Lucene search
K

118 matches found

Cvelist
Cvelist
added 2026/02/24 1:27 a.m.22 views

CVE-2026-25966 ImageMagick's Security Policy Bypass through config/policy-secure.xml via "fd handler" leads to stdin/stdout access

ImageMagick is free and open-source software used for editing and manipulating digital images. The shipped "secure" security policy includes a rule intended to prevent reading/writing from standard streams. However, ImageMagick also supports fd: pseudo-filenames e.g., fd:0, fd:1. Prior to version...

5.9CVSS0.00135EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/02/24 1:27 a.m.4 views

CVE-2026-25966

ImageMagick is free and open-source software used for editing and manipulating digital images. The shipped "secure" security policy includes a rule intended to prevent reading/writing from standard streams. However, ImageMagick also supports fd: pseudo-filenames e.g., fd:0, fd:1. Prior to version...

7.8CVSS7.7AI score0.00135EPSS
Exploits0
Snyk
Snyk
added 2026/02/24 1:27 a.m.5 views

Incomplete List of Disallowed Inputs

Overview Magick.NET-Q16-HDRI-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

7.8CVSS6AI score0.00135EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/24 1:27 a.m.6 views

Incomplete List of Disallowed Inputs

Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

7.8CVSS6AI score0.00135EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.6 views

PT-2026-21626

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-15 ImageMagick versions prior to 6.9.13-40 Description ImageMagick is software used for editing and manipulating digital images. The software’s security policy, intended to prevent reading/writing from...

7.8CVSS7.6AI score0.00594EPSS
Exploits0References147
UbuntuCve
UbuntuCve
added 2026/02/24 12:0 a.m.5 views

CVE-2026-25966

ImageMagick is free and open-source software used for editing and manipulating digital images. The shipped "secure" security policy includes a rule intended to prevent reading/writing from standard streams. However, ImageMagick also supports fd: pseudo-filenames e.g., fd:0, fd:1. Prior to version...

7.8CVSS5.9AI score0.00135EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/21 10:0 a.m.6 views

CVE-2026-27576

OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, the ACP bridge accepts very large prompt text blocks and can assemble oversized prompt payloads before forwarding them to chat.send. Because ACP runs over local stdio, this mainly affects local ACP clients for example IDE...

4.8CVSS5.5AI score0.00165EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/19 10:6 p.m.14 views

OpenClaw safeBins stdin-only bypass via sort output and recursive grep flags

Summary tools.exec.safeBins could be bypassed for filesystem access when sort output flags -o / --output or recursive grep flags were allowed through safe-bin execution paths. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.2.19 - Latest published version at triag...

7.1CVSS5.9AI score0.0014EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/01/12 6:1 p.m.5 views

EUVD-2026-2008

LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbitrary commands without validation, allowing any authenticated user to execute shell commands as root inside the container through a single API request. This vulnerability is fix...

9.1CVSS6.8AI score0.03678EPSS
Exploits4References2
OSV
OSV
added 2026/01/12 5:39 p.m.3 views

GO-2026-4292 WeKnora has Command Injection in MCP stdio test in github.com/Tencent/WeKnora

WeKnora has Command Injection in MCP stdio test in github.com/Tencent/WeKnora...

9.9CVSS6.9AI score0.01747EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/01/10 3:41 a.m.2 views

CVE-2026-22688 WeKnora has Command Injection in MCP stdio test

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, there is a command injection vulnerability that allows authenticated users to inject stdioconfig.command/args into MCP stdio settings, causing the server to execute...

9.9CVSS7.2AI score0.01747EPSS
Exploits1References2
OSV
OSV
added 2026/01/10 3:41 a.m.5 views

CVE-2026-22688 WeKnora has Command Injection in MCP stdio test

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, there is a command injection vulnerability that allows authenticated users to inject stdioconfig.command/args into MCP stdio settings, causing the server to execute...

9.9CVSS7.5AI score0.01747EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.5 views

PT-2026-28661

Name of the Vulnerable Software and Affected Versions polkit affected versions not specified Description A flaw exists in polkit where a local user can trigger a denial of service. This occurs by providing a specially crafted, excessively long input to the polkit-agent-helper-1 setuid binary via...

5.5CVSS5.9AI score0.00131EPSS
Exploits0References32
Snyk
Snyk
added 2025/12/03 4:7 p.m.4 views

Exposed Dangerous Method or Function

Overview Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via the sse or streaming transport modes. An attacker can gain unauthorized access to internal resources by tricking a victim into visiting a malicious website or serving a malicious advertisement...

8.3CVSS6.9AI score0.00388EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-33572

Malicious code in bioql PyPI...

4.7CVSS6.8AI score0.00265EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-30286

Malicious code in bioql PyPI...

7.7CVSS6.6AI score0.0034EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/08/04 12:0 a.m.5 views

Amazon Linux 2 : pam (ALAS-2025-2959)

The version of pam installed on the remote host is prior to 1.1.8-23. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2959 advisory. A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to...

4.7CVSS6.7AI score0.00265EPSS
Exploits0References4
OSV
OSV
added 2025/06/06 2:4 p.m.3 views

OESA-2025-1600 pam security update

PAM Pluggable Authentication Modules is a system of libraries that handle the authentication tasks of applications services on the system. Security Fixes: A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by...

4.7CVSS6.8AI score0.00265EPSS
Exploits0References2
OSV
OSV
added 2025/06/06 2:4 p.m.3 views

OESA-2025-1598 pam security update

PAM Pluggable Authentication Modules is a system of libraries that handle the authentication tasks of applications services on the system. Security Fixes: A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by...

4.7CVSS6.8AI score0.00265EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 3:24 p.m.9 views

CVE-2020-27174

In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the serial console buffer can grow its memory usage without limit when data is sent to the standard input. This can result in a memory leak on the microVM emulation thread, possibly occupying more memory than intended on the host...

7.5CVSS7.1AI score0.0172EPSS
Exploits0
Rows per page
Query Builder