Lucene search
K

64 matches found

NVD
NVD
added 4 days ago8 views

CVE-2026-13533

A security vulnerability has been detected in agentejo Cockpit CMS up to 0.12.2. Affected by this issue is the function Spyc::YAMLLoad of the file /config/config.yaml of the component htaccess Handler. Such manipulation leads to files or directories accessible. It is possible to launch the attack...

6.9CVSS0.00286EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-40030

A security vulnerability has been detected in agentejo Cockpit CMS up to 0.12.2. Affected by this issue is the function Spyc::YAMLLoad of the file /config/config.yaml of the component htaccess Handler. Such manipulation leads to files or directories accessible. It is possible to launch the attack...

6.9CVSS5.6AI score0.00286EPSS
Exploits0References5
CVE
CVE
added 4 days ago9 views

CVE-2026-13533

CVE-2026-13533 affects agentejo Cockpit CMS up to v0.12.2 in the htaccess Handler’s /config/config.yaml, via Spyc::YAMLLoad. The vulnerability arises from YAMLLoad manipulation that can make files or directories accessible and can be exploited remotely. Exploit code has been publicly disclosed an...

6.9CVSS5.6AI score0.00286EPSS
Exploits0References5
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-13533 agentejo Cockpit CMS htaccess config.yaml YAMLLoad file access

A security vulnerability has been detected in agentejo Cockpit CMS up to 0.12.2. Affected by this issue is the function Spyc::YAMLLoad of the file /config/config.yaml of the component htaccess Handler. Such manipulation leads to files or directories accessible. It is possible to launch the attack...

6.9CVSS0.00286EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in pyyaml

In PyYAML before version 5.1, the yaml.load API could execute arbitrary code if used with untrusted data. The load function has been deprecated in version 5.1, and the 'UnsafeLoader' has been introduced to maintain backward compatibility with this function...

9.8CVSS7.9AI score0.06031EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/01/30 6:57 p.m.4 views

CVE-2025-62348

Salt's junos execution module contained an unsafe YAML decode/load usage. A specially crafted YAML payload processed by the junos module could lead to unintended code execution under the context of the Salt process...

7.8CVSS6.3AI score0.00179EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-2744

Malware in sbrugna...

8.8CVSS7.8AI score0.0195EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-0209

Malware in sbrugna...

7.2CVSS6.9AI score0.03555EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-27070

Malicious code in bioql PyPI...

7.8CVSS7.4AI score0.0047EPSS
Exploits0References5
Snyk
Snyk
added 2025/07/31 2:2 p.m.5 views

Deserialization of Untrusted Data

Overview ms-swift is a Swift: Scalable lightWeight Infrastructure for Fine-Tuning Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the yaml.load function in tests/run.py when handling user-supplied YAML configuration files. An attacker can execute arbitrar...

9.8CVSS7.8AI score0.02494EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2025/07/30 6:37 a.m.114 views

Exploit for CVE-2025-50460

CVE-2025-50460: Remote Code Execution in modelscope/ms-swift v...

9.8CVSS9.1AI score0.02494EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 9:42 a.m.6 views

CVE-2024-23731

The OpenAPI loader in Embedchain before 0.1.57 allows attackers to execute arbitrary code, related to the openapi.py yaml.load function argument...

9.8CVSS7.5AI score0.0105EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/08/20 12:0 a.m.6 views

PT-2024-29898 · Unknown · Kubernetes

Name of the Vulnerable Software and Affected Versions: Kubernetes versions prior to 3385 Description: The issue arises from the user-controlled role parameter entering the application in the Kubernetes::RoleVerificationsController. This parameter flows into the RoleConfigFile initializer and then...

8.8CVSS7.8AI score0.0113EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.32 views

RHEL 6 : pyyaml (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - PyYAML: command execution through python/object/apply constructor in FullLoader CVE-2019-20477 - In PyYAM...

10AI score0.06031EPSS
Exploits2References2
NVD
NVD
added 2024/01/21 5:15 p.m.28 views

CVE-2024-23731

The OpenAPI loader in Embedchain before 0.1.57 allows attackers to execute arbitrary code, related to the openapi.py yaml.load function argument...

9.8CVSS9.6AI score0.0105EPSS
Exploits0References2
PyPA
PyPA
added 2024/01/21 5:15 p.m.6 views

PYSEC-2024-7

The OpenAPI loader in Embedchain before 0.1.57 allows attackers to execute arbitrary code, related to the openapi.py yaml.load function argument...

9.8CVSS7.5AI score0.0105EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/01/21 12:0 a.m.2 views

Embedchain Security Breach

Embedchain is an open source RAG framework from Embedchain Open Source. A security vulnerability exists in Embedchain versions prior to 0.1.57. An attacker can exploit this vulnerability to execute arbitrary code related to the parameters of the openapi.py yaml.load function...

9.8CVSS7.6AI score0.0105EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/11/11 12:0 a.m.5 views

The vulnerability of the yaml.load() component in the YAML parsing library for Python, PyYAML, allows a attacker to access confidential data, compromise its integrity, and cause service interruptions.

The vulnerability of the yaml.load component in the YAML parsing library for Python, PyYAML, is related to the restoration of unreliable data in memory. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and cause service failures...

10CVSS7AI score0.06031EPSS
Exploits1References12Affected Software3
Tenable Nessus
Tenable Nessus
added 2023/05/28 12:0 a.m.23 views

Fedora 37 : bottles / python-vkbasalt-cli (2023-328397d034)

The remote Fedora 37 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-328397d034 advisory. Update bottles to 51.6 and release final dependency vkbasalt-cli Tenable has extracted the preceding description block directly from the Fedora...

7.8CVSS7.5AI score0.0047EPSS
Exploits0References2
NVD
NVD
added 2023/05/26 6:15 p.m.14 views

CVE-2023-22970

Bottles before 51.0 mishandles YAML load, which allows remote code execution via a crafted file...

7.8CVSS7.8AI score0.0047EPSS
Exploits0References3
Rows per page
Query Builder