/06/29 3:0 a.m.18 views

CVE-2026-13529

CVE-2026-13529 : In YzmCMS (up to v7.5), a vulnerability affects an unknown function in /application/install/index.php where manipulating the siteurl parameter can cause SQL injection. The issue is exploitable remotely with high attack complexity and partial confidentiality/integrity/availability...

6.3CVSS5.8AI score0.00239EPSS
Exploits0References5
OSV
OSV
added 2026/06/28 4:55 p.m.9 views

MAL-2026-6560 Malicious code in tdata-grabber (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b4c3b37df5e3d08d7bc6ad736e0231ed0dc655640ffdf0dc403f4029ace2787 Package name explicitly declares its purpose as harvesting Telegram Desktop session data tdata directory. The tdata folder contains live authenticate...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/28 12:11 a.m.6 views

OSV-2026-987 Index-out-of-bounds in print_insn_tic6x

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=528509499 Crash type: Index-out-of-bounds Crash state: printinsntic6x disassemblesection bfdmapoversections...

5.8AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-53172

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - accel/ethosu: fix IFM region index out-of-bounds in command stream parser NPUSETIFMREGION extracts the region index with param & 0x7f, giving a maximum value o...

7.8CVSS6.1AI score0.00129EPSS
Exploits0References2
Fedora
Fedora
added 2026/06/27 1:12 a.m.5 views

[SECURITY] Fedora 44 Update: nginx-mod-fancyindex-0.6.0-6.fc44

The Fancy Index module makes possible the generation of file listings, like the built-in autoindex module does, but adding a touch of style. This is possible because the module allows a certain degree of customization of the generated content: Custom headers. Either local or stored remotely. Cust...

9.2CVSS6.9AI score0.03459EPSS
Exploits4
EUVD
EUVD
added 2026/06/26 9:47 p.m.13 views

EUVD-2026-31654

Cargo can be coerced to share credentials between registries...

6.5CVSS7.1AI score0.00328EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/26 7:41 p.m.8 views

EUVD-2026-39841

In the Linux kernel, the following vulnerability has been resolved: tty: hvciucv: fix off-by-one in number of supported devices MAXHVCIUCVLINES == HVCALLOCTTYADAPTERS == 8. This is the number of entries in: static struct hvciucvprivate hvciucvtableMAXHVCIUCVLINES; Sometimes hvciucvtable is limite...

5.8AI score0.00123EPSS
Exploits0References8
OSV
OSV
added 2026/06/26 2:23 p.m.3 views

PYSEC-2026-235 Malicious code in ppkt2synergy (PyPI)

Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08, malicious phantom releases of ppkt2synergy were published to PyPI using stolen credentials. The package executes a bundled JavaScript payload via the Bun runtime on import that harvests and exfiltrates credentials an...

5.8AI score
Exploits0References3
OSV
OSV
added 2026/06/26 2:17 p.m.4 views

PYSEC-2026-234 Malicious code in phenopacket-store-toolkit (PyPI)

Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08, malicious phantom releases of phenopacket-store-toolkit were published to PyPI using stolen credentials. The package executes a bundled JavaScript payload via the Bun runtime on import that harvests and exfiltrates...

5.8AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/26 12:18 a.m.6 views

CVE-2026-53172

A flaw was found in the Linux kernel's accel/ethosu component. An incorrect mask used when processing the NPUSETIFMREGION command allows a local userspace caller to provide an out-of-bounds region index. This can lead to an out-of-bounds write, corrupting adjacent kernel heap data...

7.8CVSS5.8AI score0.00129EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.14 views

PT-2026-52945

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An off-by-one error exists in the hvc iucv tty driver. The issue occurs when the hvc iucv devices counter equals 8, which is the maximum value defined by MAX HVC IUCV LINES. Due to an...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References21
OSV
OSV
added 2026/06/25 10:34 p.m.6 views

GO-2026-5402 SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs in github.com/siyuan-note/siyuan/kernel

SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs in github.com/siyuan-note/siyuan/kernel...

7.2CVSS5.9AI score0.00207EPSS
Exploits0References2
Rows per page
Query Builder