Lucene search
K

252592 matches found

Debian
Debian
added 2026/05/14 5:56 p.m.14 views

[SECURITY] [ERRATUM] [SECURITY] [DLA 4571-1] apache2 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4571-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès May 08, 2026 https://wiki.debian.org/LTS -...

9.8CVSS6.2AI score0.01325EPSS
Exploits2
Cvelist
Cvelist
added 2026/05/14 5:48 p.m.45 views

CVE-2025-15024 RCE in Yordam Informatics' Library Automation System

Improper Control of Generation of Code 'Code Injection' vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Remote Code Inclusion. This issue affects Library Automation System: from v.19.5 before v.22....

8.8CVSS0.00246EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/14 5:23 p.m.15 views

OpenEXR: OpenEXR: Arbitrary code execution and information disclosure via crafted EXR file

A flaw was found in OpenEXR, an image storage format for the motion picture industry. A remote attacker could exploit an integer overflow vulnerability in the internalexrundopiz function by providing a specially crafted EXR file. This flaw leads to out-of-bounds reads and writes, which may allow...

8.8CVSS6.3AI score0.00482EPSS
Exploits1References5
PyPA
PyPA
added 2026/05/14 5:16 p.m.13 views

PYSEC-2026-41

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, diffusers 0.37.0 allows remote code execution without the trustremotecode=True safeguard when loading pipelines from Hugging Face Hub repositories. The resolvecustompipelineandcls function in pipelineloadingutils.py...

8.8CVSS6.5AI score0.00562EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2026/05/14 5:16 p.m.13 views

CVE-2026-44827

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, diffusers 0.37.0 allows remote code execution without the trustremotecode=True safeguard when loading pipelines from Hugging Face Hub repositories. The resolvecustompipelineandcls function in pipelineloadingutils.py...

8.8CVSS0.00562EPSS
Exploits1References1
OSV
OSV
added 2026/05/14 5:16 p.m.12 views

PYSEC-2026-41

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, diffusers 0.37.0 allows remote code execution without the trustremotecode=True safeguard when loading pipelines from Hugging Face Hub repositories. The resolvecustompipelineandcls function in pipelineloadingutils.py...

8.8CVSS6.5AI score0.00562EPSS
Exploits1References1
PyPA
PyPA
added 2026/05/14 5:16 p.m.13 views

PYSEC-2026-40

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trustremotecode bypass in DiffusionPipeline.frompretrained allows arbitrary remote code execution despite the user passing trustremotecode=False or omitting it, which is the default. The vulnerability has three variant...

8.8CVSS6.5AI score0.00865EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/05/14 5:16 p.m.11 views

PYSEC-2026-40

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trustremotecode bypass in DiffusionPipeline.frompretrained allows arbitrary remote code execution despite the user passing trustremotecode=False or omitting it, which is the default. The vulnerability has three variant...

8.8CVSS6.5AI score0.00865EPSS
Exploits1References1
NVD
NVD
added 2026/05/14 5:16 p.m.36 views

CVE-2026-44513

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trustremotecode bypass in DiffusionPipeline.frompretrained allows arbitrary remote code execution despite the user passing trustremotecode=False or omitting it, which is the default. The vulnerability has three variant...

8.8CVSS0.00865EPSS
Exploits1References4
NVD
NVD
added 2026/05/14 5:16 p.m.13 views

CVE-2026-42555

Valtimo is an open-source business process automation platform. com.ritense.valtimo:document from 12.0.0 to before 12.32.0, com.ritense.valtimo:case from 13.0.0 to before 13.23.0, and com.ritense.valtimo:contract from 13.4.0 to before 13.23.0 evaluate Spring Expression Language SpEL expressions...

9.1CVSS0.00576EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/14 4:55 p.m.12 views

camel-infinispan: camel-infinispan: Remote Code Execution via Unsafe Deserialization

A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream remote aggregation repository. A remote attacker with low privileges could exploit this by sending specially crafted data, leading to arbitrary code execution. This allows the attacker to...

7.5CVSS6.1AI score0.00667EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2026/05/14 4:55 p.m.9 views

Apache MINA: Apache MINA: Arbitrary code execution via classname allowlist bypass

A flaw was found in Apache MINA. A remote attacker could exploit a vulnerability in the AbstractIoBuffer.resolveClass method, which failed to properly validate class names for static classes or primitive types. This bypasses the intended security control, known as a classname allowlist, allowing ...

9.8CVSS7AI score0.0064EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/14 4:55 p.m.19 views

Spring Boot: Spring Boot: Remote code execution via timing attack in DevTools remote secret comparison

A flaw was found in Spring Boot. An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about a remote secret. In extreme circumstances, this could allow the attacker to determine the secret and upload changed classes, leading to...

7.5CVSS6.4AI score0.00262EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/14 4:55 p.m.17 views

Apache Camel: org.apache.camel: Apache Camel: Remote Code Execution and Arbitrary File Write via case-variant header injection

A flaw was found in Apache Camel. A remote attacker with Java Message Service JMS producer access could exploit a vulnerability in how certain header filter strategies process case-variant internal headers. This discrepancy, where filtering is case-sensitive but header processing is not, allows f...

9.9CVSS6.4AI score0.0086EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/14 4:55 p.m.11 views

Apache Camel: camel-jms: camel-sjms: camel-sjms2: camel-amqp: camel-activemq: camel-activemq6: Apache Camel: Remote Code Execution via deserialization of JMS ObjectMessage

A flaw was found in Apache Camel. A remote attacker could exploit a deserialization vulnerability by sending a specially crafted Java Message Service JMS ObjectMessage to a Camel application acting as a JMS consumer. This vulnerability arises because the application deserializes the message paylo...

9.8CVSS6.4AI score0.00881EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/05/14 4:55 p.m.9 views

Apache Camel: camel-coap: Apache Camel camel-coap: Remote code execution via CoAP URI query parameter injection

A flaw was found in Apache Camel's camel-coap component. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted CoAP Constrained Application Protocol UDP User Datagram Protocol packet. The camel-coap component improperly processes URI query parameters,...

10CVSS6.4AI score0.06157EPSS
Exploits1References5
EUVD
EUVD
added 2026/05/14 4:45 p.m.9 views

EUVD-2026-30336

Valtimo is an open-source business process automation platform. com.ritense.valtimo:document from 12.0.0 to before 12.32.0, com.ritense.valtimo:case from 13.0.0 to before 13.23.0, and com.ritense.valtimo:contract from 13.4.0 to before 13.23.0 evaluate Spring Expression Language SpEL expressions...

9.1CVSS5.9AI score0.00576EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/14 4:45 p.m.7 views

CVE-2026-42555

Valtimo is an open-source business process automation platform. com.ritense.valtimo:document from 12.0.0 to before 12.32.0, com.ritense.valtimo:case from 13.0.0 to before 13.23.0, and com.ritense.valtimo:contract from 13.4.0 to before 13.23.0 evaluate Spring Expression Language SpEL expressions...

9.1CVSS5.9AI score0.00576EPSS
Exploits0References2Affected Software4
Cvelist
Cvelist
added 2026/05/14 4:45 p.m.59 views

CVE-2026-42555 Valtimo: SpEL injection via StandardEvaluationContext allows Remote Code Execution by admin users

Valtimo is an open-source business process automation platform. com.ritense.valtimo:document from 12.0.0 to before 12.32.0, com.ritense.valtimo:case from 13.0.0 to before 13.23.0, and com.ritense.valtimo:contract from 13.4.0 to before 13.23.0 evaluate Spring Expression Language SpEL expressions...

9.1CVSS0.00576EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/14 4:45 p.m.5 views

CVE-2026-42555 Valtimo: SpEL injection via StandardEvaluationContext allows Remote Code Execution by admin users

Valtimo is an open-source business process automation platform. com.ritense.valtimo:document from 12.0.0 to before 12.32.0, com.ritense.valtimo:case from 13.0.0 to before 13.23.0, and com.ritense.valtimo:contract from 13.4.0 to before 13.23.0 evaluate Spring Expression Language SpEL expressions...

9.1CVSS5.9AI score0.00576EPSS
Exploits0References1
Rows per page
Query Builder