Lucene search
K

4063 matches found

CVE
CVE
added 2026/06/29 4:0 a.m.13 views

CVE-2026-13533

CVE-2026-13533 affects agentejo Cockpit CMS up to v0.12.2 in the htaccess Handler’s /config/config.yaml, via Spyc::YAMLLoad. The vulnerability arises from YAMLLoad manipulation that can make files or directories accessible and can be exploited remotely. Exploit code has been publicly disclosed an...

6.9CVSS5.6AI score0.00286EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/29 4:0 a.m.9 views

EUVD-2026-40030

A security vulnerability has been detected in agentejo Cockpit CMS up to 0.12.2. Affected by this issue is the function Spyc::YAMLLoad of the file /config/config.yaml of the component htaccess Handler. Such manipulation leads to files or directories accessible. It is possible to launch the attack...

6.9CVSS5.6AI score0.00286EPSS
Exploits0References5
OSV
OSV
added 2026/06/26 11:3 p.m.6 views

GHSA-5C25-7VPJ-9MQH Nezha Monitoring: Pre-auth path traversal via /dashboard.. prefix confusion leaks jwt_secret_key

Summary fallbackToFrontend in the dashboard's NoRoute handler treats any URL whose raw string starts with /dashboard as an admin-frontend asset request. The check uses strings.HasPrefix, not a path-segment match, so the input /dashboard../data/config.yaml is accepted; strings.TrimPrefix leaves...

9.1CVSS5.9AI score0.00451EPSS
Exploits1References3
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.11 views

GHSA-Q4H4-GMJ2-QVW2 vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-eks-fips, crossplane-provider-aws-cloudwatchlogs-fips, ko, clickhouse-backup-fips, ksops, flux-image-automation-controller, tekton-pipelines, crossplane-provider-aws-macie2, gh, terragrunt-fips, gitlab-cng, gatekeeper-fips,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.6 views

GHSA-RM3J-F69W-WQMQ vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-eks-fips, crossplane-provider-aws-cloudwatchlogs-fips, ko, clickhouse-backup-fips, ksops, flux-image-automation-controller, tekton-pipelines, crossplane-provider-aws-macie2, gh, terragrunt-fips, gitlab-cng, gatekeeper-fips,...

6.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/26 7:9 p.m.8 views

CVE-2026-53550

A flaw was found in js-yaml, a JavaScript YAML parser and dumper. A remote attacker can exploit this vulnerability by providing a specially crafted YAML document that repeatedly uses the same alias in a merge sequence. This can lead to algorithmic CPU exhaustion, causing the Node.js worker or eve...

5.3CVSS5.6AI score0.00259EPSS
Exploits1References4
NVD
NVD
added 2026/06/25 6:16 p.m.9 views

CVE-2026-55697

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can install configDependencies declared in pnpm-workspace.yaml before command dispatch. Before the patch, a repository could declare pacquet or @pnpm/pacquet as a config dependency and pnpm treated that repository-controlled dependency ...

8.8CVSS0.00127EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 4:43 p.m.5 views

CVE-2026-55698

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can persist package-manager bootstrap metadata in the first YAML document of pnpm-lock.yaml. Before the patch, direct pnpm execution trusted an already resolved packageManagerDependencies entry when the committed env lockfile contained...

8.8CVSS6AI score0.00193EPSS
Exploits1References2Affected Software1
SUSE CVE
SUSE CVE
added 2026/06/24 2:35 a.m.9 views

SUSE CVE-2026-53550

js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0 and 3.15.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing by repeating the same alias many times in a merge sequence. This causes quadratic parse-time behavior relative to input size an...

5.3CVSS5.8AI score0.00259EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-53550

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0 and 3.15.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key...

5.3CVSS6AI score0.00259EPSS
Exploits1References4
Snyk
Snyk
added 2026/06/22 8:43 p.m.2 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the YAML processing. An attacker can execute arbitrary code by supplying crafted YAML input that triggers unsafe class loading during operations such as CloudFormation deployments or CloudFoundry...

8.8CVSS6.2AI score0.01001EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/22 8:43 p.m.3 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the YAML processing. An attacker can execute arbitrary code by supplying crafted YAML input that triggers unsafe class loading during operations such as CloudFormation deployments or CloudFoundry...

8.8CVSS6.2AI score0.01001EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/22 8:43 p.m.3 views

Deserialization of Untrusted Data

Overview io.spinnaker.orca:orca-clouddriver is a Spinnaker Orca Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the YAML processing. An attacker can execute arbitrary code by supplying crafted YAML input that triggers unsafe class loading during operations...

8.8CVSS6.2AI score0.01001EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/22 8:43 p.m.3 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the YAML processing. An attacker can execute arbitrary code by supplying crafted YAML input that triggers unsafe class loading during operations such as CloudFormation deployments or CloudFoundry...

8.8CVSS6.2AI score0.01001EPSS
Exploits0References2
OSV
OSV
added 2026/06/22 4:16 p.m.3 views

DEBIAN-CVE-2026-53550

js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0 and 3.15.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing by repeating the same alias many times in a merge sequence. This causes quadratic parse-time behavior relative to input size an...

5.3CVSS5.8AI score0.00259EPSS
Exploits1References1
NVD
NVD
added 2026/06/22 4:16 p.m.10 views

CVE-2026-53550

js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0 and 3.15.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing by repeating the same alias many times in a merge sequence. This causes quadratic parse-time behavior relative to input size an...

5.3CVSS0.00259EPSS
Exploits1References1
OSV
OSV
added 2026/06/22 4:16 p.m.3 views

UBUNTU-CVE-2026-53550

js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0 and 3.15.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing by repeating the same alias many times in a merge sequence. This causes quadratic parse-time behavior relative to input size an...

5.3CVSS5.8AI score0.00259EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/06/22 2:59 p.m.5 views

CVE-2026-53550

js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0 and 3.15.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing by repeating the same alias many times in a merge sequence. This causes quadratic parse-time behavior relative to input size an...

5.3CVSS5.8AI score0.00259EPSS
Exploits1
Cvelist
Cvelist
added 2026/06/22 2:59 p.m.40 views

CVE-2026-53550 js-yaml: Quadratic-complexity DoS in merge key handling via repeated aliases

js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0 and 3.15.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing by repeating the same alias many times in a merge sequence. This causes quadratic parse-time behavior relative to input size an...

5.3CVSS0.00259EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/22 2:59 p.m.16 views

CVE-2026-53550 js-yaml: Quadratic-complexity DoS in merge key handling via repeated aliases

js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0 and 3.15.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing by repeating the same alias many times in a merge sequence. This causes quadratic parse-time behavior relative to input size an...

5.3CVSS5.8AI score0.00259EPSS
Exploits1References1
Rows per page
Query Builder