Lucene search
K

388 matches found

OSV
OSV
added 4 days ago5 views

PYSEC-2026-401 parisneo/lollms vulnerable to stored XSS in the social feature

A Stored Cross-Site Scripting XSS vulnerability was identified in the social feature of parisneo/lollms, affecting the latest version prior to 2.2.0. The vulnerability exists in the createpost function within backend/routers/social/init.py, where user-provided content is directly assigned to the...

9.6CVSS7.3AI score0.00405EPSS
Exploits1References6
OSV
OSV
added 4 days ago5 views

PYSEC-2026-270 OS Command Injection in Apache Airflow

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Pig Provider...

9.8CVSS7.4AI score0.03944EPSS
Exploits0References6
OSV
OSV
added 2026/06/21 4:16 p.m.4 views

ALPINE-CVE-2026-56410

xmlwf in libexpat before 2.8.2 has an integer overflow in resolveSystemId...

6.9CVSS5.8AI score0.0011EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in binutils

It has been discovered that GNU Binutils prior to version 2.40 contains a vulnerability involving excessive memory consumption, caused by the loadseparatedebugfiles function in dwarf2.c. An attacker could provide a crafted ELF file and trigger a DNS attack...

5.5CVSS5.3AI score0.00483EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in Ansible

A flaw was identified in the use of insufficiently random values in Ansible. Two random password lookups of the same length result in the generation of the same value as the template caching action for the same file, since no re-evaluation occurs. The greatest risk posed by this vulnerability is...

5.5CVSS6.5AI score0.00435EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2026/06/19 3:0 a.m.6 views

CVE-2026-56132

In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers...

6.9CVSS6AI score0.00088EPSS
Exploits0
CVE
CVE
added 2026/06/15 8:18 p.m.17 views

CVE-2026-40762

The WPGraphQL WordPress plugin is affected by an unauthenticated SQL Injection in versions earlier than 2.11.1. The issue originates in WPGraphQL

7.5CVSS5.7AI score0.00251EPSS
Exploits0References1
CBLMariner
CBLMariner
added 2026/06/10 2:46 a.m.10 views

CVE-2026-39833 affecting package docker-compose for versions less than 2.27.0-13

CVE-2026-39833 affecting package docker-compose for versions less than 2.27.0-13. A patched version of the package is available...

9.1CVSS5.4AI score0.0036EPSS
Exploits0
EUVD
EUVD
added 2026/06/07 12:31 a.m.11 views

EUVD-2026-34977

clash-verge-service-ipc before 2.3.0 has a world-reachable IPC endpoint, leading to local privilege escalation...

8.4CVSS5.4AI score0.00164EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.9 views

CVE-2026-42798

Little CMS lcms2 2.16 through 2.18 before 2.19 has an integer overflow in ParseCube in cmscgats.c...

4CVSS5.4AI score0.00128EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 9:2 p.m.31 views

CVE-2026-44720 OpenLearnX: Critical Authentication Bypass via JWT Signature Verification Disabled Leading to Account Takeover

OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to 2.0.4, a critical authentication vulnerability was identified in OpenLearnX that could allow unauthorized access to user accounts under specific conditions. This vulnerability is fixed in 2.0.4...

6.9CVSS0.00207EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 7:13 a.m.13 views

EUVD-2026-32108

AgentClienthandlemethod lines 264-303 processes every NATS reply. It calls injectcompilelog line 273 on every response, which reads response'value''result''compilelogid' line 332-338 and passes it to downloadanddeleteblob. Separately, any response containing 'exception' goes through formatexcepti...

6.8CVSS5.8AI score0.00083EPSS
Exploits0References1
CBLMariner
CBLMariner
added 2026/05/23 3:30 p.m.12 views

CVE-2025-51480 affecting package pytorch for versions less than 2.2.2-15

CVE-2025-51480 affecting package pytorch for versions less than 2.2.2-15. A patched version of the package is available...

8.8CVSS7.3AI score0.00578EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2026/05/19 12:0 a.m.10 views

CVE-2026-37281

An OS command injection vulnerability in the /stream-to-vlc Express route in hitarth-gg Zenshin before 2.7.0 allows remote attackers to execute arbitrary commands via the url parameter...

6.1AI score0.01622EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/05/18 1:26 p.m.10 views

NPM: n8n-MCP: Workflow telemetry sanitizer could retain partial values from URL-shaped node parameters

NPM: n8n-MCP: Workflow telemetry sanitizer could retain partial values from URL-shaped node parameters vulnerability discovered by ? in WordPress Npm n8n-mcp versions 2.51.3...

6.5CVSS5.8AI score0.00262EPSS
Exploits0References5Affected Software1
UbuntuCve
UbuntuCve
added 2026/05/13 7:17 p.m.11 views

CVE-2026-43970

Improper Handling of Highly Compressed Data Data Amplification vulnerability in ninenines cowlib allows unauthenticated remote denial of service via memory exhaustion. cowspdy:inflate/2 in cowlib passes peer-supplied compressed bytes directly to zlib:inflate/2 with no output size bound. The SPDY...

8.2CVSS5.8AI score0.00511EPSS
Exploits0References5
NVD
NVD
added 2026/05/08 11:16 p.m.16 views

CVE-2026-42454

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, all Docker container management endpoints in Termix interpolate the containerId URL path parameter and WebSocket message field directly into shell commands execute...

9.9CVSS0.00652EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/08 9:51 p.m.7 views

CVE-2026-42286

Emlog is an open source website building system. Prior to version 2.6.11, missing CSRF protection in critical admin functions allows attackers to trick authenticated administrators into performing unauthorized actions like system registration, plugin management, and configuration changes. This...

8.4CVSS5.7AI score0.00165EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.12 views

PJSIP 信任管理问题漏洞

PJSIP is an open-source, free and open-source multimedia communication library developed in C language. It implements standards-based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Prior to PJSIP version 2.17, there were vulnerabilities related to trust management. These vulnerabilities...

8.2CVSS5.8AI score0.00161EPSS
Exploits0References1
CVE
CVE
added 2026/05/04 5:41 a.m.32 views

CVE-2026-43859

Mutt vulnerability CVE-2026-43859 affects mutt before 2.3.2, where IMAP auth_cram MD5 digest computation may use strfcpy instead of memcpy. Root cause is choosing the wrong string copy function in the digest pathway. Impact (per CVSS 3.1) is Confidentiality: None, Integrity: Low, Availability: No...

3.7CVSS5.8AI score0.00162EPSS
Exploits0References1
Rows per page
Query Builder