Lucene search
K

6406 matches found

Vulnrichment
Vulnrichment
added 2026/04/23 12:42 a.m.3 views

CVE-2026-41206 PySpector has a Plugin Code Execution Bypass via Incomplete Static Analysis in PluginSecurity.validate_plugin_code

PySpector is a static analysis security testing SAST Framework engineered for modern Python development workflows. The plugin security validator in PySpector uses AST-based static analysis to prevent dangerous code from being loaded as plugins. Prior to version 0.1.8, the blocklist implemented in...

6.9CVSS6.3AI score0.00185EPSS
Exploits1References3
EUVD
EUVD
added 2026/04/23 12:42 a.m.6 views

EUVD-2026-25160

PySpector is a static analysis security testing SAST Framework engineered for modern Python development workflows. The plugin security validator in PySpector uses AST-based static analysis to prevent dangerous code from being loaded as plugins. Prior to version 0.1.8, the blocklist implemented in...

6.9CVSS6.3AI score0.00185EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.11 views

PT-2026-34681

Summary Requesting a static JS/CSS resource from the astro path with an incorrect or malformed if-match header returns a 500 error with a one-year cache lifetime instead of 412 in some cases. As a result, all subsequent requests to that file — regardless of the if-match header — will be served a...

5.3CVSS5.7AI score0.00238EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2026/04/23 12:0 a.m.6 views

MCP Pitfall Lab: Exposing Developer Pitfalls in MCP Tool Server Security under Multi-Vector Attacks

Model Context Protocol MCP is increasingly adopted for tool-integrated LLM agents, but its multi-layer design and third-party server ecosystem expand risks across tool metadata, untrusted outputs, cross-tool flows, multimodal inputs, and supply-chain vectors. Existing MCP benchmarks largely measu...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/23 12:0 a.m.5 views

CrossCommitVuln-Bench: A Dataset of Multi-Commit Python Vulnerabilities Invisible to Per-Commit Static Analysis

We present CrossCommitVuln-Bench, a curated benchmark of 15 real-world Python vulnerabilities CVEs in which the exploitable condition was introduced across multiple commits - each individually benign to per-commit static analysis - but collectively critical. We manually annotate each CVE with its...

5.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.5 views

PT-2026-34599

PySpector is a static analysis security testing SAST Framework engineered for modern Python development workflows. The plugin security validator in PySpector uses AST-based static analysis to prevent dangerous code from being loaded as plugins. Prior to version 0.1.8, the blocklist implemented in...

6.9CVSS6.3AI score0.00185EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.9 views

PT-2026-34641

Name of the Vulnerable Software and Affected Versions Libgcrypt versions prior to 1.12.2 Description Libgcrypt mishandles Dilithium signing. Specifically, writes to a static array lack a bounds check, although these writes do not use attacker-controlled data. Recommendations Update to version...

4CVSS5.8AI score0.00176EPSS
Exploits0References23
Snyk
Snyk
added 2026/04/22 8:51 p.m.6 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the serveExport process. An attacker can access and exfiltrate sensitive files, including databases and logs, by sending specially crafted requests with double URL encoding to bypass path validation. Details A...

7.1CVSS6.3AI score0.00313EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/22 5:6 p.m.4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper validation in the sanitizePath function. An attacker can access or modify files outside the intended directory boundary by crafting paths that bypass prefix-based checks. Details A Directory Traversal...

8.8CVSS6.3AI score0.00439EPSS
Exploits1References2
Packet Storm News
Packet Storm News
added 2026/04/22 12:0 a.m.4 views

angr 9.2.212

angr is an open-source binary analysis platform for Python. It combines both static and dynamic symbolic "concolic" analysis, providing tools to solve a variety of tasks...

5.7AI score
Exploits0
EUVD
EUVD
added 2026/04/21 3:32 p.m.6 views

EUVD-2025-209539

Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which allows admin users to brute-force decryption of data...

5.8CVSS5.8AI score0.00127EPSS
Exploits0References2
NVD
NVD
added 2026/04/21 3:16 p.m.10 views

CVE-2025-1241

Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which allows admin users to brute-force decryption of data...

5.8CVSS0.00127EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/21 3:1 p.m.4 views

CVE-2026-40498 FreeScout has Authentication Bypass and Information Disclosure in SystemController via /system/cron

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can access diagnostic and system tools that should be restricted to administrators. The /system/cron endpoint relies on a static MD5 hash derived from the APPKEY, which is exposed i...

9.3CVSS5.8AI score0.00571EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/21 2:10 p.m.32 views

CVE-2025-1241 Encryption vulnerable to brute-force decryption in GoAnywhere MFT

Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which allows admin users to brute-force decryption of data...

5.8CVSS0.00127EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/21 2:10 p.m.4 views

CVE-2025-1241

Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which allows admin users to brute-force decryption of data...

5.8CVSS5.8AI score0.00127EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/21 2:10 p.m.5 views

CVE-2025-1241 Encryption vulnerable to brute-force decryption in GoAnywhere MFT

Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which allows admin users to brute-force decryption of data...

5.8CVSS5.8AI score0.00127EPSS
Exploits0References1
CVE
CVE
added 2026/04/21 2:10 p.m.17 views

CVE-2025-1241

CVE-2025-1241 affects Fortra GoAnywhere MFT (prior to 7.10.0) and GoAnywhere Agents (prior to 2.2.0) where a static IV enables brute-force decryption of encrypted values. Impact is confidentiality (high), with network access required and admin privileges needed. Remediation: upgrade to GoAnywhere...

5.8CVSS5.8AI score0.00127EPSS
Exploits0References1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/21 1:57 p.m.7 views

Security Bulletin: There is a vulnerability in vertx-core-4.1.0.jar used by IBM Maximo Asset Management application (CVE-2026-1002)

Summary There is a vulnerability in vertx-core-4.1.0.jar used by IBM Maximo Asset Management application CVE-2026-1002 Vulnerability Details CVEID:CVE-2026-1002 DESCRIPTION: The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler...

6.9CVSS5.7AI score0.00343EPSS
Exploits1Affected Software1
OSV
OSV
added 2026/04/21 9:24 a.m.9 views

SUSE-SU-2026:1520-1 Security update 5.1.3 for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-lusitaniae-apacheexporter: - Internal changes to fix build issues with no impact for customers spacecmd: - Version 5.1.13-0 Updated translation strings uyuni-tools: - Version 5.1.26-0 Fixed applying PTF with images from RPMs bsc1252548 Ssl Key...

8.7CVSS5.7AI score0.00375EPSS
Exploits0References18
SUSE Linux
SUSE Linux
added 2026/04/21 9:20 a.m.7 views

Security update 5.1.3 for Multi-Linux Manager Client Tools

This update fixes the following issues: spacecmd: Version 5.1.13-0 Update translation strings uyuni-tools: Version 5.1.26-0 Fix applying PTF with images from RPMs bsc1252548 Ssl Key file can miss if CA password is blank bsc1254154 mgrpxy ssh tuning should happens before crypto policies bsc1254619...

8.7CVSS5.7AI score0.00375EPSS
Exploits0References36
Rows per page
Query Builder