Lucene search
K

4754 matches found

NVD
NVD
added 2026/06/23 5:16 p.m.6 views

CVE-2026-11940

tarfile.extractall with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name than the hardlink itself. The extraction fallback validated the symlink at it's archived location but recreated it at the hardlink's shallower...

7.8CVSS0.00613EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/06/23 5:10 p.m.11 views

Gogs has Path Traversal in organization name that results in RCE through Git hooks

Summary Organization names containing path traversal sequences ../ are accepted by Gogs, and repositories under them are written to paths following these path traversals. This allows storing/retrieving data for repositories at arbitrary locations on the filesystem. By creating nested structure of...

10CVSS6.1AI score0.01107EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/06/23 4:4 p.m.5 views

EUVD-2026-38490

tarfile.extractall with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name than the hardlink itself. The extraction fallback validated the symlink at it's archived location but recreated it at the hardlink's shallower...

7.8CVSS6.6AI score0.00767EPSS
Exploits2References7
OSV
OSV
added 2026/06/23 4:4 p.m.6 views

PSF-2026-30

tarfile.extractall with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name than the hardlink itself. The extraction fallback validated the symlink at it's archived location but recreated it at the hardlink's shallower...

7.8CVSS5.8AI score0.00767EPSS
Exploits2References8
CVE
CVE
added 2026/06/23 3:35 p.m.16 views

CVE-2026-56693

NanoClaw prior to version 2.1.17 contains a privilege-escalation flaw in the create_agent delivery-action handler. It performs privileged central-database writes without host-side authorization checks, enabling confined agent containers to invoke create_agent to create arbitrary agent groups, con...

6.8CVSS6AI score0.00113EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/23 3:35 p.m.7 views

EUVD-2026-38465

NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the createagent delivery-action handler that performs privileged central-database writes without host-side authorization checks. Confined agent containers can invoke createagent to create arbitrary agent groups, container...

6.8CVSS6AI score0.00113EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/22 11:15 p.m.4 views

Missing Authorization

Overview @budibase/server is a Budibase Web Server Affected versions of this package are vulnerable to Missing Authorization via the getSignedUploadURL process. An attacker can perform unauthorized arbitrary object uploads to S3 buckets by sending crafted requests to the unauthenticated endpoint,...

7.4CVSS5.9AI score0.0029EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/06/22 11:15 p.m.18 views

Budibase: Unauthenticated S3 signed upload URL generation allows arbitrary writes with stored datasource credentials

The application server exposes an unauthenticated endpoint that generates S3 PutObject presigned URLs using credentials stored in a workspace datasource. The route is protected only by the recaptcha middleware and does not require authentication, table permission, datasource permission, or builde...

7.4CVSS6AI score0.0029EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/06/22 2:30 p.m.2 views

OPENSUSE-SU-2026:21024-1 Security update for sed

This update for sed fixes the following issue - CVE-2026-5958: a TOCTOU race can allow to read attacker-controlled content and write it to an unintended file bsc1262144...

2.1CVSS5.8AI score0.00142EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/22 1:43 p.m.9 views

CVE-2026-52908

A flaw was found in the Linux kernel. This vulnerability occurs during the re-registration of a Remote Direct Memory Access RDMA memory region. If the memory's access permissions are changed from read-only to read-write, the system may fail to properly update and secure the underlying user memory...

7.8CVSS5.6AI score0.00129EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/22 5:55 a.m.6 views

postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write

A flaw was found in PostgreSQL. An integer overflow in multiple server features allows an unprivileged database user to cause an undersized memory allocation that leads to an out-of-bounds write. This issue allows an attacker to execute arbitrary code as the operating system user running the...

8.8CVSS6.2AI score0.00668EPSS
Exploits0References5
OSV
OSV
added 2026/06/22 5:39 a.m.5 views

BIT-DOTNET-SDK-2026-32175 .NET Core Tampering Vulnerability

A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the...

4.3CVSS6AI score0.00711EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.31 views

RockyLinux 8 : kernel-rt (RLSA-2026:27354)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:27354 advisory. kernel: Linux kernel: Use-after-free in bonding driver leads to denial of service CVE-2026-31419 kernel: drm/amd/display: Do not skip unrelated mode...

9.8CVSS6.8AI score0.00353EPSS
Exploits11References17
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.9 views

Oracle Linux 8 : kernel (ELSA-2026-27353)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-27353 advisory. - net/sched: fix pedit partial COW leading to page cache corruption Ivan Vecera RHEL-177582 CVE-2026-46331 - net/sched: actpedit: free pedit keys on...

9.8CVSS7.1AI score0.00353EPSS
Exploits11References9
Tenable Nessus
Tenable Nessus
added 2026/06/21 12:0 a.m.10 views

RHEL 8 : kernel (RHSA-2026:27353)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:27353 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel: Use-after-free ...

9.8CVSS6.7AI score0.00353EPSS
Exploits11References18
OSV
OSV
added 2026/06/20 6:52 a.m.2 views

SUSE-SU-2026:22226-1 Security update for mcphost

This update for mcphost fixes the following issues - CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-42502,CVE-2026-42506: golang.org/x/net/html: multiple issues when parsing HTML files bsc1267109. - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad...

10CVSS5.9AI score0.00781EPSS
Exploits0References25
Github Security Blog
Github Security Blog
added 2026/06/19 8:46 p.m.5 views

CoreWCF: Kafka consume pump halts permanently on a Kafka tombstone (null-value record), causing persistent endpoint denial of service.

Impact A CoreWCF service is running and listening on a Kafka topic receiving a null-value record will stop processing new records from that topic. Preconditions The attacker has produce/write permission on a topic that CoreWCF is consuming from. If the broker permits anonymous publishes, no...

6.5CVSS5.9AI score0.00336EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/19 8:16 p.m.16 views

CVE-2026-48774

ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 3.0.0 through 3.0.8, ProxySQL's GenAI/MCP runsqlreadonly tool violates its documented read-only contract for MySQL targets. The tool validates only the full input string with a substring blacklist and first-keyword...

7.5CVSS0.00226EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/19 7:34 p.m.5 views

CVE-2026-48774

ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 3.0.0 through 3.0.8, ProxySQL's GenAI/MCP runsqlreadonly tool violates its documented read-only contract for MySQL targets. The tool validates only the full input string with a substring blacklist and first-keyword...

7.5CVSS5.8AI score0.00226EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/19 7:34 p.m.23 views

CVE-2026-48774 ProxySQL MCP run_sql_readonly executes side-effecting MySQL multi-statements despite read-only contract

ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 3.0.0 through 3.0.8, ProxySQL's GenAI/MCP runsqlreadonly tool violates its documented read-only contract for MySQL targets. The tool validates only the full input string with a substring blacklist and first-keyword...

7.5CVSS0.00226EPSS
Exploits0References2
Rows per page
Query Builder