Lucene search
K

58 matches found

OSV
OSV
added 2026/06/24 5:38 p.m.3 views

GHSA-7FQ5-7WR8-RJWJ OliveTin has a Concurrent Template Parsing Race Condition which Leads to Cross-Request Command Contamination

Summary OliveTin's template engine uses a single shared text/template.Template instance tpl package-level variable in service/internal/tpl/templates.go across all goroutines. Every action execution calls tpl.Parsesource followed by t.Execute on this shared instance with no synchronization. When t...

7.5CVSS6.1AI score0.00401EPSS
Exploits0References5
CVE
CVE
added 2026/06/02 3:23 p.m.29 views

CVE-2026-45676

CVE-2026-45676 affects OpenTelemetry eBPF Instrumentation (OBI). Before version 0.9.0, OBI’s replacement ELF parser trusts section offsets, counts, and string offsets from the executable, allowing a crafted local ELF to trigger invalid dereferences or out-of-bounds slicing in the parser. The vuln...

5.5CVSS5.8AI score0.00162EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/05/26 12:0 a.m.19 views

CVE-2026-48690

CVE-2026-48690 affects FastNetMon Community Edition up to v1.2.9. The issue is an integer overflow in the packet capture buffer allocation: allocate_buffer() computes memory_size_in_bytes as buffer_size_in_packets * (max_captured_packet_size + sizeof(fastnetmon_pcap_pkthdr_t)) + sizeof(fastnetmon...

7.1CVSS6AI score0.00116EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/18 5:56 p.m.10 views

GHSA-WP73-MWGF-4JQ9 OpenTelemetry eBPF Instrumentation: Unsafe fastelf parsing allows malformed ELF to crash agent

Summary OBI's replacement ELF parser trusts section offsets, counts, and string offsets from the executable file. A crafted local ELF can make OBI dereference invalid section pointers or slice past string tables, causing the agent to panic while determining the process language. Details...

5.5CVSS5.9AI score0.00162EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/05/18 5:56 p.m.23 views

OpenTelemetry eBPF Instrumentation: Unsafe fastelf parsing allows malformed ELF to crash agent

Summary OBI's replacement ELF parser trusts section offsets, counts, and string offsets from the executable file. A crafted local ELF can make OBI dereference invalid section pointers or slice past string tables, causing the agent to panic while determining the process language. Details...

5.5CVSS5.9AI score0.00162EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/05/08 2:16 p.m.11 views

CVE-2026-41497

PraisonAI is a multi-agent teams system. Prior to version 4.6.9, the fix for PraisonAI's MCP command handling does not add a command allowlist or argument validation to parsemcpcommand, allowing arbitrary executables like bash, python, or /bin/sh with inline code execution flags to pass through t...

9.8CVSS0.00541EPSS
Exploits2References2
Cvelist
Cvelist
added 2026/04/13 6:10 p.m.16 views

CVE-2026-40042 Pachno 1.0.6 Wiki TextParser XML External Entity Injection

Pachno 1.0.6 contains an XML external entity injection vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting unsafe XML parsing in the TextParser helper. Attackers can inject malicious XML entities through wiki table syntax and inline tags in issue descriptions...

9.8CVSS0.00373EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.8 views

Chamilo LMS 代码问题漏洞

Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Code vulnerabilities existed in versions prior to Chamilo LMS 1.11.38 and 2.0.0-RC.3. These vulnerabilities...

6.5CVSS6AI score0.0022EPSS
Exploits0References4
CVE
CVE
added 2026/04/08 8:45 p.m.17 views

CVE-2026-39890

Prais onAI’s AgentService.loadAgentFromFile parses YAML with js-yaml without disabling dangerous tags (e.g., !!js/function, !!js/undefined), enabling attacker to upload a malicious agent definition and achieve remote code execution on the server. Affected software: PraisonAI (before 4.5.115). Roo...

9.8CVSS6.6AI score0.0058EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/12 8:57 p.m.5 views

GO-2026-4670 OliveTin's unsafe parsing of UniqueTrackingId can be used to write files in github.com/OliveTin/OliveTin

OliveTin's unsafe parsing of UniqueTrackingId can be used to write files in github.com/OliveTin/OliveTin...

8.5CVSS5.8AI score0.00712EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/03/06 7:45 p.m.7 views

CVE-2026-24457

An unsafe parsing of OpenMQ's configuration, allows a remote attacker to read arbitrary files from a MQ Broker's server. A full exploitation could read unauthorized files of the OpenMQ’s host OS. In some scenarios RCE could be achieved...

9.8CVSS5.9AI score0.00616EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/05 9:30 p.m.10 views

EUVD-2026-9839

An unsafe parsing of OpenMQ's configuration, allows a remote attacker to read arbitrary files from a MQ Broker's server. A full exploitation could read unauthorized files of the OpenMQ’s host OS. In some scenarios RCE could be achieved...

9.1CVSS6AI score0.00616EPSS
Exploits0References2
NVD
NVD
added 2026/03/05 7:16 p.m.11 views

CVE-2026-24457

An unsafe parsing of OpenMQ's configuration, allows a remote attacker to read arbitrary files from a MQ Broker's server. A full exploitation could read unauthorized files of the OpenMQ’s host OS. In some scenarios RCE could be achieved...

9.8CVSS0.00616EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/05 4:27 p.m.7 views

CVE-2026-24457

An unsafe parsing of OpenMQ's configuration, allows a remote attacker to read arbitrary files from a MQ Broker's server. A full exploitation could read unauthorized files of the OpenMQ’s host OS. In some scenarios RCE could be achieved...

9.1CVSS5.9AI score0.00616EPSS
Exploits0References1
CVE
CVE
added 2026/03/05 4:27 p.m.15 views

CVE-2026-24457

CVE-2026-24457: OpenMQ unsafe parsing of configuration allows a remote attacker to read arbitrary files on the MQ Broker server, potentially reading host OS files. In some scenarios, RCE could be achieved. Metrics indicate CVSS v3.1 base score 9.1 (CRITICAL) with NETWORK attack vector, LOW attack...

9.8CVSS6AI score0.00616EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.10 views

PT-2026-23475

Name of the Vulnerable Software and Affected Versions OpenMQ affected versions not specified Description An unsafe parsing of OpenMQ’s configuration allows a remote attacker to read arbitrary files from a MQ Broker’s server. Full exploitation could lead to reading unauthorized files from the Open...

9.1CVSS6.4AI score0.00616EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/07 7:31 p.m.9 views

CVE-2026-23739

A flaw was found in Asterisk. The astxmlopen function in xml.c processes XML documents using libxml with unsafe parsing options, enabling entity expansion and XInclude processing. A remote attacker can exploit this by providing specially crafted XML input, leading to XML External Entity XXE or...

6.5CVSS5.6AI score0.00176EPSS
Exploits0References4
NVD
NVD
added 2026/02/06 5:16 p.m.7 views

CVE-2026-23739

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the astxmlopen function in xml.c parses XML documents using libxml with unsafe parsing options that enable entity expansion and XInclude processing...

6.5CVSS0.00176EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/06 4:42 p.m.6 views

CVE-2026-23739

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the astxmlopen function in xml.c parses XML documents using libxml with unsafe parsing options that enable entity expansion and XInclude processing...

2CVSS5.4AI score0.00176EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/02/06 4:42 p.m.28 views

CVE-2026-23739

CVE-2026-23739 concerns Asterisk’s ast_xml_open() in xml.c, which parses XML using libxml with unsafe options (XML_PARSE_NOENT) and later processes XIncludes, enabling external entity processing. If untrusted XML is provided, this can trigger XML External Entity (XXE) or XInclude-based local file...

6.5CVSS5.4AI score0.00176EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder