Lucene search
K

1939 matches found

EUVD
EUVD
added 2026/06/29 12:16 p.m.7 views

EUVD-2026-40078

SzafirHost verifies the downloaded native library archive with one JarFile parser reading the Central Directory but extracts native libraries with JarInputStream parser reading sequentially from local file headers. An attacker who controls the served archive can insert a malicious DLL/SO/DYLIB as...

8.6CVSS6AI score0.00418EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 9:46 p.m.9 views

EUVD-2026-38048

php-weasyprint: shell command injection via configurable WeasyPrint binary path due to inverted isexecutable guard mirror of KnpLabs/snappy GHSA-vpr4-p6fq-85jc...

8.2CVSS5.8AI score0.00154EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/26 9:5 p.m.13 views

EUVD-2026-37950

Relyra SAML SignatureValue not cryptographically verified - authentication bypass...

9.1CVSS5.8AI score0.00135EPSS
Exploits0References4
NVD
NVD
added 2026/06/26 8:17 p.m.7 views

CVE-2026-44733

OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, Business Logic Error on OpenProject through PATCH request to /api/v3/users/me permits to bypass password requirements. A password validation flaw in the change password behavior allows attackers to chan...

5.9CVSS0.00175EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 6:54 p.m.8 views

CVE-2026-52785

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, there is a SQL injection in timestamps functionality. OpenProject baseline comparison allows callers to request historic work-package attributes using the timestamps parameter. This vulnerability is fix...

9.9CVSS5.8AI score0.00221EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/26 5:16 p.m.8 views

CVE-2026-57231

Podman is a tool for managing OCI containers and pods. From 1.8.1 until 5.8.4, a container image that contains a environment variable with just a key and no value can trick podman into passing that variable from the host into the container. This is made worse by the fact that using an asterisk wi...

7.5CVSS0.0026EPSS
Exploits0References2
CVE
CVE
added 2026/06/26 4:29 p.m.24 views

CVE-2026-57231

CVE-2026-57231 affects Podman versions 1.8.1 through 5.8.4, where a container image with an Env entry having only a key (and using the * wildcard) can cause host environment variables to be leaked into the container at run time. The PTSecurity document confirms the issue is addressed in Podman 5....

7.5CVSS5.8AI score0.0026EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/26 4:19 p.m.9 views

EUVD-2026-39801

Dokku is a docker-powered PaaS. Prior to 0.38.2, the app name validation regex ^a-z0-9^/:A-Z$ permits shell metacharacters. When an authenticated user pushes to a git remote with a crafted app name, the name is embedded unquoted into a bash pre-receive hook script via an unquoted heredoc EOF...

9CVSS6AI score0.00234EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52883

Name of the Vulnerable Software and Affected Versions Envoy versions 1.34.0 through 1.35.12 Envoy versions 1.36.0 through 1.36.8 Envoy versions 1.37.0 through 1.37.4 Envoy versions 1.38.0 through 1.38.2 Description Envoy crashes when an ext proc server sends a single gRPC message containing...

6.5CVSS5.7AI score0.00444EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/25 9:41 p.m.26 views

CVE-2025-71340 picklescan - Remote Code Execution via idlelib.pyshell.ModifiedInterpreter.runcode

picklescan through 0.0.26 fails to detect malicious pickle files that invoke idlelib.pyshell.ModifiedInterpreter.runcode in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when the file is loaded via pickle.load, enabling supply chain attacks o...

8.1CVSS0.003EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 7:51 p.m.8 views

EUVD-2026-38384

MessagePack-CSharp: JSON conversion APIs can recurse without consistent depth enforcement...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 7:16 p.m.8 views

CVE-2026-54092

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, unchecked passwords maximums allow for an arbitrarily large password to be passed into the login API. This spikes CPU and memory, and after...

6.5CVSS0.00484EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/25 6:47 p.m.24 views

CVE-2026-50548 Cursor Desktop sandbox escape via agent-controlled working directory

Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by default, and the sandbox grants write access to the command's working directory. A flaw was identified in how the agent could modify the workingdirectory parameter, which could...

9.3CVSS0.00637EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 5:16 p.m.7 views

EUVD-2026-39499

jq is a command-line JSON processor. Prior to 1.8.2, on 32bit system, jvpstringappend has a chance of integer/multiple overflowing and then causing a massive buffer overrun. This vulnerability is fixed in 1.8.2...

6.9CVSS6AI score0.00103EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 4:44 p.m.22 views

CVE-2026-55699

CVE-2026-55699 affects pnpm. Prior to versions 10.34.2 and 11.5.3, manifest bin object keys such as "", ".", and ".." could bypass the bin-name guard. In a scenario where a malicious global package is installed, downstream global remove/update/add-replacement flows could re-derive those names and...

6.5CVSS5.9AI score0.00286EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2026/06/25 4:41 p.m.24 views

CVE-2026-55487

CVE-2026-55487 affects pnpm. Prior to versions 10.34.2 and 11.5.3, the generic peer-suffix normalizer could strip parenthesized text from git, URL, tarball, file, and other opaque locators, allowing approval for one source string to authorize an attacker-controlled source whose locator normalizes...

8.8CVSS5.9AI score0.00118EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.34 views

PT-2026-52617

Name of the Vulnerable Software and Affected Versions picklescan versions prior to 0.0.30 Description The software fails to detect malicious pickle files that invoke idlelib.pyshell.ModifiedInterpreter.runcode within reduce methods. This allows attackers to embed undetected code in pickle files...

8.1CVSS6AI score0.003EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.12 views

PT-2026-52513

Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.34.0 pnpm versions prior to 11.4.0 Description pnpm passes the git resolution.commit value from the lockfile to the git fetch command without using a -- separator or performing commit-format validation. When git...

6.4CVSS5.9AI score0.0018EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.12 views

PT-2026-52588

Name of the Vulnerable Software and Affected Versions wolfSSL versions prior to 5.9.1 Description The PKCS7 decode path fails to respect the caller-supplied output buffer size outputSz. This allows decoded content to be written beyond the boundaries of the provided buffer, leading to a buffer...

5.3CVSS6.2AI score0.00256EPSS
Exploits0References6
NVD
NVD
added 2026/06/24 9:16 p.m.8 views

CVE-2026-33235

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions prior to 0.6.52, the Fill Text Template block is vulnerable to a Denial of Service DoS attack. While the backend implements a SandboxedEnvironment to prevent...

7.7CVSS0.0031EPSS
Exploits0References2
Rows per page
Query Builder