Lucene search
K

21 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.19 views

CVE-2026-50076

Deserialization of Untrusted Data in the Java replace-resolve path in Apache Fory fory-core Java SDK before 1.1.0 on Java/JVM platforms allows a remote attacker to bypass class registration, TypeChecker, and DisallowedList checks and invoke classpath-present readResolve/readExternal hooks via...

9.1CVSS5.5AI score0.0052EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.12 views

CVE-2026-7400

A security vulnerability has been detected in geekgod382 filesystem-mcp-server 1.0.0. This issue affects the function ispathallowed of the file server.py of the component readfiletool/writefiletool. Such manipulation leads to path traversal. The attack can be launched remotely. The exploit has be...

7.5CVSS6.7AI score0.0043EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.9 views

PT-2026-35977

A security vulnerability has been detected in geekgod382 filesystem-mcp-server 1.0.0. This issue affects the function is path allowed of the file server.py of the component read file tool/write file tool. Such manipulation leads to path traversal. The attack can be launched remotely. The exploit...

7.5CVSS6.9AI score0.0043EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.7 views

PT-2026-35682

A vulnerability was detected in AgiFlow scaffold-mcp up to 1.0.27. Affected by this issue is some unknown functionality of the file packages/scaffold-mcp/src/server/index.ts of the component write-to-file Tool. The manipulation of the argument file path results in path traversal. The attack may b...

7.5CVSS5.1AI score0.00448EPSS
Exploits0References8
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/29 1:46 p.m.5 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses on-headers-1.0.2.tgz which is vulnerable to CVE-2025-7339.

Summary IBM Maximo Application Suite - Monitor Component uses on-headers-1.0.2.tgz which is vulnerable to CVE-2025-7339. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-7339 DESCRIPTION: on-headers is a node.js middleware for listening to when...

3.4CVSS6.1AI score0.00174EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/28 7:16 p.m.6 views

Security Bulletin: Astronomer with IBM is vulnerable to unbounded memory allocation due to the axios package (CVE-2025-58754)

Summary Axios is used by Astronomer with IBM as part of the HTTP processing functionality. Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL wi...

7.5CVSS6.4AI score0.0106EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/28 7:14 p.m.4 views

Security Bulletin: Astronomer with IBM is vulnerable to cross-site scripting due to the markdown-it package (CVE-2025-7969)

Summary Markdown-it is used by Astronomer with IBM as part of markdown parsing functionality. Vulnerability Details CVEID:CVE-2025-7969 DESCRIPTION: Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in markdown-it allows Cross-Site Scripting...

6.9CVSS5.9AI score0.00229EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/28 7:8 p.m.9 views

Security Bulletin: Astronomer with IBM is vulnerable to resource allocation abuse due to the pdfmake package (CVE-2025-11362)

Summary Pdfmake is used by Astronomer with IBM as part of document processing functionality. Vulnerability Details CVEID:CVE-2025-11362 DESCRIPTION: Versions of the package pdfmake before 0.3.0-beta.17 are vulnerable to Allocation of Resources Without Limits or Throttling via repeatedly redirect...

8.7CVSS6.6AI score0.00331EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/28 7:5 p.m.7 views

Security Bulletin: Astronomer with IBM is vulnerable to network segmentation abuse due to the moby package (CVE-2025-54410)

Summary Moby is used by Astronomer with IBM as part of container management. Vulnerability Details CVEID:CVE-2025-54410 DESCRIPTION: Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream...

5.2CVSS6.5AI score0.00152EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/28 7:4 p.m.7 views

Security Bulletin: Astronomer with IBM is vulnerable to session security compromise due to the CIRCL package (CVE-2025-8556)

Summary CIRCL is used by Astronomer with IBM as part of crytographic processing functionality. Vulnerability Details CVEID:CVE-2025-8556 DESCRIPTION: A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via...

3.7CVSS6.7AI score0.00485EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/20 2:28 p.m.5 views

Security Bulletin: Astronomer with IBM is vulnerable to uncontrolled recursion due to the Apache Commons Lang package ( CVE-2025-48924)

Summary Apache Commons Lang is used by Astronomer with IBM as part of overall processing. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6...

5.3CVSS6.1AI score0.02164EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/20 2:27 p.m.6 views

Security Bulletin: Astronomer with IBM is vulnerable to authorization bypass due to the Kubernetes NodeRestriction functionality (CVE-2025-4563)

Summary Kubernetes is used by Astronomer with IBM as part of overall processing and deployment. Vulnerability Details CVEID:CVE-2025-4563 DESCRIPTION: A vulnerability exists in the NodeRestriction admission controller where nodes can bypass dynamic resource allocation authorization checks. When t...

2.7CVSS7.6AI score0.0065EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/20 2:24 p.m.5 views

Security Bulletin: Astronomer with IBM is vulnerable to unrestricted filesystem writes due to the tar-fs package (CVE-2025-48387)

Summary Tar-fs is used by Astronomer with IBM as part of tar file processing. Vulnerability Details CVEID:CVE-2025-48387 DESCRIPTION: tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside the specified dir...

8.7CVSS5.7AI score0.00474EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/19 2:27 p.m.5 views

Security Bulletin: Astronomer with IBM is vulnerable to HTTP parameter pollution due to the form-data package (CVE-2025-7783)

Summary Form-data is used by Astronomer with IBM as part of the HTTP processing functionality. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program...

9.4CVSS6.6AI score0.01735EPSS
Exploits1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-26205

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.01349EPSS
Exploits0References6
Intel
Intel
added 2025/08/12 12:0 a.m.7 views

Intel® AI for Enterprise Retrieval-augmented Generation Software Advisory

Summary: A potential security vulnerability in some Intel® AI for Enterprise Retrieval-augmented Generation software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2025-24923 Description:...

6.7CVSS7.4AI score0.00126EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/07 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-7339

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions 1.1.0 may result in response headers being...

3.4CVSS6.1AI score0.00174EPSS
Exploits0References4
Snyk
Snyk
added 2025/01/01 6:38 a.m.3 views

Improper Authorization

Overview PyNinja is a Lightweight OS-agnostic service monitoring API Affected versions of this package are vulnerable to Improper Authorization due to the ability to access the '/monitor' page, which exposes sensitive information. Remediation Upgrade PyNinja to version 1.1.0 or higher. References...

5.4CVSS6.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/09/30 12:0 a.m.9 views

PT-2024-32459 · Unknown · Basic-Auth-Connect

Name of the Vulnerable Software and Affected Versions: basic-auth-connect versions prior to 1.1.0 Description: The issue concerns a timing-unsafe equality comparison in basic-auth-connect that can leak timing information. This comparison can potentially allow an attacker to observe differences in...

8.7CVSS8.7AI score0.00518EPSS
Exploits1References14
Positive Technologies
Positive Technologies
added 2023/05/26 12:0 a.m.5 views

PT-2023-23721 · Unknown · Cloudexplorer Lite

Name of the Vulnerable Software and Affected Versions: CloudExplorer Lite versions prior to 1.1.0 Description: The issue concerns a cloud management platform where organization/workspace permissions are not properly checked, allowing users to add themselves to any organization. This has been fixe...

7.1CVSS6.7AI score0.00382EPSS
Exploits0References5
Rows per page
Query Builder