12979 matches found
CVE-2026-60109
Zeek
DataEase <= 2.4.1 - Sensitive Information Exposure
DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0. Visiting the /de2api/engine/getEngine;.js path via a browser reveals that the platform's database configuration is returned. id: CVE-2024-30269...
Malicious code in rio-design-tokens (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed72d8256a1831ef61f01d101c9b9de21db822516cb3b61d1fffd1ef7b3bb0c7 [email protected] is a dependency-confusion attack package. package.json declares preinstall: node index.js, so npm install auto-executes...
Malicious code in zluri-ad-connector (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b7a807f066f0255f7480ebd7d445043282260b464b0ef54a32a2d022c93bbf7 The package declares a preinstall hook node index.js that runs automatically on npm install. index.js requires os, dns, https, querystring, and the...
CVE-2026-14758
A flaw was found in radareorg radare2. A local attacker can exploit an integer overflow vulnerability within the hexpairs parser, specifically in the cmdanalopcode function. This manipulation can lead to an integer overflow, potentially causing a denial of service DoS condition...
UBUNTU-CVE-2026-14758
A vulnerability was identified in radareorg radare2 up to 6.1.6. This vulnerability affects the function cmdanalopcode of the file libr/core/cmdanal.inc.c of the component hexpairs Parser. Such manipulation leads to integer overflow. The attack needs to be performed locally. The exploit is public...
FreeBSD : traefik -- Multiple vulnerabilities (803b9816-77af-11f1-ba71-5404a68ad561)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 803b9816-77af-11f1-ba71-5404a68ad561 advisory. The traefik project releases a new version addressing multiple CVEs: Tenable has extracted the...
CVE-2026-14757
A vulnerability was determined in radareorg radare2 up to 6.1.6. This affects the function coreanalbytes of the file libr/core/cmdanal.inc. This manipulation causes integer overflow. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. It is...
PT-2026-55807
Name of the Vulnerable Software and Affected Versions radareorg radare2 versions prior to 6.1.7 Description An integer overflow occurs in the hexpairs Parser component within the cmd anal opcode function located in the libr/core/cmd anal.inc.c file. This issue requires local access to be exploite...
CVE-2026-14535 Fickling MLAllowlist analysis pass rendered inoperative by shared mutable state in AnalysisContext.shorten_code()
In Trail of Bits fickling versions up to and including 0.1.11, the UnsafeImportsML analysis pass unconditionally calls AnalysisContext.shortencodenode on every import node it inspects, regardless of whether the import is flagged as unsafe. This call registers the shortened code representation in...
EUVD-2026-41676
In Trail of Bits fickling versions up to and including 0.1.11, the UnsafeImportsML analysis pass unconditionally calls AnalysisContext.shortencodenode on every import node it inspects, regardless of whether the import is flagged as unsafe. This call registers the shortened code representation in...
CVE-2026-14535
The CVE affects Trail of Bits fickling up to version 0.1.11. The UnsafeImportsML analysis pass always calls AnalysisContext.shorten_code(node), populating shared AnalysisContext.reported_shortened_code. When MLAllowlist runs, it sees already_reported=True for every import and skips its allowlist ...
Malicious code in debugcli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff9ad8188112d91f0ea673971f4421ca96dc7943ba12d65c7339c1aa75c2226e The package name debugcli shadows the popular debug package, and index.js is a thin re-export module.exports = require'debug' so callers observe...
XML External Entity (XXE) Injection
Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection via the PatternParser process. An attacker can access sensitive files or interact with internal systems by submitting crafted XML data that triggers external entity resolution. Details XXE Injection is ...
CVE-2026-47898
Improper Restriction of XML External Entity Reference vulnerability in Apache Lucene.Net Lucene.Net.Analysis.Common library. This issue affects Apache Lucene.Net.Analysis.Common: from 4.8.0-beta00005 before 4.8.0-beta00018. Users are recommended to upgrade to version 4.8.0-beta00018, which fixes...
CVE-2026-47898
Improper Restriction of XML External Entity Reference vulnerability in Apache Lucene.Net Lucene.Net.Analysis.Common library. This issue affects Apache Lucene.Net.Analysis.Common: from 4.8.0-beta00005 before 4.8.0-beta00018. Users are recommended to upgrade to version 4.8.0-beta00018, which fixes...
CVE-2026-47898
This CVE affects Lucene.Net.Analysis.Common (PatternParser) in Lucene.Net.Analysis.Common: vulnerable in versions prior to 4.8.0-beta00018. The connected Snyk entry confirms an XML External Entity (XXE) injection vulnerability, where crafted XML could trigger external entity resolution, enabling ...
CVE-2026-47898 Apache Lucene.Net: XXE vulnerability in Lucene.Net.Analysis.Common PatternParser
Improper Restriction of XML External Entity Reference vulnerability in Apache Lucene.Net Lucene.Net.Analysis.Common library. This issue affects Apache Lucene.Net.Analysis.Common: from 4.8.0-beta00005 before 4.8.0-beta00018. Users are recommended to upgrade to version 4.8.0-beta00018, which fixes...
EUVD-2026-41517
Improper Restriction of XML External Entity Reference vulnerability in Apache Lucene.Net Lucene.Net.Analysis.Common library. This issue affects Apache Lucene.Net.Analysis.Common: from 4.8.0-beta00005 before 4.8.0-beta00018. Users are recommended to upgrade to version 4.8.0-beta00018, which fixes...
CVE-2026-59099
Apereo CAS 7.3.0 before 8.0.0-RC6 contains a cryptographic vulnerability that allows remote unauthenticated attackers to recover plaintext conversation state by exploiting AES-GCM initialization vector reuse across the server lifetime. Attackers can collect multiple client-side webflow execution...