Lucene search
K

344 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in JQuery

In jQuery, starting from version 1.12.0 and before 3.5.0, passing HTML from untrusted sources—even after sanitizing it—to one of jQuery’s DOM manipulation methods e.g., .html, .append, etc. may execute untrusted code. This issue has been fixed in jQuery 3.5.0...

6.9CVSS6.6AI score0.99019EPSS
Exploits7References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.10 views

VMware Spring Boot 信任管理问题漏洞

VMware Spring Boot is an open-source framework developed by the American company VMware. There are security vulnerabilities related to trust management in versions of VMware Spring Boot 4.0.0 to 4.0.6, 3.5.0 to 3.5.14, and 3.4.0 to 3.4.16. These vulnerabilities stem from the automatic email...

5CVSS5.3AI score0.00123EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 8:48 p.m.42 views

CVE-2026-45136 claude-code-cache-fix: Local code execution via Python triple-quote injection in tools/quota-statusline.sh

claude-code-cache-fix is a cache optimization proxy for Claude Code. From 3.5.0 to before 3.5.2, tools/quota-statusline.sh introduced in v3.5.0 interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled field of th...

8.6CVSS0.00188EPSS
Exploits1References3
Patchstack
Patchstack
added 2026/05/13 3:31 p.m.9 views

NPM: claude-code-cache-fix vulnerable to local code execution via Python triple-quote injection in tools/quota-statusline.sh

NPM: claude-code-cache-fix vulnerable to local code execution via Python triple-quote injection in tools/quota-statusline.sh vulnerability discovered by ? in WordPress Npm claude-code-cache-fix versions = 3.5.0, 3.5.2...

8.6CVSS6.2AI score0.00188EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/13 3:31 p.m.11 views

claude-code-cache-fix vulnerable to local code execution via Python triple-quote injection in tools/quota-statusline.sh

Summary tools/quota-statusline.sh introduced in v3.5.0 interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled field of the payload closes the literal early and lets following bytes execute as Python in the user...

8.6CVSS6.3AI score0.00188EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2026/04/15 4:17 a.m.7 views

CVE-2026-39884

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Versions 3.4.0 and prior contain an argument injection vulnerability in the portforward tool in src/tools/portforward.ts, where a kubectl command is constructed via string concatenation with user-controlle...

8.3CVSS0.00258EPSS
Exploits0References2
CVE
CVE
added 2026/04/14 11:25 p.m.17 views

CVE-2026-39884

The CVE-2026-39884 entry concerns mcp-server-kubernetes (Model Context Protocol server for Kubernetes) with a vulnerability in the port_forward tool (src/tools/port_forward.ts). The code builds a kubectl command by string concatenation using user-controlled input and naively splits on spaces befo...

8.3CVSS5.9AI score0.00258EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/14 11:25 p.m.26 views

CVE-2026-39884 MCP Server Kubernetes has Argument Injection in its port_forward tool via space-splitting

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Versions 3.4.0 and prior contain an argument injection vulnerability in the portforward tool in src/tools/portforward.ts, where a kubectl command is constructed via string concatenation with user-controlle...

8.3CVSS0.00258EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/14 11:25 p.m.6 views

CVE-2026-39884 MCP Server Kubernetes has Argument Injection in its port_forward tool via space-splitting

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Versions 3.4.0 and prior contain an argument injection vulnerability in the portforward tool in src/tools/portforward.ts, where a kubectl command is constructed via string concatenation with user-controlle...

8.3CVSS5.9AI score0.00258EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/12 12:0 a.m.5 views

RGui 代码问题漏洞

RGui is a web interface system for cloud platform management and resource visualization operations by The R Foundation. Version RGui 3.5.0 has a code vulnerability; this vulnerability stems from a local buffer overflow in the GUI preferences dialog box, which may allow arbitrary code to be execut...

8.6CVSS6.2AI score0.00188EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.7 views

Guardian 安全漏洞

Guardian is a policy-based digital asset management and verification platform developed by Hedera. Versions of Guardian 3.5.0 and earlier contain security vulnerabilities. These vulnerabilities stem from unshaded JavaScript execution within custom logic policy blocks in the worker threads, which...

8.8CVSS6.3AI score0.00545EPSS
Exploits0References2
OSV
OSV
added 2026/04/01 9:17 p.m.4 views

DEBIAN-CVE-2026-34873

An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session...

9.1CVSS5.2AI score0.00241EPSS
Exploits0References1
OSV
OSV
added 2026/04/01 9:27 a.m.13 views

CLEANSTART-2026-UB49656 Security fixes for CVE-2026-24051, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, ghsa-9h8m-3fm2-qjrq, ghsa-p77j-4mvh-x3m3 applied in versions: 3.5.0-r0, 3.5.0-r1

Multiple security vulnerabilities affect the fluent-operator-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

9.1CVSS6.9AI score0.01557EPSS
Exploits1References11
Cvelist
Cvelist
added 2026/04/01 12:0 a.m.26 views

CVE-2026-34873

An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session...

0.00241EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/06 4:30 p.m.2 views

CVE-2026-29075 Mesa: Checking out of untrusted code in `benchmarks.yml` workflow may lead to code execution in privileged runner

Mesa is an open-source Python library for agent-based modeling, simulating complex systems and exploring emergent behaviors. In version 3.5.0 and prior, checking out of untrusted code in benchmarks.yml workflow may lead to code execution in privileged runner. This issue has been patched via commi...

8.3CVSS6.1AI score0.0037EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/17 12:0 a.m.7 views

TÜBİTAK BİLGEM Liderahenk 访问控制错误漏洞

TÜBİTAK BİLGEM Liderahenk is a central management system of the Turkish company TÜBİTAK BİLGEM. Versions 3.3.1 and earlier, including 3.5.0, had access control vulnerabilities due to the lack of authentication for key functions, which could lead to remote code execution...

6.1CVSS6.2AI score0.00248EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.5 views

PT-2026-20269

Name of the Vulnerable Software and Affected Versions Liderahenk versions 3.0.0 through 3.3.1 Description A missing authentication check for a critical function in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows for Remote Code Inclusion. The issue impacts the software’s...

6.1CVSS6.1AI score0.00248EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/21 1:23 a.m.3 views

CVE-2025-15521 Academy LMS – WordPress LMS Plugin for Complete eLearning Solution <= 3.5.0 - Unauthenticated Privilege Escalation via Account Takeover

The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.5.0. This is due to the plugin not properly validating a user's identity prior to updating their password...

9.8CVSS5.8AI score0.00354EPSS
Exploits1References2
CVE
CVE
added 2026/01/21 1:23 a.m.32 views

CVE-2025-15521

The CVE-2025-15521 entry describes an unauthenticated privilege-escalation in the Academy LMS – WordPress LMS Plugin for Complete eLearning Solution, affecting versions up to 3.5.0. The root cause is improper identity validation during password updates: the reset handler accepts a publicly expose...

9.8CVSS5.8AI score0.00354EPSS
In wildExploits1References2
EUVD
EUVD
added 2026/01/21 1:23 a.m.9 views

EUVD-2026-3698

The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.5.0. This is due to the plugin not properly validating a user's identity prior to updating their password...

9.8CVSS5.8AI score0.00354EPSS
Exploits1References3
Rows per page
Query Builder