Lucene search
+L

1892 matches found

Snyk
Snyk
added 2026/06/16 7:29 p.m.8 views

Deserialization of Untrusted Data

Overview langgraph-checkpoint is a library with base interfaces for LangGraph checkpoint savers. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the JsonPlusSerializer while reconstructing Python objects from JSON checkpoint payloads. An attacker can...

7.3CVSS6.2AI score0.00232EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/16 2:32 p.m.10 views

Improperly Implemented Security Check for Standard

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Improperly Implemented Security Check for Standard in the Lambda@Edge adapter that truncates repeated request headers. An attacker can bypass access restrictions or affect auditing...

6.3CVSS5.8AI score0.00114EPSS
Exploits0References2
OSV
OSV
added 2026/06/16 2:32 p.m.9 views

GHSA-WGPF-JWQJ-8H8P hono: Lambda@Edge adapter keeps only the last value of a repeated request header, dropping the rest

Summary On AWS Lambda@Edge, CloudFront delivers a request header that appears more than once as several separate entries. The adapter writes each value with Headers.set instead of Headers.append, so every value overwrites the previous one and only the last reaches the application. Repeated reques...

4.8CVSS5.4AI score0.00114EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/15 7:47 p.m.16 views

CVE-2026-47261

Wasmtime is a runtime for WebAssembly. In versions prior to 24.0.9, 36.0.10, and 44.0.2, when a filesystem preopen is given DirPerms::all and FilePerms::READ without FilePerms::WRITE, this access control mechanism can be bypassed via the wasip2 descriptor.open-at or wasip1 pathopen interfaces by...

7.5CVSS5.3AI score0.00357EPSS
Exploits0
OSV
OSV
added 2026/06/15 3:54 p.m.9 views

MAL-2026-5793 Malicious code in nativescript-swisspost-pcc-creative-editor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9c9ef8861d14485e696e98c66d95ee5c2a5a608b213841c9c18b254003ae049 Package masquerades as an internal Swiss Post NativeScript package name nativescript-swisspost-pcc-creative-editor, description literally Security Po...

6.5AI score
Exploits0References2
NVD
NVD
added 2026/06/12 7:16 p.m.30 views

CVE-2026-50101

Naxclow devices use a server-side, per-device relay credential that never rotates and is re-issued to the device on each boot. Because this credential remains valid indefinitely and cannot be reset or revoked by the legitimate owner, any party that obtains it through any exposure path can maintai...

9.2CVSS0.00281EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 6:7 p.m.54 views

EUVD-2026-36526

Naxclow devices use a server-side, per-device relay credential that never rotates and is re-issued to the device on each boot. Because this credential remains valid indefinitely and cannot be reset or revoked by the legitimate owner, any party that obtains it through any exposure path can maintai...

9.2CVSS5.2AI score0.00281EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.26 views

PT-2026-48957

Naxclow devices use a server-side, per-device relay credential that never rotates and is re-issued to the device on each boot. Because this credential remains valid indefinitely and cannot be reset or revoked by the legitimate owner, any party that obtains it through any exposure path can maintai...

9.2CVSS5.2AI score0.00281EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 5:17 a.m.20 views

Malicious code in ai-sdk-helpers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 501daa3c8b2c9c2609dc60fd90ae59710a603ae56fa5dcc867d24913889c5413 [email protected] is a typosquat impersonating the Vercel AI SDK ecosystem homepage ai-sdk.guide, author 'AI SDK Guide '. On npm install,...

5.9AI score
Exploits0References26
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 5:0 a.m.15 views

Malicious code in @bestlzk/sectest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0cfce552ac72417ec7db2c48e0e13b1d060007167e82bd0f9b10799efe85e7f4 On npm install, postinstall.js collects platform, Node version, current working directory, and OS username, then POSTs them as JSON to...

6.4AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.20 views

PT-2026-48523

Name of the Vulnerable Software and Affected Versions FreeBSD affected versions not specified Description A privilege escalation flaw exists in the Linuxulator, a compatibility layer that allows Linux binaries to run on FreeBSD. A logic bug related to AT SECURE occurs during setuid execution...

7.1CVSS5.5AI score0.00098EPSS
Exploits1References14
OSV
OSV
added 2026/06/09 8:34 p.m.18 views

MAL-2026-5477 Malicious code in mcp-server-figma (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 474223e0d5456564c1ae112031e3b8f276850a79f59cc93ed3a04805de291f20 Package squats the unscoped name mcp-server-figma, which AI coding agents and developers commonly invoke via npx mcp-server-figma expecting the...

5.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 8:9 p.m.14 views

Malicious code in tailwind-form (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37a2959fd43465328b090afd0464e0e3de0e1677ecd2068d4ef05bdfe5867b79 tailwind-form is a typosquat of the legitimate @tailwindcss/forms plugin README and repository field are copied from tailwindlabs/tailwindcss-forms,...

6.4AI score
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/06/09 12:0 a.m.15 views

FreeBSD Security Advisory - FreeBSD-SA-26:30.linux

FreeBSD Security Advisory - The Linuxulator determined whether a binary was set-user-ID or set-group-ID by checking the PSUGID process flag. During execve2, this flag is not yet set at the point where the auxiliary vector is constructed, so ATSECURE was incorrectly set to zero for set-user-ID and...

5.5AI score0.00098EPSS
Exploits1
FreeBSD
FreeBSD
added 2026/06/09 12:0 a.m.10 views

FreeBSD -- Flaw in Linuxulator execution of setugid binaries

Problem Description: The Linuxulator determined whether a binary was set-user-ID or set-group-ID by checking the PSUGID process flag. During execve2, this flag is not yet set at the point where the auxiliary vector is constructed, so ATSECURE was incorrectly set to zero for set-user-ID and...

7.1CVSS5.5AI score0.00098EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/06/08 2:59 p.m.11 views

CVE-2026-41159

A flaw was found in Mermaid, a JavaScript tool for creating diagrams and charts. A remote attacker could exploit this vulnerability by injecting malicious Cascading Style Sheets CSS through specific configuration options, such as fontFamily, themeCSS, and altFontFamily. This injected CSS can bypa...

5.4CVSS6.1AI score0.00398EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.11 views

CVE-2026-40296

PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. The HTML writer skips htmlspecialchars escaping when a cell's formatted value differs from the original value. When a cell has a custom number format containing the text placeholder @ along with any additional literal...

5.4CVSS5AI score0.00225EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.12 views

CVE-2026-50207

The system Binder boundary accepts unverified pass-through AT commands, giving local applications the power to read baseband files or disable cellular connectivity...

8.5CVSS5.4AI score0.00133EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 12:9 a.m.10 views

CVE-2025-69755

An issue in Neterbit NW-431F Router vNW-431F-20241014-IR03 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted command to the atcommand.asp interface...

8.2CVSS6.1AI score0.00464EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 7:4 a.m.10 views

EUVD-2026-34219

The system Binder boundary accepts unverified pass-through AT commands, giving local applications the power to read baseband files or disable cellular connectivity...

8.5CVSS5.8AI score0.00133EPSS
Exploits0References1
Rows per page
Query Builder