Lucene search
+L

7112 matches found

cve
cve
added 12 hours ago20 views

CVE-2026-15013

Technical details are not publicly available in the provided documents. Monitor for updates.

9.8CVSS6AI score
Exploits0References7
euvd
euvd
added 12 hours ago4 views

EUVD-2026-44866

The SAML Single Sign On – SSO Login plugin for WordPress is vulnerable to Authentication Bypass via SAML Signature Algorithm Confusion in all versions up to, and including, 5.4.3. The vulnerability exists because MoSAMLUtilities::mosamlcastkey reads the SignatureMethod Algorithm attribute directl...

9.8CVSS6AI score
Exploits0References7
nvd
nvd
added 2 days ago9 views

CVE-2025-56365

A reachable assertion vulnerability exists in the Matter SDK connectedhomeip before 1.4.0, in the interaction model command processing logic. When an InvokeCommandRequest is sent to a nonexistent endpoint and cluster e.g., 0x34, the code incorrectly treats the endpoint as valid due to missing...

7.5CVSS0.00169EPSS
Exploits0References3
cve
cve
added 2 days ago7 views

CVE-2026-47475

NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API where an attacker could trigger a reachable assertion in the sampler thread. A successful exploit of this vulnerability might lead to denial of service...

6.2CVSS6.1AI score0.0012EPSS
Exploits0References2
ossf
ossf
added 2 days ago5 views

Malicious code in ethereum-lib-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58bddf420dcb894a940b62fba777628f0c3a9d31dd7fa915afaea618c1914d52 Package [email protected] impersonates the widely-used ethereumjs-util library: the package name, README badge, repository, homepage, and auth...

6.2AI score
Exploits0References2
osv
osv
added 2 days ago3 views

MAL-2026-10613 Malicious code in ethereum-lib-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58bddf420dcb894a940b62fba777628f0c3a9d31dd7fa915afaea618c1914d52 Package [email protected] impersonates the widely-used ethereumjs-util library: the package name, README badge, repository, homepage, and auth...

6.2AI score
Exploits0References2
osv
osv
added 2 days ago3 views

MAL-2026-10612 Malicious code in assertion-utils-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 311d22d9694863456136cf4f8b69a291fdbb631eda56bafca1959e0c184774a1 assertion-utils-js is a typosquat of chai name, description, and keywords mirror the real package. On require, index.js spawns a detached Node child...

6.2AI score
Exploits0References2
cvelist
cvelist
added 6 days ago35 views

CVE-2026-55789 Logto: SAML IdP injects user-controlled profile attributes raw into signed assertions, allowing privilege escalation at relying Service Providers

Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's self-hosted SAML application IdP built the signed SAML response and assertion by string-substituting user-controlled profile attributes such as name, email, and custom attribute-mapping values into...

8.5CVSS0.00298EPSS
Exploits0References4
osv
osv
added 6 days ago3 views

CVE-2026-54714 Logto: XSS via unescaped RelayState in SAML auto-submit form

Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, @logto/core reflected the SAML RelayState, SAMLResponse, and actionUrl into a Logto-origin auto-submit HTML form in packages/core/src/saml-application/SamlApplication/utils.ts without HTML-attribute...

6.1CVSS6.1AI score0.00253EPSS
Exploits0References6
nvd
nvd
added 2026/07/09 11:16 a.m.8 views

CVE-2026-58307

Out-of-bounds read, Reachable assertion vulnerability in Samsung Open Source Escargot allows Overread Buffers, Input Data Manipulation. This issue affects Escargot: before 2dee22f5c7b8bf31cb7252d7731fae8c07f2842c...

6.1CVSS0.00107EPSS
Exploits0References2
euvd
euvd
added 2026/07/09 10:33 a.m.8 views

EUVD-2026-42578

Out-of-bounds read, Reachable assertion vulnerability in Samsung Open Source Escargot allows Overread Buffers, Input Data Manipulation. This issue affects Escargot: before 2dee22f5c7b8bf31cb7252d7731fae8c07f2842c...

6.1CVSS5.9AI score0.00107EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/07/09 10:33 a.m.10 views

CVE-2026-58307

Out-of-bounds read, Reachable assertion vulnerability in Samsung Open Source Escargot allows Overread Buffers, Input Data Manipulation. This issue affects Escargot: before 2dee22f5c7b8bf31cb7252d7731fae8c07f2842c...

6.1CVSS5.9AI score0.00107EPSS
Exploits0References3
cvelist
cvelist
added 2026/07/09 10:33 a.m.33 views

CVE-2026-58307

Out-of-bounds read, Reachable assertion vulnerability in Samsung Open Source Escargot allows Overread Buffers, Input Data Manipulation. This issue affects Escargot: before 2dee22f5c7b8bf31cb7252d7731fae8c07f2842c...

6.1CVSS0.00107EPSS
Exploits0References2
nvd
nvd
added 2026/07/08 11:16 p.m.8 views

CVE-2026-54781

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML token validation does not enforce SubjectConfirmation method URIs or holder-of-key proof keys in SamlSecurityTokenHandler, allowing holder-of-key downgrade or custom...

7.4CVSS0.00178EPSS
Exploits0References6
cve
cve
added 2026/07/08 10:19 p.m.18 views

CVE-2026-54781

CoreWCF (SAML token validation) does not enforce SubjectConfirmation method URIs or holder-of-key proof keys in SamlSecurityTokenHandler, allowing holder-of-key downgrade or custom confirmation method assertions to authenticate subjects without proper authority. Affects CoreWCF.Primitives and rel...

7.4CVSS5.9AI score0.00178EPSS
Exploits0References6
osv
osv
added 2026/07/08 10:17 p.m.4 views

CVE-2026-54774 CoreWCF: SamlSerializer skips SignatureValue verification when SAML signing token is not an X.509 certificate

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, SamlSerializer skips final SignatureValue verification when a CoreWCF service validates SAML tokens using a non-X.509 signing token, allowing an attacker to reference a non-X.509...

7.4CVSS6.1AI score0.0015EPSS
Exploits0References8
redhatcve
redhatcve
added 2026/07/08 5:0 a.m.6 views

CVE-2026-55514

A flaw was found in vLLM, a library for Large Language Model LLM inference and serving. A remote attacker, authorized to make a /v1/completions request, can send a specially crafted prompt embeds payload. This action causes the EngineCore to fail an assertion and fatally crash, leading to a Denia...

7.1CVSS5.9AI score0.0037EPSS
Exploits0References7
osv
osv
added 2026/07/07 10:17 a.m.4 views

PYSEC-2026-1015 TensorFlow vulnerable to assertion fail on MLIR empty edge names

Impact When mlir::tfg::ConvertGenericFunctionToFunctionDef is given empty function attributes, it crashes. cpp // We pre-allocate the array of operands and populate it using the // outputnametoposition and controloutputtoposition populated // previously. SmallVector retvalsfunc.retsize +...

5.9CVSS5.9AI score0.00547EPSS
Exploits0References8
nvd
nvd
added 2026/07/06 9:16 p.m.8 views

CVE-2026-54234

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Prior to 0.24.0, a frontend-legal multi-request speculative decoding workload can cause the rejection sampler to produce a recovered token equal to the model vocabulary size boundary value, which is then convert...

7.5CVSS0.00343EPSS
Exploits1References3
osv
osv
added 2026/07/06 8:3 a.m.4 views

PYSEC-2026-986 Type confusion leading to `CHECK`-failure based denial of service in TensorFlow

Impact The macros that TensorFlow uses for writing assertions e.g., CHECKLT, CHECKGT, etc. have an incorrect logic when comparing sizet and int values. Due to type conversion rules, several of the macros would trigger incorrectly. Patches We have patched the issue in GitHub commit...

5.5CVSS5.9AI score0.00386EPSS
Exploits1References13
Rows per page
Query Builder