Lucene search
K

274 matches found

OSV
OSV
added 2026/07/06 6:26 a.m.4 views

OESA-2026-2813 python-urllib3 security update

HTTP library with thread-safe connection pooling, file post support, sanity friendly, and more. Security Fixes: urllib3 version 2.6.3 is vulnerable to a decompression bomb bypass in its streaming API preloadcontent=False when using Brotli support. The issue arises due to three independent code...

7.5CVSS7.4AI score0.00304EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/06/29 3:11 p.m.55 views

Exploit for SQL Injection in Drupal

CVE-2026-9082 Drupal PostgreSQL SQLi to RCE This repository c...

9.8CVSS6.2AI score0.84631EPSS
Exploits14
NVD
NVD
added 2026/06/29 6:16 a.m.9 views

CVE-2026-13534

A vulnerability was detected in CherryHQ cherry-studio up to 1.9.7. This affects the function sha256 of the file src/main/services/memory/MemoryService.ts of the component CherryIN Preload API. Performing a manipulation of the argument state results in authorization bypass. The attack can be...

5CVSS0.00199EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/29 4:15 a.m.40 views

CVE-2026-13534 CherryHQ cherry-studio CherryIN Preload API MemoryService.ts sha256 authorization

A vulnerability was detected in CherryHQ cherry-studio up to 1.9.7. This affects the function sha256 of the file src/main/services/memory/MemoryService.ts of the component CherryIN Preload API. Performing a manipulation of the argument state results in authorization bypass. The attack can be...

5CVSS0.00199EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/29 4:15 a.m.8 views

CVE-2026-13534

A vulnerability was detected in CherryHQ cherry-studio up to 1.9.7. This affects the function sha256 of the file src/main/services/memory/MemoryService.ts of the component CherryIN Preload API. Performing a manipulation of the argument state results in authorization bypass. The attack can be...

5CVSS5.4AI score0.00199EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2026/06/29 4:15 a.m.21 views

CVE-2026-13534

CherryHQ cherry-studio (up to v1.9.7) contains a memory-access issue in the CherryIN Preload API component: MemoryService.ts sha256 function. According to the CVE entry, manipulating the argument state can bypass authorization, and the attack can be initiated remotely with high complexity; exploi...

5CVSS5.4AI score0.00199EPSS
Exploits0References7
NVD
NVD
added 2026/06/27 9:16 a.m.8 views

CVE-2026-49413

The Linuxulator determined whether a binary was set-user-ID or set-group-ID by checking the PSUGID process flag. During execve2, this flag is not yet set at the point where the auxiliary vector is constructed, so ATSECURE was incorrectly set to zero for set-user-ID and set-group-ID executables. A...

7.1CVSS0.00098EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/27 9:8 a.m.36 views

CVE-2026-49413 Flaw in Linuxulator execution of setugid binaries

The Linuxulator determined whether a binary was set-user-ID or set-group-ID by checking the PSUGID process flag. During execve2, this flag is not yet set at the point where the auxiliary vector is constructed, so ATSECURE was incorrectly set to zero for set-user-ID and set-group-ID executables. A...

0.00098EPSS
Exploits1References1
CVE
CVE
added 2026/06/27 9:8 a.m.127 views

CVE-2026-49413

The CVE-2026-49413 issue affects the Linuxulator in FreeBSD, where the runtime determines set-user-ID/set-group-ID status by the P_SUGID flag. During execve, P_SUGID is not yet set when the ELF auxiliary vector is constructed, causing AT_SECURE to be incorrectly set to zero for setuid/setgid exec...

7.1CVSS5.8AI score0.00098EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-53060

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dm cache metadata: fix memory leak on metadata abort retry When failing to acquire the rootlock in dmcachemetadataabort because the blockmanager is read-only, t...

6AI score0.00184EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-53061

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dm cache: fix dirty mapping checking in passthrough mode switching As mentioned in commit 9b1cc9f251af dm cache: share cache-metadata object across inactive and...

6AI score0.00176EPSS
Exploits0References3
NVD
NVD
added 2026/06/24 5:17 p.m.7 views

CVE-2026-53061

In the Linux kernel, the following vulnerability has been resolved: dm cache: fix dirty mapping checking in passthrough mode switching As mentioned in commit 9b1cc9f251af "dm cache: share cache-metadata object across inactive and active DM tables", dm-cache assumed table reload occurs after...

0.00176EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/24 4:30 p.m.6 views

EUVD-2026-38929

In the Linux kernel, the following vulnerability has been resolved: dm cache: fix dirty mapping checking in passthrough mode switching As mentioned in commit 9b1cc9f251af "dm cache: share cache-metadata object across inactive and active DM tables", dm-cache assumed table reload occurs after...

5.7AI score0.00176EPSS
Exploits0References8
CVE
CVE
added 2026/06/24 4:30 p.m.6 views

CVE-2026-53061

CVE-2026-53061 affects Linux kernel dm-cache. Concrete details in connected documents show a fix for dirty mapping checking in passthrough mode switching, addressing a preload-time issue that could load dirty mappings into passthrough mode and cause data loss. The root cause involves table reload...

5.7AI score0.00176EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/16 3:16 p.m.29 views

CVE-2024-22451

Dell Peripheral Manager, versions from 1.5.1 to 1.7.2, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious executable, leading to arbitrary code execution...

6.7CVSS0.00099EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 2:59 p.m.11 views

CVE-2026-47899

The Electron preload script in Logseq exposes an API method that allows the renderer process to invoke IPC handlers without proper path validation. An attacker with JavaScript execution in the renderer e.g. via XSS or a malicious plugin, can read, write, or delete arbitrary files on the user's...

8.7CVSS5.8AI score0.00137EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.15 views

PT-2026-48523

Name of the Vulnerable Software and Affected Versions FreeBSD affected versions not specified Description A privilege escalation flaw exists in the Linuxulator, a compatibility layer that allows Linux binaries to run on FreeBSD. A logic bug related to AT SECURE occurs during setuid execution...

7.1CVSS5.5AI score0.00098EPSS
Exploits1References14
NVD
NVD
added 2026/06/09 2:16 p.m.18 views

CVE-2026-47899

The Electron preload script in Logseq exposes an API method that allows the renderer process to invoke IPC handlers without proper path validation. An attacker with JavaScript execution in the renderer e.g. via XSS or a malicious plugin, can read, write, or delete arbitrary files on the user's...

8.7CVSS0.00137EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/09 1:23 p.m.32 views

CVE-2026-47899 Arbitrary File Read, Write, Rename, and Delete in Logseq

The Electron preload script in Logseq exposes an API method that allows the renderer process to invoke IPC handlers without proper path validation. An attacker with JavaScript execution in the renderer e.g. via XSS or a malicious plugin, can read, write, or delete arbitrary files on the user's...

8.7CVSS0.00137EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 1:23 p.m.9 views

CVE-2026-47899 Arbitrary File Read, Write, Rename, and Delete in Logseq

The Electron preload script in Logseq exposes an API method that allows the renderer process to invoke IPC handlers without proper path validation. An attacker with JavaScript execution in the renderer e.g. via XSS or a malicious plugin, can read, write, or delete arbitrary files on the user's...

8.7CVSS5.8AI score0.00137EPSS
Exploits0References2
Rows per page
Query Builder