Lucene search
K

81 matches found

OSV
OSV
added 3 days ago3 views

ROOT-OS-UBUNTU-2204-CVE-2025-37863 CVE-2025-37863 in rootio-linux - Patched by Root

Root has patched CVE-2025-37863 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

5.5CVSS7.5AI score0.00222EPSS
Exploits0
OSV
OSV
added 2026/06/30 11:39 p.m.2 views

BIT-ENVOY-2026-48042 Envoy: Stack overflow in destructor of highly nested JSON

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, destructor of JSON Object results in stack overflow when deeply O100K nested objects are present. This vulnerability is fixed in 1.35.11, 1.36.7, 1.37.3, and 1.38.1...

7.5CVSS5.8AI score0.00557EPSS
Exploits1References3
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-509 qdrant input validation failure

qdrant/qdrant version 1.9.0-dev is vulnerable to arbitrary file read and write during the snapshot recovery process. Attackers can exploit this vulnerability by manipulating snapshot files to include symlinks, leading to arbitrary file read by adding a symlink that points to a desired file on the...

9.8CVSS7.4AI score0.00901EPSS
Exploits1References6
CVE
CVE
added 2026/06/26 4:48 p.m.27 views

CVE-2026-55441

CVE-2026-55441 affects the Mise toolchain. The root cause is that, prior to 2026.6.4, task-include files loaded from directories without config files bypass trust checks and render task fields with a Terraform-like template engine that registers an exec() function. If a directory contains a task-...

8.6CVSS5.9AI score0.00184EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 4:33 p.m.35 views

CVE-2026-48529 GitHub MCP Server: Lockdown mode singleton in HTTP server causes cross-user GraphQL client confusion

GitHub MCP Server is GitHub's official MCP Server. From 0.22.0 until 1.1.2, when running in HTTP mode with --lockdown-mode enabled, the RepoAccessCache is implemented as a process-global singleton initialized with the first authenticated user's GraphQL client. All subsequent requests from differe...

6CVSS0.00205EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 6:16 p.m.11 views

CVE-2026-54679

jq is a command-line JSON processor. Prior to 1.8.2, on 32bit system, jvpstringappend has a chance of integer/multiple overflowing and then causing a massive buffer overrun. This vulnerability is fixed in 1.8.2...

6.9CVSS0.00103EPSS
Exploits0References1
CVE
CVE
added 2026/06/21 6:0 a.m.20 views

CVE-2026-12782

The CVE-2026-12782 entry concerns EaseUS Partition Master (up to 14.5). The affected component is EUEDKEPM.sys (Kernel Driver); a flaw in an unknown function leads to improper access controls. It requires local access to exploit, and an exploit has been publicly released. Impact is described as h...

8.5CVSS6.6AI score0.00109EPSS
Exploits0References6
OSV
OSV
added 2026/06/05 5:16 p.m.3 views

ALPINE-CVE-2026-48111

7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an off-by-one out-of-bounds read vulnerability in the ParseDepedencyExpression function of the UEFI firmware image parserCPP/7zip/Archive/UefiHandler.cpp. The function validates an attacker-controlled opco...

7.1CVSS5.2AI score0.00225EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/27 6:53 p.m.44 views

CVE-2026-45108 Himmelblau: Authentication Bypass via Cross-User Local Session Impersonation in Device Authorization Grant (DAG) Flow

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 2.0.0 to before 3.1.5 and 2.3.11, Himmelblau contained an authentication bypass vulnerability in the Device Authorization Grant DAG flow that allowed a user within the same Entra ID domain to obtain a local Unix...

8.4CVSS0.00246EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/26 8:14 p.m.13 views

CVE-2026-40127

OutSystems Lifetime is vulnerable to Authorization Bypass Through User-Controlled Key vulnerability in ApplicationID parameter. Any authenticated user, can read the Change Log containing actions performed by other users as well as application name of any application. This issue was fixed in...

5.3CVSS5.8AI score0.00319EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/19 4:21 p.m.14 views

EUVD-2026-30039

protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.16 views

PT-2026-40819

Name of the Vulnerable Software and Affected Versions ERPNext versions prior to 15.101.1 ERPNext versions prior to 16.10.0 Description An improper limitation of a pathname to a restricted directory, known as path traversal, allows an authenticated adjacent attacker to read arbitrary files via an...

6.5CVSS5.9AI score0.00363EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/14 11:31 p.m.7 views

CVE-2026-39963 Serendipity: Host Header Injection enables authentication cookie scoping to an attacker-controlled domain

Serendipity is a PHP-powered weblog engine. In versions 2.6-beta2 and below, the serendipitysetCookie function in include/functionsconfig.inc.php uses $SERVER'HTTPHOST' without validation as the domain parameter of setcookie. An attacker who can influence the Host header at login time, such as vi...

6.9CVSS5.7AI score0.00224EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/04/14 11:25 p.m.8 views

SUSE CVE-2026-34983

Wasmtime is a runtime for WebAssembly. In 43.0.0, cloning a wasmtime::Linker is unsound and can result in use-after-free bugs. This bug is not controllable by guest Wasm programs. It can only be triggered by a specific sequence of embedder API calls made by the host. Specifically, the following...

1CVSS5.8AI score0.00117EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.8 views

PT-2026-31783

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /api/v1/runs endpoint accepts an arbitrary webhook url in the request body with no URL validation. When a submitted job completes success or failure, the server makes an HTTP POST request to this URL using httpx.AsyncClient. An...

7.2CVSS6.1AI score0.0028EPSS
Exploits1References5
CVE
CVE
added 2026/04/06 8:41 p.m.19 views

CVE-2026-34972

OpenFGA vulnerability CVE-2026-34972 affects OpenFGA versions 1.8.0 through 1.13.1. The issue arises when BatchCheck is invoked with multiple checks for the same object, relation, and user, leading to improper policy enforcement. It is resolved in version 1.14.0. CVSS metrics indicate high impact...

8.8CVSS5.9AI score0.00211EPSS
Exploits0References1Affected Software2
Debian CVE
Debian CVE
added 2026/03/27 7:54 p.m.9 views

CVE-2026-33870

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Versions 4.1.132.Final and 4.2.10.Final fi...

7.5CVSS8.2AI score0.0064EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.6 views

CVE-2026-30986

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow write in CIccMatrixMath::SetRange causing memory corruption or crash. This vulnerability is fixed in 2.3.1.5...

5.5CVSS6AI score0.00164EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/25 11:46 p.m.4 views

EUVD-2026-16046

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, missing authorization in the AJAX deletion endpoint interface/forms/procedureorder/handledeletions.php allows any authenticated user, regardless of role, to...

7.1CVSS5.8AI score0.00415EPSS
Exploits1References3
CVE
CVE
added 2026/03/23 11:29 p.m.19 views

CVE-2026-33176

CVE-2026-33176 — Active Support (Rails) number helpers incorrectly accept strings containing scientific notation (e.g., 1e10000). When expanded by BigDecimal, this can trigger extremely large decimal representations, leading to excessive memory and CPU usage and a potential DoS. The patch is incl...

8.7CVSS5.8AI score0.0061EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder