Lucene search
K

182 matches found

NVD
NVD
added 5 days ago10 views

CVE-2026-57246

When dealing with abnormally constructed objects, there is a lack of argument validation; JavaScript triggers signature verification, but the signature plugin does not perform validation when copying the abnormal string, causing the application to crash...

7.8CVSS0.00116EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-57246 Foxit PDF Editor/Reader Signature Buffer Overflow Vulnerability

When dealing with abnormally constructed objects, there is a lack of argument validation; JavaScript triggers signature verification, but the signature plugin does not perform validation when copying the abnormal string, causing the application to crash...

7.8CVSS0.00116EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-42206

When dealing with abnormally constructed objects, there is a lack of argument validation; JavaScript triggers signature verification, but the signature plugin does not perform validation when copying the abnormal string, causing the application to crash...

7.8CVSS6AI score0.00116EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-57246

When dealing with abnormally constructed objects, there is a lack of argument validation; JavaScript triggers signature verification, but the signature plugin does not perform validation when copying the abnormal string, causing the application to crash...

7.8CVSS6AI score0.00116EPSS
Exploits0References2Affected Software2
OSV
OSV
added 2026/06/09 6:36 p.m.9 views

GHSA-C4FP-CXRR-MJ66 Net::IMAP: Denial of Service via incomplete raw argument validation

Summary Several Net::IMAP commands accept a raw string argument which is only validated to prevent CRLF injection and then sent verbatim. If this string is derived from user-controlled input, an attacker can force the next command to be absorbed as a continuation of the first command. This will...

2.1CVSS5.7AI score0.00239EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/27 12:56 p.m.46 views

CVE-2026-46023 dm mirror: fix integer overflow in create_dirty_log()

In the Linux kernel, the following vulnerability has been resolved: dm mirror: fix integer overflow in createdirtylog The argument count calculation in createdirtylog performs argsused = 2 + paramcount before validating against argc. When a user provides a paramcount close to UINTMAX via the devi...

0.0013EPSS
Exploits0References8
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.11 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/xe: A memory leak has been fixed in xevmmadviseioctl. When the validation of checkboargsaresane fails, the code jumps to the new freevmas cleanup label to properly release the allocated resources. This ensures proper cleanup ...

5.5CVSS6AI score0.00112EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 6:30 p.m.9 views

EUVD-2026-29501

The loadmodel function in the neuralmagictraining.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f 2024-07-21 allows arbitrary code execution. When a user supplies a directory path via the --model command-line argument, the function reads a module.py file from...

6.2AI score0.00426EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/08 1:23 p.m.10 views

EUVD-2026-28595

PraisonAI is a multi-agent teams system. Prior to version 4.6.9, the fix for PraisonAI's MCP command handling does not add a command allowlist or argument validation to parsemcpcommand, allowing arbitrary executables like bash, python, or /bin/sh with inline code execution flags to pass through t...

9.8CVSS6.3AI score0.00541EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.7 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-011365)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011365 advisory. In the Linux kernel, the following vulnerability has been resolved: nbd: fix incomplete validation of ioctl arg We tested and found an alarm caused by nbdioctl arg...

5.5CVSS6.3AI score0.00136EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.7 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013212)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013212 advisory. In the Linux kernel, the following vulnerability has been resolved: nbd: fix incomplete validation of ioctl arg We tested and found an alarm caused by nbdioctl arg...

5.5CVSS6.3AI score0.00136EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/17 10:23 p.m.10 views

PraisonAI has an incomplete fix for CVE-2026-34935 - OS Command Injection

Summary The fix for PraisonAI's MCP command handling does not add a command allowlist or argument validation to parsemcpcommand, allowing arbitrary executables like bash, python, or /bin/sh with inline code execution flags to pass through to subprocess execution. Affected Package - Ecosystem: PyP...

9.8CVSS6.9AI score0.00824EPSS
Exploits2References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 2:59 p.m.3 views

CVE-2026-20040

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI...

8.8CVSS7.1AI score0.00172EPSS
Exploits0References1
NVD
NVD
added 2026/03/18 7:16 p.m.5 views

CVE-2026-3479

DISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.getdata has the same security model as open. The documentation has been updated to clarify this point. There is no vulnerability in the function if following the intended security model. pkgutil.getdata did...

0.00238EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/03/18 6:13 p.m.6 views

CVE-2026-3479

DISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.getdata has the same security model as open. The documentation has been updated to clarify this point. There is no vulnerability in the function if following the intended security model. pkgutil.getdata did...

5.8AI score0.00238EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/03/18 6:13 p.m.12 views

PSF-2026-13

DISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.getdata has the same security model as open. The documentation has been updated to clarify this point. There is no vulnerability in the function if following the intended security model. pkgutil.getdata did...

5.7AI score0.00238EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/03/13 12:0 a.m.3 views

Cisco IOS XR Software CLI Privilege Escalation (cisco-sa-iosxr-privesc-bF8D5U4W)

According to its self-reported version, Cisco IOS XR is affected by a vulnerability. - A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerabilit...

8.8CVSS7.2AI score0.00172EPSS
Exploits0References18
ATTACKERKB
ATTACKERKB
added 2026/03/11 4:31 p.m.6 views

CVE-2026-20040

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI...

8.8CVSS6AI score0.00172EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/11 4:31 p.m.30 views

CVE-2026-20040 Cisco IOS XR Software CLI Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI...

8.8CVSS0.00172EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/02/26 4:25 a.m.13 views

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

7.8CVSS6.6AI score0.00519EPSS
Exploits3References11
Rows per page
Query Builder