Lucene search
K

2566 matches found

ATTACKERKB
ATTACKERKB
added 2026/07/04 1:23 a.m.8 views

CVE-2025-71362

picklescan before 0.0.33 fails to detect unsafe deserialization when numpy.f2py.crackfortran functions call eval on arbitrary strings. Attackers can embed malicious code in pickle files that executes when loaded from untrusted sources...

8.1CVSS6.1AI score0.003EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/04 1:23 a.m.8 views

EUVD-2025-210418

picklescan before 0.0.33 fails to detect unsafe deserialization when numpy.f2py.crackfortran functions call eval on arbitrary strings. Attackers can embed malicious code in pickle files that executes when loaded from untrusted sources...

8.1CVSS6.1AI score0.003EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/04 1:23 a.m.30 views

CVE-2025-71362 picklescan - Arbitrary Code Execution via Unsafe Deserialization in numpy.f2py.crackfortran

picklescan before 0.0.33 fails to detect unsafe deserialization when numpy.f2py.crackfortran functions call eval on arbitrary strings. Attackers can embed malicious code in pickle files that executes when loaded from untrusted sources...

8.1CVSS0.003EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/07/01 9:48 a.m.9 views

CVE-2026-57451

A flaw in Vim allows an attacker to cause a Denial of Service DoS via an application crash. If a user opens a maliciously crafted undo file, an out-of-bounds read is triggered in the gettextprops function due to missing length validation on property counts. Mitigation Users are advised to avoid...

6.1CVSS5.8AI score0.00113EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/07/01 4:43 a.m.11 views

CVE-2026-44018

A flaw was found in Docling, a tool for document processing. The METS-GBS backend, responsible for parsing XML and detecting document formats, lacked sufficient security controls. This allowed an attacker to create specially crafted METS-GBS archives. When these archives were processed, they coul...

7.1CVSS5.8AI score0.00113EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/30 11:5 a.m.7 views

CVE-2026-57081

Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via deeply nested bencoded input. bdecode recurses once per nested list or dictionary level with no depth cap, and each recursive call receives the remaining buffer by value while the list and dictionary branches captu...

7.5CVSS6AI score0.00263EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/30 11:5 a.m.7 views

EUVD-2026-40290

Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via deeply nested bencoded input. bdecode recurses once per nested list or dictionary level with no depth cap, and each recursive call receives the remaining buffer by value while the list and dictionary branches captu...

7.5CVSS6AI score0.00263EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.9 views

PT-2026-53915

Name of the Vulnerable Software and Affected Versions OpenAPI.NET versions 2.0.0-preview11 through 2.7.4 OpenAPI.NET versions 3.0.0 through 3.5.3 Description An issue in the parsing of OpenAPI documents can lead to process termination due to a stack overflow when a document contains a circular...

7.5CVSS5.9AI score0.00695EPSS
Exploits0References11
Github Security Blog
Github Security Blog
added 2026/06/26 4:32 p.m.9 views

Fluentd is Vulnerable to Remote Code Execution (RCE) via Arbitrary File Write in `${tag}` Placeholder

Fluentd allows dynamically constructing file paths using the $tag placeholder. It was discovered that validation for this placeholder was insufficient. If a Fluentd instance is configured to receive logs from untrusted sources and uses the $tag placeholder in file configurations such as the path...

9.8CVSS6.1AI score0.01107EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/26 4:32 p.m.3 views

GHSA-44HJ-4M45-FRJ3 Fluentd is Vulnerable to Remote Code Execution (RCE) via Arbitrary File Write in `${tag}` Placeholder

Fluentd allows dynamically constructing file paths using the $tag placeholder. It was discovered that validation for this placeholder was insufficient. If a Fluentd instance is configured to receive logs from untrusted sources and uses the $tag placeholder in file configurations such as the path...

9.8CVSS6.1AI score0.01107EPSS
Exploits0References3
RubySec
RubySec
added 2026/06/26 12:0 a.m.6 views

Fluentd is Vulnerable to Remote Code Execution (RCE) via Arbitrary File Write in `${tag}` Placeholder

Fluentd allows dynamically constructing file paths using the $tag placeholder. It was discovered that validation for this placeholder was insufficient. If a Fluentd instance is configured to receive logs from untrusted sources and uses the $tag placeholder in file configurations such as the path...

9.8CVSS6.1AI score0.01107EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.18 views

PT-2026-53002

Name of the Vulnerable Software and Affected Versions Fluentd versions prior to 1.19.3 Description Insufficient validation of the $tag placeholder allows for the dynamic construction of file paths that can be manipulated. If an instance is configured to receive logs from untrusted sources and use...

9.8CVSS6.1AI score0.01107EPSS
Exploits0References17
OSV
OSV
added 2026/06/24 5:22 p.m.2 views

CVE-2026-48725 Warp may allow terminal output to access the local clipboard through OSC 52

Warp is an agentic development environment. From 0.2021.04.25.23.05.stable00 until 0.2026.05.06.15.42.stable01, Warp allows terminal output to request access to the local system clipboard. A malicious remote host, remote program, or other attacker-controlled terminal output source can trigger...

8.1CVSS6AI score0.00213EPSS
Exploits0References4
OSV
OSV
added 2026/06/22 9:24 p.m.10 views

GO-2026-5052 Vulnerability in software.sslmate.com/src/go-pkcs12

Users who decode PKCS12 files from untrusted sources and rely on the password for authentication can be tricked into accepting malicious PKCS12 files...

5.9AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/19 7:26 a.m.12 views

CVE-2026-11463

A security flaw has been identified in the USCiLab Cereal library that could affect the security and stability of applications utilizing it. Mitigation Since the vulnerability is triggered by processing malicious payloads, immediately restrict network access or input mechanisms that allow...

7.5CVSS7AI score0.00313EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.16 views

PT-2026-51062

Name of the Vulnerable Software and Affected Versions Stanza version 1.12.0 Description An issue exists where the software attempts to load PyTorch checkpoint files using a safe method but automatically falls back to an unsafe deserialization process when a pickle.UnpicklingError occurs. Because...

7.5CVSS6.2AI score0.00302EPSS
Exploits1References11
Github Security Blog
Github Security Blog
added 2026/06/17 6:35 p.m.9 views

Duplicate Advisory: picklescan missing detection by simple obfuscation of a `builtins.eval` call

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9m3x-qqw2-h32h. This link is maintained to preserve external references. Original Description picklescan before 1.0.1 contains an unsafe deserialization vulnerability allowing unauthenticated users to execute...

9.8CVSS6AI score0.00519EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/17 6:35 p.m.4 views

GHSA-J6C9-QVP8-699F Duplicate Advisory: picklescan missing detection by simple obfuscation of a `builtins.eval` call

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9m3x-qqw2-h32h. This link is maintained to preserve external references. Original Description picklescan before 1.0.1 contains an unsafe deserialization vulnerability allowing unauthenticated users to execute...

9.8CVSS6.1AI score0.00519EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/16 8:59 p.m.9 views

Improper Restriction of Names for Files and Other Resources

Overview yt-dlp is an A youtube-dl fork with additional features and patches Affected versions of this package are vulnerable to Improper Restriction of Names for Files and Other Resources via insufficient sanitization of file extensions during the file download. An attacker can cause arbitrary...

9.6CVSS6.4AI score0.00555EPSS
Exploits1References2
NVD
NVD
added 2026/06/16 8:16 p.m.11 views

CVE-2026-47750

stable-diffusion.cpp is a pure C/C++ library for running diffusion model Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in the GLOBAL opcode...

7.8CVSS0.0018EPSS
Exploits1References3
Rows per page
Query Builder