Lucene search
K

815 matches found

RedhatCVE
RedhatCVE
added yesterday6 views

CVE-2026-59858

A command injection vulnerability in Vim's C omni-completion script allows an attacker to execute arbitrary commands if a user is tricked into opening a maliciously crafted tags file and manually invoking the autocomplete feature. Mitigation Users are advised to avoid opening untrusted C source...

8.4CVSS6.3AI score0.00137EPSS
Exploits0References5
CVE
CVE
added yesterday11 views

CVE-2026-9824

Mattermost v11.7.x ≤ 11.7.2, v11.6.x ≤ 11.6.4, and v10.11.x ≤ 10.11.19 are affected by CVE-2026-9824 due to a missing check of the manage_shared_channels permission in the /share-channel autocomplete handler. This allows an authenticated user without that permission to enumerate remote cluster co...

4.3CVSS6.1AI score
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/07/03 12:7 p.m.7 views

CVE-2026-57456

There is a security flaw in Vim. If you use Vim to open a malicious file written by a hacker, and you use the auto-complete feature while typing, the file can secretly force your computer to run unauthorized commands or malware. Mitigation To mitigate this vulnerability, users should avoid openin...

8.4CVSS6AI score0.00144EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-57962

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A malicious LDAP server, which a Thunderbird user is configured to query for address-book autocomplete, can stash arbitrarily large amounts of attacker-supplied...

5.3CVSS6AI score0.00203EPSS
Exploits0References3
OSV
OSV
added 2026/07/01 2:17 a.m.4 views

UBUNTU-CVE-2026-57962

A malicious LDAP server, which a Thunderbird user is configured to query for address-book autocomplete, can stash arbitrarily large amounts of attacker-supplied data into the Thunderbird LDAP client until it crashes due to memory exhaustion. This vulnerability was fixed in Thunderbird 152.0.1 and...

5.3CVSS5.8AI score0.00203EPSS
Exploits0References5
OSV
OSV
added 2026/07/01 2:17 a.m.4 views

DEBIAN-CVE-2026-57962

A malicious LDAP server, which a Thunderbird user is configured to query for address-book autocomplete, can stash arbitrarily large amounts of attacker-supplied data into the Thunderbird LDAP client until it crashes due to memory exhaustion. This vulnerability was fixed in Thunderbird 152.0.1 and...

5.3CVSS5.8AI score0.00203EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/01 12:58 a.m.7 views

EUVD-2026-40861

A malicious LDAP server, which a Thunderbird user is configured to query for address-book autocomplete, can stash arbitrarily large amounts of attacker-supplied data into the Thunderbird LDAP client until it crashes due to memory exhaustion. This vulnerability was fixed in Thunderbird 152.0.1 and...

5.3CVSS5.8AI score0.00203EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.13 views

PT-2026-54447

Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 140.12.1 Thunderbird versions prior to 152.0.1 Description A malicious LDAP server can cause the Thunderbird LDAP client to crash due to memory exhaustion. This occurs when the client is configured to query the...

5.3CVSS6AI score0.00203EPSS
Exploits0References11
OSV
OSV
added 2026/06/24 6:42 p.m.4 views

DRUPAL-CONTRIB-2026-060

The optional Paragraphs Library module allows the reuse of paragraphs in multiple places. The module doesn't sufficiently restrict access to unpublished library items in lists. This vulnerability is mitigated by the fact the paragraphs\library module must be in use, and that an attacker must have...

6.5CVSS5.9AI score0.00132EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-52173

Name of the Vulnerable Software and Affected Versions Drupal Paragraphs versions 0.0.0 through 1.21.0 Description A missing authorization issue in the Paragraphs Library module allows forceful browsing. The module does not sufficiently restrict access to unpublished library items within lists. Th...

6.1AI score0.00132EPSS
Exploits0References3
NVD
NVD
added 2026/06/23 1:16 p.m.10 views

CVE-2025-71376

picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.autocomplete.AutoComplete.fetchcompletions in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims...

8.1CVSS0.003EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/23 12:12 p.m.32 views

CVE-2025-71376 picklescan - Arbitrary Code Execution via Undetected idlelib.autocomplete.AutoComplete.fetch_completions

picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.autocomplete.AutoComplete.fetchcompletions in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims...

8.1CVSS0.003EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/23 12:12 p.m.6 views

CVE-2025-71376

picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.autocomplete.AutoComplete.fetchcompletions in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims...

8.1CVSS6.1AI score0.003EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/23 12:12 p.m.8 views

EUVD-2025-210308

picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.autocomplete.AutoComplete.fetchcompletions in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims...

8.1CVSS6.1AI score0.003EPSS
Exploits0References2
CVE
CVE
added 2026/06/23 12:12 p.m.14 views

CVE-2025-71376

CVE-2025-71376 affects the Python package picklescan prior to 0.0.29. The vulnerability arises because idlelib.autocomplete.AutoComplete.fetch_completions in reduce methods is not detected, allowing attackers to embed code in pickle files that executes arbitrary commands when loaded by victims. T...

8.1CVSS6.1AI score0.003EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/22 9:4 p.m.19 views

CVE-2025-71358 picklescan - Remote Code Execution via idlelib.autocomplete.AutoComplete.get_entity

picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.autocomplete.AutoComplete.getentity function in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims using pickle.load...

8.1CVSS0.00248EPSS
Exploits0References2
CVE
CVE
added 2026/06/22 9:4 p.m.20 views

CVE-2025-71358

CVE-2025-71358 concerns the Python tool picklescan (pre-0.0.29) failing to detect malicious pickle payloads that exploit the function idlelib.autocomplete.AutoComplete.get_entity in reduce methods. When a crafted pickle is loaded with pickle.load(), arbitrary commands can execute, enabling remote...

8.1CVSS6.1AI score0.00248EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/10 2:34 p.m.8 views

CVE-2026-53693 MISP BSimVis stored cross-site scripting in tag and cluster rendering paths via unescaped tag metadata and UI labels

A stored cross-site scripting vulnerability existed in MISP BSimVis tag rendering code. Several client-side rendering paths interpolated tag names, collection names, entity identifiers, cluster names, and tag metadata directly into HTML, HTML attributes, inline JavaScript event handlers, and CSS...

6.9CVSS5.5AI score0.00277EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.14 views

CVE-2026-7299

Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to inject persistent XSS by a malicious table or column names triggering arbitrary code execution in the sessions of other...

6.3CVSS6.3AI score0.00341EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2026/06/02 2:7 p.m.7 views

CVE-2026-7299

Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to inject persistent XSS by a malicious table or column names triggering arbitrary code execution in the sessions of other...

6.3CVSS6.4AI score0.00341EPSS
Exploits2References6
Rows per page
Query Builder