Lucene search
K

2345 matches found

Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.11 views

PT-2026-47115

Stack overflow in lua resume of ldo.c in Lua Interpreter 5.1.05.4.4 allows attackers to perform a Denial of Service via a crafted script file...

5.5AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.22 views

PT-2026-47116

Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.05.4.3 allows attackers to perform Sandbox Escape via a crafted script file...

5.5AI score
Exploits0References6
Fedora
Fedora
added 2026/05/23 4:1 p.m.12 views

[SECURITY] Fedora 42 Update: python3.15-3.15.0~b1-1.fc42

Python 3.15 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.15 package provides the "python3.15" executable:...

9.1CVSS6.5AI score0.00579EPSS
Exploits0
Fedora
Fedora
added 2026/05/23 12:58 a.m.11 views

[SECURITY] Fedora 44 Update: python3.15-3.15.0~b1-1.fc44

Python 3.15 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.15 package provides the "python3.15" executable:...

9.1CVSS6.5AI score0.00579EPSS
Exploits0
OSV
OSV
added 2026/05/22 8:27 a.m.12 views

MAL-2026-4752 Malicious code in gt-tester-exp-profiler-exp-00000015 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55fc219f03cbaeeedb660ad423cc7af08ff1d29154c8b8989b7b0c5d7d5c3d75 setup.py installs a.pth file containing import gttesterexpprofilerexp00000015.probe; probe.runprobe, causing every Python interpreter start on the...

6AI score
Exploits0References1
OSV
OSV
added 2026/05/20 7:28 a.m.10 views

MAL-2026-4466 Malicious code in @weirdorg/config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b28e2fe6ac03c8e426aeb69f62bf0b2bd4dfdb06a5acee273bb5967186c5504d @weirdorg/config impersonates the widely-used config node-config package, copying its README verbatim including the require'config' usage example. Th...

6.3AI score
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: fs/binfmtelf: A memory leak was fixed in loadelfbinary. There is also a memory leak reported by kmemleak: Unreferenced object: 0xffff88817104ef80 size: 224 Reported by comm "xfsadmin", pid 47165, jiffies: 4298708825 age: 1333.476...

5.5CVSS5.9AI score0.00146EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in GhostScript

Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in the sampleddatasample function called from sampleddatacontinue and interp...

5.5CVSS6AI score0.0136EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.12 views

Astra Linux – Vulnerability in GhostScript

In Artifex Ghostscript version 10.01.0, there is a buffer overflow that may lead to corruption of data within the PostScript interpreter, specifically in the bcp/sbcp.c file. This issue affects functions such as BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled just...

9.8CVSS8.4AI score0.06341EPSS
Exploits1References2
NVD
NVD
added 2026/05/12 10:16 a.m.16 views

CVE-2026-5029

A remote code execution vulnerability exists in Code Runner MCP Server when run with the --transport http option, which exposes the /mcp JSON-RPC endpoint without authentication on port 3088. An unauthenticated remote attacker can invoke the run-code MCP tool to supply arbitrary source code and...

8.7CVSS0.00291EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/07 8:21 p.m.8 views

CVE-2026-43584

OpenClaw before 2026.4.10 contains an insufficient environment variable denylist vulnerability in its exec environment policy that allows operator-supplied overrides of high-risk interpreter startup variables including VIMINIT, EXINIT, LUAINIT, and HOSTALIASES. Attackers can exploit this by...

8.8CVSS5.9AI score0.00392EPSS
Exploits0References1
OSV
OSV
added 2026/05/06 9:31 p.m.7 views

GHSA-XRGF-R9GR-JJJF Duplicate Advisory: OpenClaw: Exec environment denylist missed high-risk interpreter startup variables

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vfp4-8x56-j7c5. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.10 contains an insufficient environment variable denylist vulnerability in its exec environmen...

8.8CVSS5.8AI score0.00392EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/06 7:49 p.m.8 views

CVE-2026-43584

OpenClaw before 2026.4.10 contains an insufficient environment variable denylist vulnerability in its exec environment policy that allows operator-supplied overrides of high-risk interpreter startup variables including VIMINIT, EXINIT, LUAINIT, and HOSTALIASES. Attackers can exploit this by...

8.8CVSS5.9AI score0.00392EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.17 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.10 contained security vulnerabilities. These vulnerabilities stemmed from insufficient blacklists for execution environment policy environment variables, which might allow...

8.8CVSS5.9AI score0.00392EPSS
Exploits0References1
Redos
Redos
added 2026/05/05 12:0 a.m.14 views

ROS-20260505-73-0073

A vulnerability in the tarfile module of the Python programming language interpreter CPython is related to incorrect parsing of the file header. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

7.5CVSS6.8AI score0.02203EPSS
Exploits2
Redos
Redos
added 2026/05/05 12:0 a.m.7 views

ROS-20260505-73-0067

A vulnerability in the base64 module of the Python programming language interpreter is related to incorrect data type conversion. Exploitation of the vulnerability allows an attacker acting remotely to execute arbitrary code...

6.3CVSS6.2AI score0.00513EPSS
Exploits1
Redos
Redos
added 2026/05/05 12:0 a.m.13 views

ROS-20260505-73-0065

A vulnerability in the base64 module of the Python programming language interpreter is related to incorrect data type conversion. Exploitation of the vulnerability allows an attacker acting remotely to execute arbitrary code...

6.3CVSS6.2AI score0.00513EPSS
Exploits1
Redos
Redos
added 2026/05/05 12:0 a.m.12 views

ROS-20260505-73-0039

A vulnerability in the plistlib module of the Python programming language interpreter is associated with uncontrolled resource consumption. Exploitation of the vulnerability allows an attacker to cause a denial of service...

5.5CVSS7.1AI score0.00193EPSS
Exploits0
Redos
Redos
added 2026/05/05 12:0 a.m.15 views

ROS-20260505-73-0038

A vulnerability in the plistlib module of the Python programming language interpreter is associated with uncontrolled resource consumption. Exploitation of the vulnerability allows an attacker to cause a denial of service...

5.5CVSS7.1AI score0.00193EPSS
Exploits0
Redos
Redos
added 2026/05/05 12:0 a.m.20 views

ROS-20260505-73-0036

A vulnerability in the plistlib module of the Python programming language interpreter is associated with uncontrolled resource consumption. Exploitation of the vulnerability allows an attacker to cause a denial of service...

5.5CVSS7.1AI score0.00193EPSS
Exploits0
Rows per page
Query Builder