Lucene search
K

33 matches found

RedHat Linux
RedHat Linux
added 2 days ago3 views

cxf: org.apache.cxf/cxf-rt-transports-jms: Apache CXF: Arbitrary code execution via untrusted JMS configuration

A flaw was found in Apache CXF. This vulnerability, stemming from an incomplete fix for a previous issue, allows untrusted users who can configure Java Message Service JMS for Apache CXF to achieve arbitrary code execution. This could lead to a complete compromise of the affected system...

8.8CVSS6.2AI score0.00646EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2 days ago6 views

Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.18.1.P1 for Spring Boot release.

Red Hat build of Apache Camel 4.18.1.P1 for Spring Boot patch release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

10CVSS7.4AI score0.00944EPSS
Exploits6References33
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-477 PraisonAI has critical RCE via `type: job` workflow YAML

praisonai workflow run loads untrusted YAML and if type: job executes steps through JobWorkflowExecutor in jobworkflow.py. This supports: - run: → shell command execution via subprocess.run - script: → inline Python execution via exec - python: → arbitrary Python script execution A malicious YAML...

9.8CVSS6.2AI score0.00609EPSS
Exploits1References6
CVE
CVE
added 2026/06/19 11:49 a.m.31 views

CVE-2026-53915

CVE-2026-53915 : In JetBrains GoLand prior to 2026.1.3, remote code execution is possible through untrusted project configuration. According to CVSS 3.1 data, the vulnerability has a base score of 7.1 (HIGH) with network attack vector, no privileges required, user interaction required, and both c...

8.8CVSS6.5AI score0.00253EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/12 9:0 a.m.9 views

EUVD-2026-36400

A further incomplete fix for a previous advisory CVE-2026-44417 Untrusted JMS configuration can lead to RCE for Apache CXF has been identified, which can allow code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions...

8.1CVSS5.7AI score0.00646EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.15 views

PT-2026-48851

A further incomplete fix for a previous advisory CVE-2026-44417 Untrusted JMS configuration can lead to RCE for Apache CXF has been identified, which can allow code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions...

5.7AI score0.00646EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.12 views

CVE-2022-49036

An inclusion of functionality from untrusted control sphere vulnerability in OpenSSL configuration in Synology Active Backup for Business Recovery Media Creator before 2.5.0-2081 allows local users to execute arbitrary code via unspecified vectors...

7.8CVSS6AI score0.00123EPSS
Exploits0References1
NVD
NVD
added 2026/06/03 2:16 p.m.18 views

CVE-2026-5241

A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitrary code during model initialization. The issue arises because the trustremotecode parameter, intended to prevent remote code execution, is...

9.6CVSS0.00519EPSS
Exploits1References7
EUVD
EUVD
added 2026/06/03 1:26 p.m.11 views

EUVD-2022-55998

An inclusion of functionality from untrusted control sphere vulnerability in OpenSSL configuration in Synology Active Backup for Business Recovery Media Creator before 2.5.0-2081 allows local users to execute arbitrary code via unspecified vectors...

7.8CVSS6.2AI score0.00123EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/03 12:33 p.m.13 views

EUVD-2026-34084

A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitrary code during model initialization. The issue arises because the trustremotecode parameter, intended to prevent remote code execution, is...

8CVSS7.9AI score0.00519EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/05/26 1:30 p.m.4 views

Apache CXF: Untrusted JMS configuration can lead to RCE

The fix for CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not complete, meaning that another path in the code might lead to code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions 4.2.1...

9.8CVSS7.5AI score0.00793EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/22 12:17 p.m.6 views

CVE-2026-44417

The fix for CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not complete, meaning that another path in the code might lead to code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions 4.2.1...

9.8CVSS7.5AI score0.00793EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/22 12:17 p.m.16 views

EUVD-2026-31432

The fix for CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not complete, meaning that another path in the code might lead to code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions 4.2.1...

9.8CVSS7.5AI score0.00793EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/14 11:22 a.m.56 views

CVE-2026-45205 Apache Commons Configuration: StackOverflowError for YAML input with cycles

Uncontrolled Recursion vulnerability in Apache Commons. When processing an untrusted configuration file, Commons Configuration will throw a StackOverflowError for YAML input with cycles. This issue affects Apache Commons: from 2.2 before 2.15.0. Users are recommended to upgrade to version 2.15.0,...

0.00487EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/14 11:22 a.m.10 views

EUVD-2026-30267

Uncontrolled Recursion vulnerability in Apache Commons. When processing an untrusted configuration file, Commons Configuration will throw a StackOverflowError for YAML input with cycles. This issue affects Apache Commons: from 2.2 before 2.15.0. Users are recommended to upgrade to version 2.15.0,...

5.3CVSS5.8AI score0.00487EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.17 views

PT-2026-40906

Name of the Vulnerable Software and Affected Versions Apache Commons versions 2.2 through 2.14.x Description An uncontrolled recursion issue exists when processing untrusted configuration files. Specifically, the software throws a StackOverflowError—a runtime error that occurs when the call stack...

5.3CVSS5.8AI score0.00487EPSS
Exploits0References25
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.12 views

PraisonAI 代码注入漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.139 and praisonaiagents prior to 1.5.140 contained a code injection vulnerability. This vulnerability stemmed from the workflow engine processing untrusted YAML files, which...

9.8CVSS6AI score0.00609EPSS
Exploits1References1
Snyk
Snyk
added 2026/02/19 8:44 p.m.5 views

Cross-site Scripting (XSS)

Overview pannellum is a lightweight, free, and open source panorama viewer for the web. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the attributes configuration property in hot spots. An attacker can execute arbitrary JavaScript code by supplying a malicious...

6.1CVSS5.8AI score0.00319EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/30 11:45 p.m.7 views

EUVD-2025-205849

theshit vulnerable to unsafe loading of user-owned Python rules when running as root...

6.7CVSS6.5AI score0.0012EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/04 11:9 p.m.5 views

CVE-2025-64109 Cursor CLI Beta: Command Injection via Untrusted MCP Configuration

Cursor is a code editor built for programming with AI. In versions and below, a vulnerability in the Cursor CLI Beta allowed an attacker to achieve remote code execution through the MCP Model Context Protocol server mechanism by uploading a malicious MCP configuration in .cursor/mcp.json file in ...

8.8CVSS7.8AI score0.00471EPSS
Exploits0References1
Rows per page
Query Builder