Lucene search
K

159 matches found

Debian CVE
Debian CVE
added 2 days ago6 views

CVE-2026-7017

HTTP::Tiny versions before 0.095 for Perl forward credential headers to cross-origin redirect targets. When the server returns a 3xx redirect, mayberedirect follows the Location: header and prepareheadersandcb re-merges the caller's headers argument into the new request, without checking whether...

7.1CVSS6AI score0.0026EPSS
Exploits0
OSV
OSV
added 2 days ago4 views

PYSEC-2026-1431 Guardrails AI vulnerable to Improper Restriction of XML External Entity Reference

RAIL documents are an XML-based format invented by Guardrails AI to enforce formatting checks on LLM outputs. Guardrails users that consume RAIL documents from external sources are vulnerable to XXE, which may cause leakage of internal file data via the SYSTEM entity...

8.2CVSS5.9AI score0.00408EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/25 12:58 p.m.30 views

CVE-2026-40012 Information about ECS zero scoped answers might leak to clients that use a specific ECS

ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;...

5.3CVSS0.00305EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10, Linux

Several Linux PV device frontends are vulnerable to attacks by backends that use grant table interfaces to remove access rights in a way that is subject to race conditions. This can lead to potential data leaks, data corruption by malicious backends, and denial of service attacks. The blkfront,...

7CVSS6.6AI score0.00351EPSS
Exploits0References2
OSV
OSV
added 2026/06/15 4:44 p.m.5 views

GHSA-GV2Q-MQQV-365M Angular Service Worker Policy-Bypass & Credential-Stripping Vulnerabilities

An issue in the @angular/service-worker package compromises the integrity of request-policy enforcement during request reconstruction. When the Angular Service Worker intercepts network requests for matched assets, it reconstructs a new Request object using an internal helper function. During thi...

5.7CVSS5.5AI score0.00165EPSS
Exploits0References3
OSV
OSV
added 2026/06/11 1:28 p.m.9 views

GHSA-9GW6-46QC-99VR Meta Ads MCP: Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token

Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token | Field | Value | | ---------------- | ----- | | Repository | pipeboard-co/meta-ads-mcp | | Affected version | ≤ 1.0.101 commit 496c988 7d14226; Versions 1.0.102–1.0.105 lack git tags, so patch status is unconfirmed. | |...

9.1CVSS5.8AI score0.0013EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/10 12:34 a.m.12 views

EUVD-2026-35917

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, several ESP-TEE secure-service wrappers in espsecureservices.c and espsecureservicesiram.c validated only some of the caller-supplied pointer arguments, leaving input pointer arguments unchecked...

7.1CVSS5.4AI score0.00117EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/09 2:20 a.m.10 views

SUSE CVE-2026-46309

In the Linux kernel, the following vulnerability has been resolved: drm/xe/uapi: Reject cohnone PAT index for CPU cached memory in madvise Add validation in xevmmadviseioctl to reject PAT indices with XECOHNONE coherency mode when applied to CPU cached memory. Using cohnone with CPU cached buffer...

5.5CVSS5.4AI score0.00119EPSS
Exploits0References3
OSV
OSV
added 2026/05/28 5:52 p.m.13 views

GHSA-Q8CJ-789H-VG24 OpenBao's Inline Auth Incorrectly Redacted Headers

Impact OpenBao's inline auth functionality incorrectly redacted audit log entries, resulting in non-auth headers being removed and auth-related headers being retained in cleartext. This requires an attacker to compromise access to the audit device. Operators should review leaked source...

5.4CVSS5.8AI score0.00029EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

AppLockZ - TrustedApp App Lock and Fingerprint Lock 安全漏洞

AppLockZ - TrustedApp App Lock and Fingerprint Lock is a mobile application security tool developed by AppLockZ - TrustedApp. Version 4.2.11 of AppLockZ - TrustedApp App Lock and Fingerprint Lock contains a security vulnerability. This vulnerability stems from the PIN lock being implemented as a...

2.4CVSS5.8AI score0.00186EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: ipv4: Prevent potential spectre v1 gadgets in ipmetricsconvert if !type continue; if type RTAXMAX return -EINVAL; ... metricstype - 1 = val; @type is used as an array index, and we need to prevent CPU speculation or risk leaking...

5.5CVSS6.2AI score0.00247EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.11 views

PT-2026-42206

Impact On April 29, 2026, compromised versions of @cap-js/[email protected], @cap-js/[email protected], and @cap-js/[email protected] were published. The malicious packages harvested credentials and attempted self-propagation. If a compromised version was installed, all credentials accessible on that...

5.8AI score0.00025EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform developed by the Indian company HCL. HCL AION has a security vulnerability, which stems from the possibility of sensitive information being included in URL parameters, potentially leading to leaks through browser history, logs, or intermediate syste...

2.6CVSS5.8AI score0.00115EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/05/12 12:0 a.m.10 views

Reconstruction of Personally Identifiable Information from Supervised Finetuned Models

Supervised Finetuning SFT has become one of the primary methods for adapting a large language model LLM with extensive pre-trained knowledge to domain-specific, instruction-following tasks. SFT datasets, composed of instruction-response pairs, often include user-provided information that may...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

Istio 代码问题漏洞

Istio is an open-source platform that connects, manages, and protects microservices. Versions of Istio prior to 1.28.6 and 1.29.2 have code vulnerabilities. These vulnerabilities arise when creating a RequestAuthentication resource that points to an internal service’s jwksUri, and Istio does not...

7.7CVSS5.9AI score0.00329EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.11 views

PT-2026-36778

The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to leak sensitive user information...

5.8AI score0.0027EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/01 12:0 a.m.34 views

CVE-2026-37504

Sensitive servertoken exposed via GET parameter in V2Board thru 1.7.4. In app/Http/Controllers/Server/UniProxyController.php, the server authentication token is accepted via GET parameter transmission. The token appears in URLs such as /api/v1/server/UniProxy/user?token=SECRET, causing it to be...

5.3CVSS0.00286EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.11 views

PT-2026-35374

Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper Templately allows Retrieve Embedded Sensitive Data.This issue affects Templately: from n/a through 3.6.1...

7.7CVSS5.2AI score0.00212EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.12 views

uutils coreutils 安全漏洞

uutils coreutils is a cross-platform core command-line toolset developed by Uutils Open Source. There is a security vulnerability in uutils coreutils. This vulnerability arises from the fact that the mktemp utility fails to properly handle the empty TMPDIR environment variable. Unlike GNU mktemp,...

3.3CVSS5.8AI score0.00133EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/14 11:18 p.m.11 views

Permissive Cross-domain Policy with Untrusted Domains

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Permissive Cross-domain Policy with Untrusted Domains via the allowOrigin function. An attacker can access sensitive user data and perform unauthorized actions by...

8.6CVSS5.7AI score0.00335EPSS
Exploits1References2
Rows per page
Query Builder