Lucene search
K

186 matches found

CVE
CVE
added 2026/06/30 10:8 p.m.20 views

CVE-2026-56377

ImageMagick vulnerable to a policy- bypass due to an incorrect path check in sandboxed conversion services. Affects ImageMagick before 7.1.2-24, where a crafted request could allow remote or local attackers to create or truncate files outside allowed boundaries by bypassing path policy restrictio...

4.8CVSS5.9AI score0.00164EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/25 10:34 p.m.3 views

GO-2026-5710 Prometheus Azure AD remote write OAuth client secret exposed via config API in github.com/prometheus/prometheus

Prometheus Azure AD remote write OAuth client secret exposed via config API in github.com/prometheus/prometheus...

7.5CVSS5.9AI score0.00326EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/25 6:34 p.m.16 views

EUVD-2026-31483

amazon-braket-sdk vulnerable to Insecure Deserialization via pickle.loads...

7.5CVSS5.8AI score0.0038EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-50023

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, a vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary...

9.6CVSS6AI score0.00555EPSS
Exploits1References3
NVD
NVD
added 2026/06/23 5:17 p.m.8 views

CVE-2026-50023

yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, a vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files such as .desktop, .url, .webloc to the user's filesystem, bypassing the remediation for CVE-2024-38519. The allowlist explicitl...

9.6CVSS0.00555EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2026/06/23 4:8 p.m.6 views

CVE-2026-50023

yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, a vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files such as .desktop, .url, .webloc to the user's filesystem, bypassing the remediation for CVE-2024-38519. The allowlist explicitl...

9.6CVSS6AI score0.00555EPSS
Exploits1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Chromium

Before version 124.0.6367.207, writing out-of-bounds data in V8 using Google Chrome allowed a remote attacker to perform an out-of-bounds memory write through a crafted HTML page. Chromium security severity: High...

8.8CVSS7.7AI score0.11007EPSS
Exploits2References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerabilities in Firefox, Thunderbird, Chromium, and LibWebP

A heap buffer overflow in libwebp in Google Chrome prior to version 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out-of-bounds memory write through a crafted HTML page. Chromium security severity: Critical...

8.8CVSS7.3AI score0.99735EPSS
Exploits9References2
OSV
OSV
added 2026/06/03 2:10 p.m.5 views

SUSE-SU-2026:2243-1 Security update 5.0.8 for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-QubitProducts-exporterexporter: - Security Fixes: - CVE-2022-21698: Fixed denial of service using InstrumentHandlerCounter bsc1248707 golang-github-prometheus-nodeexporter: - Backward Compatibility and packaging changes: - Added compatibility...

9.8CVSS8AI score0.05994EPSS
Exploits2References43
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.7 views

Amazon Kiro IDE 安全漏洞

Amazon Kiro IDE is an integrated development environment developed based on AI specifications by Amazon, Inc. Versions of Amazon Kiro IDE prior to 0.11 contained a security vulnerability. This vulnerability stemmed from insufficient access control restrictions in the file writing tool, allowing...

8.8CVSS5.5AI score0.00373EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/30 12:0 a.m.13 views

Open5GS 缓冲区错误漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain a buffer error vulnerability. This vulnerability stems from the handlescpinfo function in the Shared NF-profile Parser...

5.3CVSS6AI score0.00276EPSS
Exploits0References5
NVD
NVD
added 2026/05/22 7:17 p.m.14 views

CVE-2026-9291

Insecure deserialization in the job results processing component in Amazon Braket SDK before 1.117.0 might allow a remote authenticated user with S3 write access to the job output bucket to achieve arbitrary code execution on any machine that processes job results. We recommend you upgrade to...

7.5CVSS0.0038EPSS
Exploits0References3
CVE
CVE
added 2026/05/22 6:12 p.m.25 views

CVE-2026-9291

Summary: CVE-2026-9291 describes an insecure deserialization flaw in the Amazon Braket SDK’s job results processing. Affected software: Amazon Braket SDK (job results processing component) before version 1.117.0. Impact (as stated): A remote authenticated user with S3 write access to the job outp...

7.5CVSS6.4AI score0.0038EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.9 views

Netatalk 路径遍历漏洞

Netatalk is an open-source software developed by Netatalk. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 2.1.0 to 4.4.2 of Netatalk contained a path traversal vulnerability. This vulnerability stemmed from incomplete cleanup of...

7.6CVSS5.8AI score0.00322EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in net-snmp

The handleipDefaultTTL in agent/mibgroup/ip-mib/ipscalars.c in Net-SNMP versions 5.8 through 5.9.3 has a NULL Pointer Exception bug. This bug can be exploited by a remote attacker who has write access to cause the instance to crash via a crafted UDP packet, resulting in a Denial of Service attack...

6.5CVSS6.8AI score0.52054EPSS
Exploits1References2
NVD
NVD
added 2026/05/14 8:17 p.m.11 views

CVE-2026-8567

Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS0.00183EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/05/14 8:17 p.m.9 views

CVE-2026-8552

Heap buffer overflow in GPU in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

4.3CVSS6AI score0.00195EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/14 7:52 p.m.9 views

CVE-2026-8552

Heap buffer overflow in GPU in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

4.3CVSS6AI score0.00195EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2021-26530

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The mgtlsinit function in Cesanta Mongoose HTTPS server 7.0 compiled with OpenSSL support is vulnerable to remote OOB write attack via connection request after...

9.1CVSS5.8AI score0.01462EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2021-26529

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The mgtlsinit function in Cesanta Mongoose HTTPS server 7.0 and 6.7-6.18 compiled with mbedTLS support is vulnerable to remote OOB write attack via connection...

9.1CVSS7.3AI score0.01462EPSS
Exploits1References2
Rows per page
Query Builder