Lucene search
K

7147 matches found

NVD
NVD
added 6 days ago7 views

CVE-2026-49145

App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The project-source option blocklist in App::Ack::ConfigLoader does not include...

7.5CVSS0.00329EPSS
Exploits0References2
NVD
NVD
added 6 days ago7 views

CVE-2026-10706

In Adalo’s no-code app builder, Versions 1 and 2 the attackers may extract full user records and correlate user behavior across multiple applications via dbId enumeration. The platform does not implement data minimization, privacy by design, or implement appropriate technical safeguards, allowing...

7.5CVSS0.00303EPSS
Exploits0References1
NVD
NVD
added 6 days ago10 views

CVE-2026-59998

sshd in OpenSSH before 10.4 has an undocumented security-relevant behavior: GSSAPIStrictAcceptorCheck has no value if the server is in Windows Active Directory...

6.5CVSS0.00179EPSS
Exploits0References3
EUVD
EUVD
added 6 days ago16 views

EUVD-2026-42141

sshd in OpenSSH before 10.4 has an undocumented security-relevant behavior: GSSAPIStrictAcceptorCheck has no value if the server is in Windows Active Directory...

4.8CVSS5.9AI score0.00179EPSS
Exploits0References3
Cvelist
Cvelist
added 6 days ago117 views

CVE-2026-59998

sshd in OpenSSH before 10.4 has an undocumented security-relevant behavior: GSSAPIStrictAcceptorCheck has no value if the server is in Windows Active Directory...

4.8CVSS0.00179EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added last week4 views

CVE-2026-58470

GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an integer overflow vulnerability in the parsecontentrange function within src/http.c that allows server-controlled values to cause signed integer arithmetic to overflow. Attackers can supply malicious Content-Range header values to trigg...

6.9CVSS6.1AI score0.00247EPSS
Exploits0References2
EUVD
EUVD
added last week5 views

EUVD-2026-42082

GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an integer overflow vulnerability in the parsecontentrange function within src/http.c that allows server-controlled values to cause signed integer arithmetic to overflow. Attackers can supply malicious Content-Range header values to trigg...

6.9CVSS6.1AI score0.00247EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/07/07 3:16 p.m.8 views

SUSE CVE-2026-42327

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocspresponders returns OCSP responder URLs from a certificate's AIA extension as OpensslString, whose Deref wraps the raw bytes with str::fromutf8unchecked. OpenSSL does not enforce th...

7.5CVSS6AI score0.00211EPSS
Exploits0References9
PyPA
PyPA
added 2026/07/07 2:34 p.m.6 views

Invalid char to bool conversion when printing a tensor

ImpactWhen printing a tensor, we get it's data as a const char array since that's the underlying storage and then we typecast it to the element type. However, conversions from char to bool are undefined if the char is not 0 or 1, so sanitizers/fuzzers will crash. PatchesWe have patched the issue ...

7.5CVSS7.1AI score0.00389EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/07/06 6:58 p.m.4 views

MAL-2026-6887 Malicious code in tailwind-scroller (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 57d21e3f2b10a543d5deb6a3999b78e5414b55ad958ff7811d802cb42386fc8e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/06 3:16 p.m.5 views

CVE-2026-59194

pnpm is a package manager. Prior to 10.34.4 and 11.7.0, a crafted patch entry could resolve outside the configured patches directory and cause pnpm patch-remove to delete an arbitrary reachable file. This vulnerability is fixed in 10.34.4 and 11.7.0...

7.1CVSS6AI score0.00257EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:15 a.m.6 views

CVE-2026-56139

Generation of Error Message Containing Sensitive Information vulnerability in Apache Camel Undertow Component. The camel-undertow HTTP server consumer exposes a muteException option that controls what is returned to the client when a route processing error occurs. This option defaulted to false,...

5.8AI score0.00363EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/07/06 8:3 a.m.4 views

PYSEC-2026-1026 Missing validation results in undefined behavior in `QuantizedConv2D`

Impact The implementation of tf.rawops.QuantizedConv2D does not fully validate the input arguments: python import tensorflow as tf input = tf.constant1, shape=1, 2, 3, 3, dtype=tf.quint8 filter = tf.constant1, shape=1, 2, 3, 3, dtype=tf.quint8 bad args mininput = tf.constant, shape=0,...

5.5CVSS5.9AI score0.00332EPSS
Exploits1References11
OSV
OSV
added 2026/07/06 8:3 a.m.4 views

PYSEC-2026-1032 Missing validation results in undefined behavior in `SparseTensorDenseAdd

Impact The implementation of tf.rawops.SparseTensorDenseAdd does not fully validate the input arguments: python import tensorflow as tf aindices = tf.constant0, shape=17, 2, dtype=tf.int64 avalues = tf.constant, shape=0, dtype=tf.float32 ashape = tf.constant6, 12, shape=2, dtype=tf.int64 b =...

5.5CVSS6.1AI score0.00338EPSS
Exploits1References11
OSV
OSV
added 2026/07/06 8:3 a.m.4 views

PYSEC-2026-955 Undefined behavior when users supply invalid resource handles

Impact Multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid: python import tensorflow as tf tf.rawops.QueueIsClosedV2handle= python import tensorflow as tf tf.summary.flushwriter= In graph mode, it would have been impossible to perform these...

5.5CVSS5.9AI score0.00317EPSS
Exploits1References11
NVD
NVD
added 2026/07/03 7:16 a.m.7 views

CVE-2026-11586

By default, curl automatically responds to WebSocket PING frames. Because curl lacks an upper bound on memory allocation for unacknowledged frames, a malicious server can exhaust all available memory by flooding curl with rapid, sequential PING messages...

7.5CVSS0.0086EPSS
Exploits1References3
EUVD
EUVD
added 2026/07/03 6:13 a.m.7 views

EUVD-2026-41500

By default, curl automatically responds to WebSocket PING frames. Because curl lacks an upper bound on memory allocation for unacknowledged frames, a malicious server can exhaust all available memory by flooding curl with rapid, sequential PING messages...

6AI score0.0086EPSS
Exploits1References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/02 8:51 p.m.5 views

Malicious code in @checkrhq/adjudication-api-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c52d9987ace09f0c48d8b0661bd1fcd3cf4e7e701b5e515810c7f32d99086cf package.json declares a preinstall lifecycle script that runs curl to POST installer reconnaissance data — hostname, current user whoami, working...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/01 8:28 p.m.7 views

Malicious code in ts-eslint-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e5bbed232e0268a791ce846260ce170342eec359bf1a7e84b9514767d77803a1 The package's index.js defines run/fromstr that recursively walk process.cwd and match files named.env, env, id.json, config.json, config.toml,...

6AI score
Exploits0References6
NVD
NVD
added 2026/07/01 8:16 a.m.7 views

CVE-2026-10538

Messaging consumer functionality allows deserialization of user-controlled data without sufficient restriction of allowed object types in the out of support Control-M/Server and Control-M/Enterprise Manager versions 9.0.20.x and potentially earlier. This issue may allow an authenticated attacker ...

8.9CVSS0.00246EPSS
Exploits0References1
Rows per page
Query Builder