Lucene search
K

339 matches found

Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.7 views

PT-2026-5975

Name of the Vulnerable Software and Affected Versions Comic Book Reader version 1.0.95 Description A flaw exists in the file import process of Comic Book Reader that allows for arbitrary file overwrites. Successful exploitation could lead to arbitrary code execution or the disclosure of sensitive...

6.5CVSS6.2AI score0.00465EPSS
Exploits0References8
AlpineLinux
AlpineLinux
added 2026/01/26 9:53 p.m.3 views

CVE-2026-23890

pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's bin linking allows malicious npm packages to create executable shims or symlinks outside of nodemodules/.bin. Bin names starting with @ bypass validation, and after scope normalization, path traversal...

6.5CVSS5.9AI score0.00438EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/01/26 9:17 p.m.9 views

CVE-2026-23986

Copier is a library and CLI app for rendering project templates. Prior to version 9.11.2, Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it...

7.1CVSS6AI score0.00224EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/01/25 11:31 a.m.131 views

Vulnserver-Buffer-Overflow-Automation

Vulnserver-Buffer-Overflow-Automation A modular Python 3 autom...

6AI score
Exploits0
OSV
OSV
added 2026/01/21 11:6 a.m.2 views

OPENSUSE-SU-2026:20072-1 Security update for podman

This update for podman fixes the following issues: - CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files bsc1252376. - CVE-2025-9566: kube play command may overwrite host files bsc1249154...

8.4CVSS5.9AI score0.01008EPSS
Exploits4References6
RedhatCVE
RedhatCVE
added 2026/01/21 7:19 a.m.12 views

CVE-2026-0895

The extension extends TYPO3’ FileSpool component, which was vulnerable to Insecure Deserialization prior to TYPO3-CORE-SA-2026-004 https://typo3.org/security/advisory/typo3-core-sa-2026-004 . Since the related fix is overwritten by the extension, using the extension with a patched TYPO3 core...

5.2CVSS5.5AI score0.00122EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.13 views

PT-2026-3545

Name of the Vulnerable Software and Affected Versions TYPO3 FileSpool Extension affected versions not specified Description The FileSpool extension for TYPO3 contains a flaw related to Insecure Deserialization. The extension’s code, derived from the TYPO3 core, reintroduces a previously addressed...

5.2CVSS5.4AI score0.00122EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 8 : php:7.4 (AXSA:2022-3857:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3857:01 advisory. ArchiveTar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked CVE-2020-28948 ArchiveTar: improper filename...

7.8CVSS7.5AI score0.84554EPSS
Exploits5References4
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 7 : php-pear-1.9.4-23.el7 (AXSA:2022-4004:01)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-4004:01 advisory. ArchiveTar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked CVE-2020-28948 ArchiveTar: improper filename...

7.8CVSS7.5AI score0.84554EPSS
Exploits5References4
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.6 views

GuardDog 路径遍历漏洞

GuardDog is a CLI tool in GuardDog open source that allows identifying malicious PyPI packages. A path traversal vulnerability exists in GuardDog versions prior to 2.7.1, which stems from the presence of path traversal in the safeextract function, which could lead to arbitrary file overwriting an...

9.8CVSS6.3AI score0.00946EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.11 views

MiracleLinux 7 : openssh-7.4p1-23.0.3.0.3.el7.AXS7 (AXSA:2025-10789:04)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10789:04 advisory. CVE-2018-20685: fix a vulnerability scp client where a malicious server could bypass intended access restrictions and modify target directory...

6.8CVSS7.4AI score0.58204EPSS
Exploits9References4
EUVD
EUVD
added 2026/01/10 5:43 a.m.5 views

EUVD-2026-1873

DevToys is a desktop app for developers. In versions from 2.0.0.0 to before 2.0.9.0, a path traversal vulnerability exists in the DevToys extension installation mechanism. When processing extension packages NUPKG archives, DevToys does not sufficiently validate file paths contained within the...

8.8CVSS6.7AI score0.00392EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 9:51 a.m.19 views

CVE-2020-10665

Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges, leading to arbitrary DACL permissions overwrites and arbitrary file writes. This affects Docker Desktop Enterprise before 2.1.0.9, Docker...

7.2CVSS7.2AI score0.01435EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.4 views

PT-2026-20978

Name of the Vulnerable Software and Affected Versions libssh-config versions prior to 0.11.4-1.1 Description The software is susceptible to a denial of service condition resulting from inefficient handling of regular expressions. Recommendations Update to libssh-config version 0.11.4-1.1 or later...

8.2CVSS6.2AI score0.00582EPSS
Exploits0References108
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.4 views

PT-2026-20976

Name of the Vulnerable Software and Affected Versions libssh-config affected versions not specified Description The software is susceptible to a denial of service due to improper handling of configuration files. Recommendations At the moment, there is no information about a newer version that...

8.2CVSS6.2AI score0.00582EPSS
Exploits0References109
RedhatCVE
RedhatCVE
added 2025/12/18 10:37 p.m.4 views

CVE-2025-68144

In mcp-server-git versions prior to 2025.12.17, the gitdiff and gitcheckout functions passed user-controlled arguments directly to git CLI commands without sanitization. Flag-like values e.g., --output=/path/to/file for gitdiff would be interpreted as command-line options rather than git refs,...

6.3CVSS7.3AI score0.0728EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.5 views

Model Context Protocol Servers 参数注入漏洞

Model Context Protocol Servers is a large model context protocol server from Model Context Protocol open source. A parameter injection vulnerability exists in versions of Model Context Protocol Servers prior to 2025.12.17, which stems from the gitdiff and gitcheckout functions passing...

7.1CVSS7.2AI score0.0728EPSS
Exploits0References2
CVE
CVE
added 2025/12/15 2:25 p.m.19 views

CVE-2025-13950

CVE-2025-13950 affects the OneSignal – Web Push Notifications WordPress plugin. It allows unauthenticated modification of data (App ID, REST API key, and notification behavior) via POST requests due to a missing capability check in settings handling for all versions up to 3.6.1. The issue is netw...

5.3CVSS5AI score0.003EPSS
Exploits0References2
Veracode
Veracode
added 2025/12/13 7:42 a.m.9 views

Arbitrary File Upload

open-webui is vulnerable to Arbitrary File Upload. The vulnerability is due to insufficient validation of uploaded file content types and user-controlled filenames, which allows an attacker to overwrite critical files and potentially execute arbitrary code...

8.1CVSS8.1AI score0.00881EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2025/12/13 5:12 a.m.4 views

Unrestricted File Upload

dnn.platform is vulnerable to Unrestricted File Upload. The vulnerability is due to the default HTML editor provider allowing unauthenticated file uploads and overwriting of existing files, which allows an attacker to upload malicious files, deface the website, and potentially inject XSS payloads...

10CVSS5.8AI score0.44656EPSS
Exploits3References3Affected Software1
Rows per page
Query Builder