Lucene search
+L

266 matches found

RedhatCVE
RedhatCVE
added 2026/07/08 11:1 a.m.5 views

CVE-2026-59710

A flaw was found in Showdown. This vulnerability, a stored cross-site scripting XSS issue, allows an attacker to inject malicious code into web pages. By exploiting unescaped table header ID attributes in markdown, an attacker can embed arbitrary HTML and script-executing elements. When untrusted...

6.1CVSS6.1AI score0.00198EPSS
Exploits0References7
NVD
NVD
added 2026/07/06 8:16 p.m.7 views

CVE-2026-50133

Hugo is a static site generator. Prior to 0.162.0, Hugo accepts content files in several markup formats. Files mapped to the text/html media type typically .html files under /content, or pages produced by a content adapter that sets content.mediaType = "text/html" had their body emitted verbatim...

6.1CVSS0.00187EPSS
Exploits0References3
NVD
NVD
added 2026/07/06 8:16 p.m.6 views

CVE-2026-14898

The OpenAI Codex desktop app for macOS rendered remote images from Markdown in model responses. An attacker who could place an indirect prompt injection in content processed by Codex, such as a connected-tool result or another untrusted source, could induce the model to construct a remote image U...

6.5CVSS0.00221EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/06 7:41 p.m.5 views

EUVD-2026-41915

The OpenAI Codex desktop app for macOS rendered remote images from Markdown in model responses. An attacker who could place an indirect prompt injection in content processed by Codex, such as a connected-tool result or another untrusted source, could induce the model to construct a remote image U...

6.1AI score0.00221EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/07/06 7:31 p.m.7 views

CVE-2026-50133

Hugo is a static site generator. Prior to 0.162.0, Hugo accepts content files in several markup formats. Files mapped to the text/html media type typically .html files under /content, or pages produced by a content adapter that sets content.mediaType = "text/html" had their body emitted verbatim...

6.1CVSS5.5AI score0.00187EPSS
Exploits0
OSV
OSV
added 2026/07/06 2:4 a.m.2 views

SUSE-SU-2026:2759-1 Security update for apache2

This update for apache2 fixes the following issues - CVE-2026-29167: modldap per-dir use-after-free bsc1267976. - CVE-2026-29170: modproxyftp XSS bsc1267977. - CVE-2026-34355: modproxyhtml buffer overflow bsc1267978. - CVE-2026-34356: malicious backend servers can lead to a heap-based buffer...

9.8CVSS7.2AI score0.11471EPSS
Exploits8References27
SUSE Linux
SUSE Linux
added 2026/07/02 10:36 p.m.6 views

Security update for apache2

This update for apache2 fixes the following issues CVE-2026-29167: modldap per-dir use-after-free bsc1267976. CVE-2026-29170: modproxyftp XSS bsc1267977. CVE-2026-34355: modproxyhtml buffer overflow bsc1267978. CVE-2026-34356: malicious backend servers can lead to a heap-based buffer overflow...

9.2CVSS6.2AI score0.11471EPSS
Exploits8References52
RedHat Linux
RedHat Linux
added 2026/07/01 9:31 a.m.10 views

httpd: Apache HTTP Server: Heap-based Buffer Overflow via untrusted content in mod_xml2enc

A flaw was found in Apache HTTP Server, specifically within the modxml2enc module. This heap-based buffer overflow vulnerability can be triggered when processing untrusted content through the xml2StartParse function. A remote attacker could potentially exploit this to cause a denial of service,...

7.5CVSS6.4AI score0.00827EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 11:50 a.m.9 views

PYSEC-2026-506 python-statemachine SCXML <data expr> Eval Injection

Summary python-statemachine 3.1.2 evaluates attributes in SCXML documents using Python's eval. Any application that passes attacker-controlled SCXML content to SCXMLProcessor is vulnerable to arbitrary code execution in the context of the hosting process. Details SCXMLProcessor.parsescxmlfile...

9.8CVSS6.5AI score0.01188EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.27 views

Anthropic Claude Code 0.2.54 < 2.1.163 Data Exfiltration (CVE-2026-54316)

The version of Anthropic Claude Code installed on the remote host is 0.2.54 prior to 2.1.163. It is, therefore, affected by a data exfiltration vulnerability. - Because the hostname huggingface.co was pre-approved as a bare hostname for the WebFetch tool, any path on that domain including...

9.1CVSS6.1AI score0.00403EPSS
Exploits0References2
OSV
OSV
added 2026/06/23 5:6 p.m.4 views

CVE-2026-54316 Claude Code: Out-of-Band Data Exfiltration via Pre-Approved HuggingFace Domain in WebFetch

Claude Code is an agentic coding tool. From 0.2.54 until 2.1.163, because the hostname huggingface.co was pre-approved as a bare hostname for the WebFetch tool, any path on that domain—including attacker-controlled model repositories—was auto-approved without a permission prompt or being subject ...

6CVSS6AI score0.00403EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/19 5:45 p.m.11 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the default code block rendering. An attacker can execute arbitrary JavaScript in the context of users viewing generated pages by supplying a crafted code-fence language info-string containing malicious...

5.4CVSS5.9AI score0.00172EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/18 2:43 p.m.7 views

CVE-2026-42536

A flaw was found in Apache HTTP Server, specifically within the modxml2enc module. This heap-based buffer overflow vulnerability can be triggered when processing untrusted content through the xml2StartParse function. A remote attacker could potentially exploit this to cause a denial of service,...

7.5CVSS6AI score0.00827EPSS
Exploits0References4
OSV
OSV
added 2026/06/18 2:28 p.m.9 views

GHSA-V4JC-PM6R-3VJ8 python-statemachine SCXML <data expr> Eval Injection

Summary python-statemachine 3.1.2 evaluates attributes in SCXML documents using Python's eval. Any application that passes attacker-controlled SCXML content to SCXMLProcessor is vulnerable to arbitrary code execution in the context of the hosting process. Details SCXMLProcessor.parsescxmlfile...

9.8CVSS6.2AI score0.01188EPSS
Exploits1References5
Snyk
Snyk
added 2026/06/17 6:6 p.m.7 views

Covert Storage Channel

Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Covert Storage Channel via the...

9.1CVSS5.9AI score0.00403EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.21 views

PT-2026-50594

Name of the Vulnerable Software and Affected Versions Claude Code versions 0.2.54 through 2.1.162 Description The WebFetch tool pre-approved the hostname 'huggingface.co' as a bare hostname, allowing any path on that domain to be auto-approved without a permission prompt or restrictions from...

6CVSS5.9AI score0.00403EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2026/06/11 5:46 p.m.21 views

New Attacks Trick OpenClaw AI Agent Into Running Code and Leaking Secrets

Two security teams have shown, in separate research published this week, that OpenClaw, the popular self-hosted AI agent, can be driven to run attacker-controlled code or hand over sensitive data through ordinary-looking inputs. Imperva buried instructions inside shared contacts, vCards, and...

5.7AI score
Exploits0
OSV
OSV
added 2026/06/10 8:39 a.m.11 views

BIT-APACHE-2026-42536 Apache HTTP Server: mod_xml2enc heap overflow

Heap-based Buffer Overflow vulnerability in Apache HTTP Server with modxml2enc, xml2StartParse, and untrusted content This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

7.5CVSS5.4AI score0.00827EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/06/10 2:28 a.m.10 views

SUSE CVE-2026-42536

Heap-based Buffer Overflow vulnerability in Apache HTTP Server with modxml2enc, xml2StartParse, and untrusted content This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

5.3CVSS5.4AI score0.00827EPSS
Exploits0References9
NVD
NVD
added 2026/06/08 4:16 p.m.17 views

CVE-2026-42536

Heap-based Buffer Overflow vulnerability in Apache HTTP Server with modxml2enc, xml2StartParse, and untrusted content This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

7.5CVSS0.00827EPSS
Exploits0References7
Rows per page
Query Builder