Lucene search
+L

42 matches found

Positive Technologies
Positive Technologies
added 4 days ago11 views

PT-2026-60388

Name of the Vulnerable Software and Affected Versions view component versions 4.0.0 through 4.11.0 Description ViewComponent::Base instances retain render-scoped objects across calls to the render in function. If the same component, collection, or spacer component instance is reused across...

6.8CVSS5.3AI score0.00312EPSS
Exploits0References9
OSV
OSV
added 2026/07/09 12:55 p.m.3 views

OESA-2026-2971 gzip security update

gzip is a single-file/stream lossless data compression utility, where the resulting compressed file generally has the suffix .gz. Security Fixes: GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the...

7.5CVSS6.2AI score0.00294EPSS
Exploits0References3
Snyk
Snyk
added 2026/07/04 3:15 p.m.7 views

Protection Mechanism Failure

Overview fickling is an A static analyzer and interpreter for Python pickle data Affected versions of this package are vulnerable to Protection Mechanism Failure due to shared mutable state in the shortencode function. An attacker can execute arbitrary code by providing a malicious pickle payload...

9.8CVSS6.3AI score0.00321EPSS
Exploits1References2
EUVD
EUVD
added 2026/07/04 1:31 p.m.10 views

EUVD-2026-41676

In Trail of Bits fickling versions up to and including 0.1.11, the UnsafeImportsML analysis pass unconditionally calls AnalysisContext.shortencodenode on every import node it inspects, regardless of whether the import is flagged as unsafe. This call registers the shortened code representation in...

8.8CVSS5.9AI score0.00321EPSS
Exploits1References4
OSV
OSV
added 2026/07/04 1:31 p.m.4 views

CVE-2026-14535 Fickling MLAllowlist analysis pass rendered inoperative by shared mutable state in AnalysisContext.shorten_code()

In Trail of Bits fickling versions up to and including 0.1.11, the UnsafeImportsML analysis pass unconditionally calls AnalysisContext.shortencodenode on every import node it inspects, regardless of whether the import is flagged as unsafe. This call registers the shortened code representation in...

8.8CVSS5.9AI score0.00321EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/07/04 12:0 a.m.15 views

PT-2026-55705

Name of the Vulnerable Software and Affected Versions Trail of Bits fickling versions prior to 0.1.12 Description An issue exists where the UnsafeImportsML analysis pass unconditionally calls the AnalysisContext.shorten codenode function on every import node. This action populates a shared...

8.8CVSS6.2AI score0.00321EPSS
Exploits1References14
ATTACKERKB
ATTACKERKB
added 2026/06/30 7:55 p.m.7 views

CVE-2026-10140

IBM Langflow OSS 1.0.0 through 1.10.0 voice mode contains improper shared-state handling that allows reuse of API clients across tenant boundaries. An authenticated attacker can manipulate cache state to cause requests from other users to be processed using incorrect upstream API credentials,...

9.6CVSS5.8AI score0.00201EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/30 7:55 p.m.9 views

EUVD-2026-40403

IBM Langflow OSS 1.0.0 through 1.10.0 voice mode contains improper shared-state handling that allows reuse of API clients across tenant boundaries. An authenticated attacker can manipulate cache state to cause requests from other users to be processed using incorrect upstream API credentials,...

9.6CVSS5.8AI score0.00201EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.7 views

PT-2026-53957

Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.10.0 Description The voice mode contains improper shared-state handling, which allows API clients to be reused across tenant boundaries. An authenticated attacker can manipulate the cache state, causin...

9.6CVSS6AI score0.00201EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/29 10:15 a.m.8 views

CVE-2026-41992 Global Buffer Overflow in GNU gzip

GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different decompression formats within a single execution. GNU gzip maintains a global array that is shared across the LZ77, LZW, and LZH decompression...

6.9CVSS6AI score0.00294EPSS
Exploits0References3
CVE
CVE
added 2026/06/29 10:15 a.m.31 views

CVE-2026-41992

GNU gzip is affected by a global buffer overflow in the LZH decompression logic caused by reusing a shared global state across LZ77/LZW/LZH within a single run. The vulnerability arises from a global array not reinitialized between files, enabling an attacker to deplete or poison the shared state...

7.5CVSS6AI score0.00294EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/29 10:15 a.m.5 views

CVE-2026-41992

GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different decompression formats within a single execution. GNU gzip maintains a global array that is shared across the LZ77, LZW, and LZH decompression...

6.9CVSS6AI score0.00294EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/29 10:15 a.m.13 views

EUVD-2026-40069

GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different decompression formats within a single execution. GNU gzip maintains a global array that is shared across the LZ77, LZW, and LZH decompression...

6.9CVSS6AI score0.00294EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/29 10:15 a.m.56 views

CVE-2026-41992 Global Buffer Overflow in GNU gzip

GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different decompression formats within a single execution. GNU gzip maintains a global array that is shared across the LZ77, LZW, and LZH decompression...

6.9CVSS0.00294EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/06/29 10:15 a.m.10 views

CVE-2026-41992

GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different decompression formats within a single execution. GNU gzip maintains a global array that is shared across the LZ77, LZW, and LZH decompression...

7.5CVSS6AI score0.00294EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.13 views

PT-2026-53256

Name of the Vulnerable Software and Affected Versions GNU gzip affected versions not specified Description An issue exists in the LZH decompression logic where shared global state is improperly reused between different decompression formats during a single execution. The software maintains a glob...

7.5CVSS6AI score0.00294EPSS
Exploits0References14
NVD
NVD
added 2026/06/26 9:16 a.m.11 views

CVE-2026-11625

Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the functional interface is used, then the internal state for the PRNG is shared across processes and identical random streams will be produced...

7.5CVSS0.00309EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/06/26 8:7 a.m.9 views

CVE-2026-11625

Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the functional interface is used, then the internal state for the PRNG is shared across processes and identical random streams will be produced...

7.5CVSS5.8AI score0.00309EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/26 8:7 a.m.7 views

CVE-2026-11625 Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes

Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the functional interface is used, then the internal state for the PRNG is shared across processes and identical random streams will be produced...

5.8AI score0.00309EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/26 8:7 a.m.10 views

EUVD-2026-39640

Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the functional interface is used, then the internal state for the PRNG is shared across processes and identical random streams will be produced...

7.5CVSS5.7AI score0.00447EPSS
Exploits0References4
Rows per page
Query Builder