Lucene search
K

86 matches found

Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-58579 RAGFlow < 0.26.3 - Stored Cross-Site Scripting via Agent Pipeline Node Name

RAGFlow before 0.26.3 stores an agent pipeline DSL node name without sanitization: the agent update endpoint normalizes the submitted DSL via normalizedsl, which only performs JSON serialization validation and preserves the node name verbatim. The dataflow-result web UI then renders that name int...

5.4CVSS0.00182EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/30 2:42 p.m.7 views

mariadb: MariaDB Server: Arbitrary code execution via wsrep_notify_cmd

A flaw was found in MariaDB server. When the wsrepnotifycmd feature is enabled, a remote attacker could exploit this vulnerability by embedding shell commands in the name of a joiner node. This could lead to arbitrary code execution on the server, allowing the attacker to take full control of the...

10CVSS6.5AI score0.00998EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/30 1:11 p.m.8 views

mariadb: MariaDB Server: Arbitrary code execution via wsrep_notify_cmd

A flaw was found in MariaDB server. When the wsrepnotifycmd feature is enabled, a remote attacker could exploit this vulnerability by embedding shell commands in the name of a joiner node. This could lead to arbitrary code execution on the server, allowing the attacker to take full control of the...

10CVSS6.5AI score0.00998EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/30 11:22 a.m.6 views

mariadb: MariaDB Server: Arbitrary code execution via wsrep_notify_cmd

A flaw was found in MariaDB server. When the wsrepnotifycmd feature is enabled, a remote attacker could exploit this vulnerability by embedding shell commands in the name of a joiner node. This could lead to arbitrary code execution on the server, allowing the attacker to take full control of the...

10CVSS6.5AI score0.00998EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/30 7:8 a.m.12 views

mariadb: MariaDB Server: Arbitrary code execution via wsrep_notify_cmd

A flaw was found in MariaDB server. When the wsrepnotifycmd feature is enabled, a remote attacker could exploit this vulnerability by embedding shell commands in the name of a joiner node. This could lead to arbitrary code execution on the server, allowing the attacker to take full control of the...

10CVSS6.5AI score0.00998EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/29 10:57 p.m.7 views

mariadb: MariaDB Server: Arbitrary code execution via wsrep_notify_cmd

A flaw was found in MariaDB server. When the wsrepnotifycmd feature is enabled, a remote attacker could exploit this vulnerability by embedding shell commands in the name of a joiner node. This could lead to arbitrary code execution on the server, allowing the attacker to take full control of the...

10CVSS6.5AI score0.00998EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/23 7:44 a.m.10 views

CVE-2026-49261

A flaw was found in MariaDB server. When the wsrepnotifycmd feature is enabled, a remote attacker could exploit this vulnerability by embedding shell commands in the name of a joiner node. This could lead to arbitrary code execution on the server, allowing the attacker to take full control of the...

10CVSS6.5AI score0.00998EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Issue: unittest: Fix null pointer dereferencing in ofunittestfindnodebyname Description: When kmalloc fails to allocate memory in kasprintf, variables like name or fullname will be NULL. In this case, strcmp will cause a null...

5.2AI score0.00195EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/11 5:13 p.m.12 views

CVE-2026-49261 MariaDB server has unsafe parameter handling in `wsrep_notify_cmd`

MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with wsrepnotifycmd enabled would execute shell commands embedded in the name of the joiner node. This is fixed in...

10CVSS5.6AI score0.00998EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/11 5:13 p.m.44 views

CVE-2026-49261 MariaDB server has unsafe parameter handling in `wsrep_notify_cmd`

MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with wsrepnotifycmd enabled would execute shell commands embedded in the name of the joiner node. This is fixed in...

10CVSS0.00998EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/06/11 5:13 p.m.9 views

CVE-2026-49261

MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with wsrepnotifycmd enabled would execute shell commands embedded in the name of the joiner node. This is fixed in...

10CVSS5.9AI score0.00998EPSS
Exploits0References12
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.18 views

MariaDB Server 命令注入漏洞

MariaDB Server is an open-source relational database system developed by MariaDB. Versions 10.6.1 to 10.6.26, 10.11.1 to 10.11.17, 11.4.1 to 11.4.11, 11.8.1 to 11.8.7, and 12.3.1 of MariaDB Server have a vulnerability related to operating system command injection. This vulnerability arises from...

10CVSS5.9AI score0.00998EPSS
Exploits0References2
OSV
OSV
added 2026/06/09 2:33 p.m.6 views

SUSE-SU-2026:2324-1 Security update for perl-XML-LibXML

This update for perl-XML-LibXML fixes the following issue - CVE-2026-8177: read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences bsc1264715...

7.5CVSS5.4AI score0.00531EPSS
Exploits0References3
Amazon
Amazon
added 2026/06/08 12:0 a.m.12 views

Medium: perl-XML-LibXML

Issue Overview: XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. A node name ending in the middle of a multi byte UTF-8 sequence causes the parser to read past the end of the input string into adjace...

7.5CVSS5.5AI score0.00531EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.8 views

Amazon Linux 2023 : perl-XML-LibXML, perl-XML-LibXML-tests (ALAS2023-2026-1795)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1795 advisory. XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. A node name ending in the middle of a multi byte UTF-8...

7.5CVSS5.5AI score0.00531EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: cifs: Prevent NULL dereferencing in cifscomposemountoptions. The optional @ref parameter may contain a NULL nodename. Therefore, prevent dereferencing it in cifscomposemountoptions. Addresses-Coverity: 1476408 “Explicit NULL...

5.5CVSS5.8AI score0.00235EPSS
Exploits0References2
Mageia
Mageia
added 2026/05/14 2:43 a.m.18 views

Updated perl-XML-LibXML packages fix security vulnerability

XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. CVE-2026-8177...

7.5CVSS5.8AI score0.00531EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/10 8:48 p.m.9 views

CVE-2026-8177

XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. A node name ending in the middle of a multi byte UTF-8 sequence causes the parser to read past the end of the input string into adjacent heap memory...

5.8AI score0.00531EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/10 8:48 p.m.44 views

CVE-2026-8177 XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences

XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. A node name ending in the middle of a multi byte UTF-8 sequence causes the parser to read past the end of the input string into adjacent heap memory...

0.00531EPSS
Exploits0References3
CVE
CVE
added 2026/05/10 8:48 p.m.33 views

CVE-2026-8177

XML::LibXML for Perl versions up to 2.0210 parses XML node names containing truncated UTF-8 byte sequences, causing out-of-bounds reads in heap memory when a node name ends mid-multi-byte UTF-8. This can crash the Perl process and lead to denial of service. Evidence across multiple sources (NVD/S...

7.5CVSS5.8AI score0.00531EPSS
Exploits0References8
Rows per page
Query Builder