Lucene search
K

118 matches found

CNNVD
CNNVD
added 2026/04/15 12:0 a.m.9 views

Jaaz 安全漏洞

Jaaz is an AI-driven multi-modal creative design platform developed by 11cafe. Version 1.0.30 of Jaaz contains a security vulnerability, which stems from improper handling of MCP STDIO command execution. This vulnerability could allow remote attackers to execute arbitrary commands...

7.3CVSS6.1AI score0.00344EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/15 12:0 a.m.4 views

CVE-2026-30615

A prompt injection vulnerability in Windsurf 1.9544.26 allows remote attackers to execute arbitrary commands on a victim system. When Windsurf processes attacker-controlled HTML content, malicious instructions can cause unauthorized modification of the local MCP configuration and automatic...

8CVSS6.3AI score0.0026EPSS
Exploits0References2
CVE
CVE
added 2026/04/14 12:3 a.m.29 views

CVE-2026-39417

Affected software : MaxKB, specifically versions 2.7.1 and earlier. Vulnerability details : An incomplete fix for CVE-2025-53928 leaves a Remote Code Execution in the MCP node of the workflow engine. The fix only patched the path loading MCP config from the database; the else branch that loads mc...

5.5CVSS6AI score0.00243EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/13 11:51 p.m.13 views

CVE-2026-33948 jq: Embedded-NUL Truncation in CLI JSON Input Path Causes Prefix-Only Validation of Malformed Input

jq is a command-line JSON processor. Commits before 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b contain a vulnerability where CLI input parsing allows validation bypass via embedded NUL bytes. When reading JSON from files or stdin, jq uses strlen to determine buffer length instead of the actual byte...

6.3CVSS6AI score0.00256EPSS
Exploits1References2
Amazon
Amazon
added 2026/04/13 12:0 a.m.5 views

Medium: polkit

Issue Overview: A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the polkit-agent-helper-1 setuid binary via standard input stdin. This unbounded input can lead to an out-of-memory OOM condition, resulting in a Denial of Service...

5.5CVSS5.8AI score0.00131EPSS
Exploits0
OSV
OSV
added 2026/04/06 5:35 p.m.5 views

MGASA-2026-0085 Updated polkit-122 packages fix security vulnerability

Denial of service via unbounded input processing through standard input. CVE-2026-4897...

5.5CVSS5.9AI score0.00131EPSS
Exploits0References3
Mageia
Mageia
added 2026/04/06 5:35 p.m.7 views

Updated polkit-122 packages fix security vulnerability

Denial of service via unbounded input processing through standard input. CVE-2026-4897...

5.5CVSS5.9AI score0.00131EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/04/02 8:5 a.m.5 views

Polkit: polkit: denial of service via unbounded input processing through standard input

...

5.5CVSS5.9AI score0.00131EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/03/27 12:29 a.m.7 views

SUSE CVE-2026-4897

A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the polkit-agent-helper-1 setuid binary via standard input stdin. This unbounded input can lead to an out-of-memory OOM condition, resulting in a Denial of Service DoS for the...

5.5CVSS5.8AI score0.00131EPSS
Exploits0References10
CVE
CVE
added 2026/03/26 2:56 p.m.48 views

CVE-2026-4897

CVE-2026-4897 describes a vulnerability in polkit where a local user can feed an excessively long input to the setuid binary polkit-agent-helper-1 via stdin. The unbounded input can trigger an out-of-memory condition, leading to a Denial of Service on the system. Affected component: polkit’s help...

5.5CVSS5.7AI score0.00131EPSS
Exploits0References2Affected Software3
Vulnrichment
Vulnrichment
added 2026/03/26 2:56 p.m.3 views

CVE-2026-4897 Polkit: polkit: denial of service via unbounded input processing through standard input

A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the polkit-agent-helper-1 setuid binary via standard input stdin. This unbounded input can lead to an out-of-memory OOM condition, resulting in a Denial of Service DoS for the...

5.5CVSS5.8AI score0.00131EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/24 12:30 a.m.13 views

EUVD-2026-14591

OpenClaw before 2026.2.19 contains a command injection vulnerability in tools.exec.safeBins that allows attackers to bypass stdin-only restrictions using sort output flags or recursive grep flags. Attackers can exploit this to perform arbitrary file writes via sort -o or recursive file reads via...

2CVSS6.1AI score
Exploits0References4
CVE
CVE
added 2026/03/23 9:36 p.m.9 views

CVE-2026-32909

OpenClaw before 2026.2.19 contains a command-injection vulnerability in tools.exec.safeBins that lets an attacker bypass stdin-only restrictions by using sort output flags or recursive grep flags. This can enable arbitrary file writes via sort -o and recursive file reads via grep -R, bypassing th...

6.1AI score
Exploits0
NVD
NVD
added 2026/03/19 2:16 a.m.7 views

CVE-2026-31996

OpenClaw versions prior to 2026.2.19 tools.exec.safeBins contains an input validation bypass vulnerability that allows attackers to execute unintended filesystem operations through sort output flags or recursive grep flags. Attackers with command execution access can leverage sort -o flag for...

7.1CVSS0.0014EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/24 5:31 a.m.5 views

CVE-2026-25966

A flaw was found in ImageMagick. The "secure" security policy, intended to prevent reading and writing from standard streams, can be bypassed. An attacker can exploit this by using fd: pseudo-filenames, which are not properly blocked by the policy. This allows the attacker to circumvent the...

7.8CVSS5.4AI score0.00135EPSS
Exploits0References4
OSV
OSV
added 2026/02/24 2:16 a.m.2 views

DEBIAN-CVE-2026-25966

ImageMagick is free and open-source software used for editing and manipulating digital images. The shipped "secure" security policy includes a rule intended to prevent reading/writing from standard streams. However, ImageMagick also supports fd: pseudo-filenames e.g., fd:0, fd:1. Prior to version...

7.8CVSS7.7AI score0.00135EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/24 1:27 a.m.22 views

CVE-2026-25966 ImageMagick's Security Policy Bypass through config/policy-secure.xml via "fd handler" leads to stdin/stdout access

ImageMagick is free and open-source software used for editing and manipulating digital images. The shipped "secure" security policy includes a rule intended to prevent reading/writing from standard streams. However, ImageMagick also supports fd: pseudo-filenames e.g., fd:0, fd:1. Prior to version...

5.9CVSS0.00135EPSS
Exploits0References1
OSV
OSV
added 2026/02/24 1:27 a.m.4 views

CVE-2026-25966 ImageMagick's Security Policy Bypass through config/policy-secure.xml via "fd handler" leads to stdin/stdout access

ImageMagick is free and open-source software used for editing and manipulating digital images. The shipped "secure" security policy includes a rule intended to prevent reading/writing from standard streams. However, ImageMagick also supports fd: pseudo-filenames e.g., fd:0, fd:1. Prior to version...

5.9CVSS5.9AI score0.00135EPSS
Exploits0References3
Snyk
Snyk
added 2026/02/24 1:27 a.m.5 views

Incomplete List of Disallowed Inputs

Overview Magick.NET-Q16-HDRI-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

7.8CVSS6AI score0.00135EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/24 1:27 a.m.6 views

Incomplete List of Disallowed Inputs

Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

7.8CVSS6AI score0.00135EPSS
Exploits0References2
Rows per page
Query Builder