Lucene search
K

736 matches found

NVD
NVD
added 2026/07/05 5:16 a.m.10 views

CVE-2026-14699

A weakness has been identified in zcaceres markdownify-mcp up to 1.1.0. The affected element is the function assertPathAllowed of the file src/Markdownify.ts. Executing a manipulation can lead to symlink following. The attack can only be executed locally. The pull request to fix this issue awaits...

4.8CVSS0.00137EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/05 3:15 a.m.8 views

EUVD-2026-41724

A weakness has been identified in zcaceres markdownify-mcp up to 1.1.0. The affected element is the function assertPathAllowed of the file src/Markdownify.ts. Executing a manipulation can lead to symlink following. The attack can only be executed locally. The pull request to fix this issue awaits...

4.8CVSS5.6AI score0.00137EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/07/05 3:15 a.m.9 views

CVE-2026-14699

A weakness has been identified in zcaceres markdownify-mcp up to 1.1.0. The affected element is the function assertPathAllowed of the file src/Markdownify.ts. Executing a manipulation can lead to symlink following. The attack can only be executed locally. The pull request to fix this issue awaits...

4.8CVSS5.6AI score0.00137EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2026/06/25 9:16 p.m.7 views

CVE-2026-38640

A reachable unwrap in the assertfail function /assert/mod.rs of relibc commit 61f42d allows attackers to cause a Denial of Service DoS via a crafted string...

7.5CVSS0.00446EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/25 12:0 a.m.5 views

CVE-2026-38640

A reachable unwrap in the assertfail function /assert/mod.rs of relibc commit 61f42d allows attackers to cause a Denial of Service DoS via a crafted string...

5.9AI score0.00446EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.8 views

PT-2026-52580

Name of the Vulnerable Software and Affected Versions relibc affected versions not specified Description A reachable unwrap in the assert fail function located in /assert/mod.rs allows attackers to cause a Denial of Service DoS by providing a crafted string. An unwrap is a operation that attempts...

5.8AI score0.00446EPSS
Exploits0References6
CVE
CVE
added 2026/06/25 12:0 a.m.8 views

CVE-2026-38640

CVE-2026-38640 affects relibc. A reachable unwrap in the __assert_fail function (/assert/mod.rs) from commit 61f42d may cause a Denial of Service via a crafted string. The vulnerability is evidenced in multiple sources (NVD record, cve lists, and third-party reports) with CVSS:3.1/AV:N/AC:L/PR:N/...

7.5CVSS5.9AI score0.00446EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.14 views

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a missing bounds check in smartcardunpackreadsizealign libfreerdp/utils/smartcardpack.c:1703 allowed a malicious RDP server to crash the FreeRDP client through a reachable WINPRASSERT → abort mechanism. This...

6.5CVSS5.8AI score0.00256EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/06/23 10:55 a.m.4 views

urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers

A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via ProxyManager.connectionfromurl.urlopen with assertsamehost=False, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitiv...

8.2CVSS5.9AI score0.00527EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/23 10:47 a.m.5 views

urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers

A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via ProxyManager.connectionfromurl.urlopen with assertsamehost=False, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitiv...

8.2CVSS5.9AI score0.00527EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/22 10:18 p.m.5 views

CVE-2026-41523 vLLM: Security Check Bypass via assert Statement in Activation Function Loading Allows Arbitrary Code Execution

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.22.0, an assert-based security check in vLLM's activation function loading allows any unauthenticated attacker to achieve arbitrary code execution on the server by publishing a malicious HuggingFace model, when vLL...

7.5CVSS6.5AI score0.00484EPSS
Exploits1References3
CVE
CVE
added 2026/06/22 10:18 p.m.38 views

CVE-2026-41523

vLLM prior to 0.22.0 is affected by an assert-based security check in the activation function loading that can permit arbitrary code execution when a malicious HuggingFace model is loaded and vLLM runs in Python optimized mode. The attacker-controlled inputs are the activation function names from...

7.5CVSS6.5AI score0.00484EPSS
Exploits1References8Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/22 2:50 p.m.5 views

urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers

A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via ProxyManager.connectionfromurl.urlopen with assertsamehost=False, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitiv...

8.2CVSS5.9AI score0.00527EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/19 8:8 a.m.12 views

Malicious code in assert-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e21fa9c37e9944a00f7e85c7476f8fd4dc6bcd1f8fcd064a90488ef93d5bd12 [email protected] impersonates the chai assertion library bundles chai's source, contributors, and API surface under a different author and homepage...

6AI score
Exploits0References2
OSV
OSV
added 2026/06/19 8:8 a.m.12 views

MAL-2026-6200 Malicious code in assert-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e21fa9c37e9944a00f7e85c7476f8fd4dc6bcd1f8fcd064a90488ef93d5bd12 [email protected] impersonates the chai assertion library bundles chai's source, contributors, and API surface under a different author and homepage...

6AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.14 views

PT-2026-50140

Name of the Vulnerable Software and Affected Versions vLLM versions prior to 0.22.0 Description An assert-based security check in the activation function loading process allows an unauthenticated attacker to achieve arbitrary code execution on the server. This occurs when vLLM is run in Python...

7.5CVSS7.4AI score0.00484EPSS
Exploits1References19
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 11:33 p.m.11 views

Malicious code in chai-smart-assert (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9c0d75b8077d317728bd396870ad1f297ea11f7a50585421fdf2b888cf3a9f3 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/15 11:33 p.m.10 views

MAL-2026-5843 Malicious code in chai-smart-assert (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9c0d75b8077d317728bd396870ad1f297ea11f7a50585421fdf2b888cf3a9f3 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.4AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/15 4:36 p.m.16 views

tmp: Type-confusion bypass of _assertPath allows path traversal via non-string prefix/postfix/template

Summary The assertPath guard added to [email protected] rejects only string values that contain the substring ... It is bypassed when prefix, postfix, or template is supplied as a non-string value Array, Buffer, or any object whose includes'..' returns falsy but whose stringification still contains ../...

8.2CVSS5.6AI score0.00496EPSS
Exploits1References3Affected Software1
Redos
Redos
added 2026/06/15 12:0 a.m.8 views

ROS-20260615-73-0014

The vulnerability of the smartcardunpackreadsizealign function libfreerdp/utils/smartcardpack.c:1703 is related to the use of the assert or similar operator in the RDP client FreeRDP. Exploiting this vulnerability may allow a remote attacker to cause the application to terminate abnormally...

6.5CVSS6.4AI score0.00256EPSS
Exploits1
Rows per page
Query Builder