Lucene search
+L

7983 matches found

cve
cve
added yesterday21 views

CVE-2026-44019

Docling Core (docling-core) versions 2.5.0 through before 2.74.1 allow local file:// image references and inline data: content without a decoded-size limit when processing untrusted image references. This could enable access to local files readable by the process or cause excessive memory usage f...

8.1CVSS6.1AI score0.0004EPSS
Exploits0References2
cve
cve
added yesterday5 views

CVE-2026-59867

CVE-2026-59867 affects Kiota, an OpenAPI-based HTTP client code generator. Before 1.32.5, Kiota’s OpenAPI $ref resolution could fetch remote http(s) URLs or read local absolute/out-of-tree file paths, enabling build‑time SSRF, remote file inclusion, and local file inclusion when generating client...

7.1CVSS6.2AI score
Exploits0References4
cve
cve
added 2 days ago6 views

CVE-2026-59259

CVE-2026-59259 affects n8n released until versions 1.123.61, 2.27.4, and 2.28.1. The vulnerability is a permission bypass in external secrets handling caused by a mismatch between the static validation check and the runtime expression engine. An authenticated user who can create or update credent...

6.5CVSS6.2AI score0.00344EPSS
Exploits0References2Affected Software1
redhat
redhat
added 4 days ago5 views

Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

9.8CVSS6.2AI score0.00353EPSS
Exploits8References12
circl
circl
added 4 days ago5 views

CVE-2026-57768

creationtimestamp| type| source ---|---|--- 2026-07-13 10:58:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqjjwtdbq32z 2026-07-13 11:32:44+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqjlsx6hqk2a 2026-07-16 07:57:31+00:00| seen|...

8.2CVSS6.1AI score0.00228EPSS
Exploits0References3
circl
circl
added 6 days ago10 views

CVE-2026-61447

creationtimestamp| type| source ---|---|--- 2026-07-11 14:28:04+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqeup5otvv2b 2026-07-11 14:36:06+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqev5jlzua2c 2026-07-11 15:00:53+00:00| seen|...

10CVSS6.1AI score0.00544EPSS
Exploits0References8
redhatcve
redhatcve
added last week7 views

CVE-2026-7492

A flaw was found in GitLab. Under certain conditions, an unauthenticated user could determine the existence of a private project. This information disclosure is possible due to improper authorization controls on cross-project reference pages. This vulnerability allows an attacker to gain sensitiv...

5.3CVSS6AI score0.00254EPSS
Exploits0References6
redhatcve
redhatcve
added 2026/07/09 1:19 p.m.6 views

CVE-2026-59819

A flaw was found in LiteLLM, a proxy server for Large Language Model LLM APIs. A privileged caller, such as a proxy administrator, with permissions to test model connections, could exploit the /health/testconnection endpoint. By supplying specific environment or OIDC OpenID Connect file reference...

4.9CVSS6AI score0.00258EPSS
Exploits0References6
nessus
nessus
added 2026/07/09 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-7492

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.1 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain...

5.3CVSS6.2AI score0.00254EPSS
Exploits0References2
nessus
nessus
added 2026/07/09 12:0 a.m.7 views

GitLab 9.1 < 18.11.7 / 19.0 < 19.0.4 / 19.1 < 19.1.2 (CVE-2026-7492)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.1 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an...

5.3CVSS6.2AI score0.00254EPSS
Exploits0References5
snyk
snyk
added 2026/07/08 10:39 p.m.7 views

External Control of File Name or Path

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to External Control of File Name or Path via request-supplied OIDC file references through the /health/testconnection handler in litellm/proxy/healthendpoints/healthendpoints....

6.9CVSS6.2AI score0.00258EPSS
Exploits0References2
nvd
nvd
added 2026/07/08 9:16 p.m.7 views

CVE-2026-7492

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.1 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an unauthenticated user to determine the existence of a private project due to improper authorization controls...

5.3CVSS0.00254EPSS
Exploits0References3
cvelist
cvelist
added 2026/07/08 8:46 p.m.33 views

CVE-2026-7492 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.1 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an unauthenticated user to determine the existence of a private project due to improper authorization controls...

4.3CVSS0.00254EPSS
Exploits0References3
euvd
euvd
added 2026/07/08 8:46 p.m.6 views

EUVD-2026-42406

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.1 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an unauthenticated user to determine the existence of a private project due to improper authorization controls...

4.3CVSS6AI score0.00254EPSS
Exploits0References3
cve
cve
added 2026/07/08 8:46 p.m.68 views

CVE-2026-7492

GitLab CE/EE vulnerable in all versions before patch levels: 18.11.7 for 9.1–18.11.x, 19.0.4 for 19.0.x, and 19.1.2 for 19.1.x. The issue allowed an unauthenticated user to determine the existence of a private project due to improper authorization controls on cross‑project reference pages. Impact...

5.3CVSS6AI score0.00254EPSS
Exploits0References3Affected Software1
nvd
nvd
added 2026/07/08 8:16 p.m.6 views

CVE-2026-58501

Zeep is a Python SOAP client. From 4.0.0 before 4.3.3, Settings.forbidexternal is defined but not enforced when parsing WSDL or XSD documents, allowing transitive xsd:import, xsd:include, wsdl:import, and lxml entity or DTD references to fetch attacker-chosen HTTP or HTTPS URLs. This issue is fix...

5.9CVSS0.00252EPSS
Exploits0References3
osv
osv
added 2026/07/08 8:16 p.m.4 views

UBUNTU-CVE-2026-58501

Zeep is a Python SOAP client. From 4.0.0 before 4.3.3, Settings.forbidexternal is defined but not enforced when parsing WSDL or XSD documents, allowing transitive xsd:import, xsd:include, wsdl:import, and lxml entity or DTD references to fetch attacker-chosen HTTP or HTTPS URLs. This issue is fix...

5.9CVSS6.1AI score0.00252EPSS
Exploits0References5
cvelist
cvelist
added 2026/07/08 7:33 p.m.34 views

CVE-2026-59819 LiteLLM: Local file read via request-supplied OIDC file references

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.83.10-stable, LiteLLM's /health/testconnection endpoint resolved request-supplied environment and OIDC file references in litellmparams, allowing a proxy administrator or another privileged caller with...

2.1CVSS0.00258EPSS
Exploits0References3
cve
cve
added 2026/07/08 7:33 p.m.11 views

CVE-2026-59819

LiteLLM (proxy for LLM APIs) prior to 1.83.10-stable has a local file read risk via the /health/test_connection endpoint. A privileged caller (e.g., proxy administrator) could supply environment/oidc/file references in litellm_params to read arbitrary local files, exposing sensitive contents. The...

4.9CVSS5.9AI score0.00258EPSS
Exploits0References3Affected Software1
osv
osv
added 2026/07/08 7:33 p.m.5 views

CVE-2026-59819 LiteLLM: Local file read via request-supplied OIDC file references

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.83.10-stable, LiteLLM's /health/testconnection endpoint resolved request-supplied environment and OIDC file references in litellmparams, allowing a proxy administrator or another privileged caller with...

2.1CVSS6.1AI score0.00258EPSS
Exploits0References5
Rows per page
Query Builder