Lucene search
K

21 matches found

CVE
CVE
added 2026/05/12 8:41 p.m.18 views

CVE-2026-44246

The CVE concerns nnU-Net (MIC-DKFZ/nnUNet) before version 2.4.1. The issue lies in the nnU-Net Issue Triage workflow at .github/workflows/issue-triage.yml, which sets allowed_non_write_users: ${{ github.event.issue.user.login }}. This allows any logged-in GitHub user opening an issue to reach an ...

7.2CVSS5.8AI score0.00058EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/05/06 7:49 p.m.26 views

CVE-2026-43578 OpenClaw 2026.3.31 < 2026.4.10 - Privilege Escalation via Missed Async Exec Completion Events in Heartbeat Owner Downgrade

OpenClaw versions 2026.3.31 before 2026.4.10 contain a privilege escalation vulnerability where heartbeat owner downgrade detection misses local background async exec completion events. Attackers can exploit this by providing untrusted completion content to leave a run in a more privileged contex...

9.1CVSS0.0008EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/06 7:49 p.m.5 views

CVE-2026-43578 OpenClaw 2026.3.31 < 2026.4.10 - Privilege Escalation via Missed Async Exec Completion Events in Heartbeat Owner Downgrade

OpenClaw versions 2026.3.31 before 2026.4.10 contain a privilege escalation vulnerability where heartbeat owner downgrade detection misses local background async exec completion events. Attackers can exploit this by providing untrusted completion content to leave a run in a more privileged contex...

9.1CVSS5.8AI score0.0008EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.9 views

PT-2026-37634

HCL BigFix Service Management SM does not adequately sanitize or safely render spreadsheet files CSV, XLS, XLSX before processing or distributing them. An attacker could populate data fields which, when saved to a CSV file, may attempt information exfiltration or other malicious activity when...

4.6CVSS5.8AI score0.00034EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/23 12:33 p.m.31 views

CVE-2025-66286 Webkitgtk: authorization bypass through webpage::send-request signal handler

An API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly perform IP connections, DNS lookups, and HTTP requests. Applications expect to use the WebPage::send-request signal handler to approve or reject all network requests. However, certain types of HTTP request...

4.7CVSS0.00033EPSS
Exploits0References3
OSV
OSV
added 2026/04/17 9:48 p.m.3 views

GHSA-G375-H3V6-4873 OpenClaw: Heartbeat owner downgrade missed local async exec completion events

Summary Heartbeat owner downgrade missed local async exec completion events. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.3.31 = 2026.4.10 Impact Local background exec completion text could be missed by heartbeat owner-downgrade detection, leaving ...

6CVSS5.7AI score
Exploits0References4
Snyk
Snyk
added 2026/04/07 3:52 p.m.3 views

Exposure of Resource to Wrong Sphere

Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere via the window.open function. An attacker can gain access to or...

8.8CVSS5.9AI score0.00025EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/07 3:52 p.m.2 views

Exposure of Resource to Wrong Sphere

Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere via the window.open function. An attacker can gain access to or manipulate the browsin...

8.8CVSS5.9AI score0.00025EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/10 6:31 p.m.2 views

EUVD-2026-10457

SAP NetWeaver Enterprise Portal Administration is vulnerable if a privileged user uploads untrusted or malicious content that, upon deserialization, could result in a high impact on the confidentiality, integrity, and availability of the host system...

9.1CVSS5.8AI score0.00066EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.3 views

SAP NetWeaver Enterprise Portal Administration 代码问题漏洞

SAP NetWeaver Enterprise Portal Administration is an access control software developed by the German company SAP. There is a code vulnerability in SAP NetWeaver Enterprise Portal Administration. This vulnerability arises from privileged users uploading untrusted or malicious content, which may...

9.1CVSS6.9AI score0.00066EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.3 views

PT-2026-6763

Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 2.0.57 Description Claude Code, an agentic coding tool, did not properly validate directory changes when combined with write operations to protected folders. Utilizing the cd command to navigate into sensitive...

9.1CVSS5.5AI score0.00243EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/01/27 4:1 p.m.19 views

CVE-2025-15467

Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS...

8.8CVSS8.5AI score0.02889EPSS
Exploits7References7Affected Software1
NVD
NVD
added 2026/01/10 3:15 a.m.3 views

CVE-2025-59057

React Router is a router for React. In @remix-run/react versions 1.15.0 through 2.17.0. and react-router versions 7.0.0 through 7.8.2, a XSS vulnerability exists in in React Router's meta/ APIs in Framework Mode when generating script:ld+json tags which could allow arbitrary JavaScript execution...

7.6CVSS0.0001EPSS
Exploits0References1
Snyk
Snyk
added 2026/01/08 8:42 p.m.1 views

Cross-site Scripting (XSS)

Overview @remix-run/react is a React DOM bindings for Remix Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Meta API in Framework Mode when generating script:ld+json tags during server-side rendering with untrusted content. An attacker can execute arbitrary...

7.6CVSS5.4AI score0.0001EPSS
Exploits0References2
NVD
NVD
added 2025/12/03 7:15 p.m.1 views

CVE-2025-66032

Claude Code is an agentic coding tool. Prior to 1.0.93, Due to errors in parsing shell commands related to $IFS and short CLI flags, it was possible to bypass the Claude Code read-only validation and trigger arbitrary code execution. Reliably exploiting this requires the ability to add untrusted...

9.8CVSS0.00039EPSS
Exploits0References1
Snyk
Snyk
added 2025/09/23 12:0 a.m.1 views

Out-of-Bounds

Overview Affected versions of this package are vulnerable to Out-of-Bounds due to improper memory handling. An attacker can cause a process crash or potentially execute arbitrary code by tricking a user into processing or loading malicious web content. Note: This is only exploitable if packages...

8.8CVSS7.5AI score0.00139EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/07/07 2:28 a.m.0 views

webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution

A vulnerability was found in WebKitGTK. A use-after-free may lead to Remote Code Execution. Users are advised to avoid processing untrusted web content in WebKitGTK...

6.5CVSS5.8AI score0.00513EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/05/09 6:26 a.m.3 views

nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service

A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch function to retrieve content from an untrusted URL. The vulnerability stems from the fetch function in Node.js that always decodes Brotli, making it possible for an attacker to caus...

6.5CVSS7.3AI score0.00636EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/03/06 3:38 p.m.4 views

parsson: Denial of Service due to large number parsing

A flaw was found in Eclipse Parsson library when processing untrusted source content. This issue may cause a Denial of Service DoS due to built-in support for parsing numbers with a large scale, and some cases where processing a large number may take much more time than expected...

7.5CVSS7.1AI score0.0015EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2024/03/06 3:32 p.m.2 views

parsson: Denial of Service due to large number parsing

A flaw was found in Eclipse Parsson library when processing untrusted source content. This issue may cause a Denial of Service DoS due to built-in support for parsing numbers with a large scale, and some cases where processing a large number may take much more time than expected...

7.5CVSS7.1AI score0.0015EPSS
Exploits1References4
Rows per page
Query Builder