Lucene search
K

252779 matches found

RedHat Linux
RedHat Linux
added 2026/05/14 5:23 p.m.15 views

OpenEXR: OpenEXR: Arbitrary code execution and information disclosure via crafted EXR file

A flaw was found in OpenEXR, an image storage format for the motion picture industry. A remote attacker could exploit an integer overflow vulnerability in the internalexrundopiz function by providing a specially crafted EXR file. This flaw leads to out-of-bounds reads and writes, which may allow...

8.8CVSS6.3AI score0.00482EPSS
Exploits1References5
NVD
NVD
added 2026/05/14 5:16 p.m.13 views

CVE-2026-44827

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, diffusers 0.37.0 allows remote code execution without the trustremotecode=True safeguard when loading pipelines from Hugging Face Hub repositories. The resolvecustompipelineandcls function in pipelineloadingutils.py...

8.8CVSS0.00562EPSS
Exploits1References1
OSV
OSV
added 2026/05/14 5:16 p.m.12 views

PYSEC-2026-41

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, diffusers 0.37.0 allows remote code execution without the trustremotecode=True safeguard when loading pipelines from Hugging Face Hub repositories. The resolvecustompipelineandcls function in pipelineloadingutils.py...

8.8CVSS6.5AI score0.00562EPSS
Exploits1References1
PyPA
PyPA
added 2026/05/14 5:16 p.m.17 views

PYSEC-2026-41

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, diffusers 0.37.0 allows remote code execution without the trustremotecode=True safeguard when loading pipelines from Hugging Face Hub repositories. The resolvecustompipelineandcls function in pipelineloadingutils.py...

8.8CVSS6.5AI score0.00562EPSS
Exploits1References1Affected Software1
PyPA
PyPA
added 2026/05/14 5:16 p.m.13 views

PYSEC-2026-40

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trustremotecode bypass in DiffusionPipeline.frompretrained allows arbitrary remote code execution despite the user passing trustremotecode=False or omitting it, which is the default. The vulnerability has three variant...

8.8CVSS6.5AI score0.00865EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/05/14 5:16 p.m.11 views

PYSEC-2026-40

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trustremotecode bypass in DiffusionPipeline.frompretrained allows arbitrary remote code execution despite the user passing trustremotecode=False or omitting it, which is the default. The vulnerability has three variant...

8.8CVSS6.5AI score0.00865EPSS
Exploits1References1
NVD
NVD
added 2026/05/14 5:16 p.m.36 views

CVE-2026-44513

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trustremotecode bypass in DiffusionPipeline.frompretrained allows arbitrary remote code execution despite the user passing trustremotecode=False or omitting it, which is the default. The vulnerability has three variant...

8.8CVSS0.00865EPSS
Exploits1References4
NVD
NVD
added 2026/05/14 5:16 p.m.13 views

CVE-2026-42555

Valtimo is an open-source business process automation platform. com.ritense.valtimo:document from 12.0.0 to before 12.32.0, com.ritense.valtimo:case from 13.0.0 to before 13.23.0, and com.ritense.valtimo:contract from 13.4.0 to before 13.23.0 evaluate Spring Expression Language SpEL expressions...

9.1CVSS0.00576EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/14 4:55 p.m.11 views

Apache Camel: camel-jms: camel-sjms: camel-sjms2: camel-amqp: camel-activemq: camel-activemq6: Apache Camel: Remote Code Execution via deserialization of JMS ObjectMessage

A flaw was found in Apache Camel. A remote attacker could exploit a deserialization vulnerability by sending a specially crafted Java Message Service JMS ObjectMessage to a Camel application acting as a JMS consumer. This vulnerability arises because the application deserializes the message paylo...

9.8CVSS6.4AI score0.00881EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/05/14 4:55 p.m.18 views

Apache Camel: org.apache.camel: Apache Camel: Remote Code Execution and Arbitrary File Write via case-variant header injection

A flaw was found in Apache Camel. A remote attacker with Java Message Service JMS producer access could exploit a vulnerability in how certain header filter strategies process case-variant internal headers. This discrepancy, where filtering is case-sensitive but header processing is not, allows f...

9.9CVSS6.4AI score0.0086EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/14 4:55 p.m.12 views

camel-infinispan: camel-infinispan: Remote Code Execution via Unsafe Deserialization

A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream remote aggregation repository. A remote attacker with low privileges could exploit this by sending specially crafted data, leading to arbitrary code execution. This allows the attacker to...

7.5CVSS6.1AI score0.00667EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2026/05/14 4:55 p.m.9 views

Apache MINA: Apache MINA: Arbitrary code execution via classname allowlist bypass

A flaw was found in Apache MINA. A remote attacker could exploit a vulnerability in the AbstractIoBuffer.resolveClass method, which failed to properly validate class names for static classes or primitive types. This bypasses the intended security control, known as a classname allowlist, allowing ...

9.8CVSS7AI score0.0064EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/14 4:55 p.m.19 views

Spring Boot: Spring Boot: Remote code execution via timing attack in DevTools remote secret comparison

A flaw was found in Spring Boot. An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about a remote secret. In extreme circumstances, this could allow the attacker to determine the secret and upload changed classes, leading to...

7.5CVSS6.4AI score0.00262EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/14 4:55 p.m.9 views

Apache Camel: camel-coap: Apache Camel camel-coap: Remote code execution via CoAP URI query parameter injection

A flaw was found in Apache Camel's camel-coap component. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted CoAP Constrained Application Protocol UDP User Datagram Protocol packet. The camel-coap component improperly processes URI query parameters,...

10CVSS6.4AI score0.06157EPSS
Exploits1References5
EUVD
EUVD
added 2026/05/14 4:45 p.m.9 views

EUVD-2026-30336

Valtimo is an open-source business process automation platform. com.ritense.valtimo:document from 12.0.0 to before 12.32.0, com.ritense.valtimo:case from 13.0.0 to before 13.23.0, and com.ritense.valtimo:contract from 13.4.0 to before 13.23.0 evaluate Spring Expression Language SpEL expressions...

9.1CVSS5.9AI score0.00576EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/14 4:45 p.m.7 views

CVE-2026-42555

Valtimo is an open-source business process automation platform. com.ritense.valtimo:document from 12.0.0 to before 12.32.0, com.ritense.valtimo:case from 13.0.0 to before 13.23.0, and com.ritense.valtimo:contract from 13.4.0 to before 13.23.0 evaluate Spring Expression Language SpEL expressions...

9.1CVSS5.9AI score0.00576EPSS
Exploits0References2Affected Software4
Vulnrichment
Vulnrichment
added 2026/05/14 4:45 p.m.5 views

CVE-2026-42555 Valtimo: SpEL injection via StandardEvaluationContext allows Remote Code Execution by admin users

Valtimo is an open-source business process automation platform. com.ritense.valtimo:document from 12.0.0 to before 12.32.0, com.ritense.valtimo:case from 13.0.0 to before 13.23.0, and com.ritense.valtimo:contract from 13.4.0 to before 13.23.0 evaluate Spring Expression Language SpEL expressions...

9.1CVSS5.9AI score0.00576EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/14 4:45 p.m.59 views

CVE-2026-42555 Valtimo: SpEL injection via StandardEvaluationContext allows Remote Code Execution by admin users

Valtimo is an open-source business process automation platform. com.ritense.valtimo:document from 12.0.0 to before 12.32.0, com.ritense.valtimo:case from 13.0.0 to before 13.23.0, and com.ritense.valtimo:contract from 13.4.0 to before 13.23.0 evaluate Spring Expression Language SpEL expressions...

9.1CVSS0.00576EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/14 4:37 p.m.57 views

TanStack Start - Server Core: Inbound server-function request deserialization could invoke a sibling client-referenced server function

Summary A type-confusion bug in seroval ≤ 1.5.2 upstream advisory allowed a crafted JSON body sent to one TanStack Start server function to trigger invocation of a different client-referenced server function as a side effect of deserializing the request payload. This is not an authentication bypa...

6.1AI score
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/05/14 4:33 p.m.9 views

EUVD-2026-30332

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, diffusers 0.37.0 allows remote code execution without the trustremotecode=True safeguard when loading pipelines from Hugging Face Hub repositories. The resolvecustompipelineandcls function in pipelineloadingutils.py...

8.8CVSS6.5AI score0.00562EPSS
Exploits1References1
Rows per page
Query Builder