Lucene search
K

10652 matches found

Cvelist
Cvelist
added 2026/06/29 5:20 p.m.31 views

CVE-2026-57951 Mythic < 3.4.0.60 - Broken Permission Filter in payload_build_step Table

Mythic before 3.4.0.60 contains a broken hasura permission filter on the payloadbuildstep table with an always-satisfied or condition that bypasses operation-scoped access controls. Authenticated operators and spectators can query payloadbuildstep to read stepstdout, stepstderr, stepname, and...

7.1CVSS0.00246EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/29 3:52 p.m.4 views

Security Bulletin: Multiple Vulnerabilities in IBM DevOps Build.

Summary Multiple vulnerabilities were addressed in IBM DevOps Build 7.1.0.4. Vulnerability Details CVEID:CVE-2026-41284 DESCRIPTION: Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M...

9.8CVSS7.4AI score0.01339EPSS
Exploits3Affected Software1
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-379 Unauthenticated Remote Code Execution in Langflow via Public Flow Build Endpoint

Summary The POST /api/v1/buildpublictmp/flowid/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses attacker-controlled flow data containing arbitrary Python code in node definitions instead of the stored flow...

9.8CVSS6.8AI score0.98412EPSS
Exploits19References14
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.10 views

PT-2026-53669

Name of the Vulnerable Software and Affected Versions Mythic versions prior to 3.4.0.60 Description A broken Hasura permission filter exists on the payload build step table. This issue involves an always-satisfied or condition that bypasses operation-scoped access controls. Consequently,...

7.1CVSS6AI score0.00246EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-44517

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Build breakout using malicious Containerfile and Git Smart HTTP server or GitHub release tar archive CVE-2026-44517 Note that Nessus relies on the presence of t...

6AI score
Exploits0References3
Nuclei
Nuclei
added 2026/06/28 3:8 p.m.94 views

Fortra FileCatalyst Workflow <= v5.1.6 - SQL Injection

A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify application data. Likely impacts include creation of administrative users and deletion or modification of data in the application database. Data exfiltration via SQL injection is not possible using this...

9.8CVSS7.6AI score0.90067EPSS
Exploits5References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/28 6:1 a.m.8 views

Malicious code in @k18n/creatormarketplace-admin-language (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6213acbcf6c562c8a7690e6018490d502d8df9377a2ed85c5bca9d828ed261c8 Package claims the @k18n npm scope used internally by Kuaishou and publishes at version 99.0.0 — the canonical high-version dependency-confusion shap...

5.8AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/26 11:18 p.m.27 views

pnpm: Manifest identity spoof satisfies allowBuilds and runs attacker lifecycle

Summary Keep build approval for opaque dependency sources byte-exact for GHSA-5wx6-mg75-v57r / CAND-PNPM-123. Merged upstream commit bf1b731ee6 fixed the original name-only approval bypass by making build policy consume the resolved dependency identity. One collision remained: the generic...

8.8CVSS5.8AI score0.00118EPSS
Exploits1References6Affected Software1
Snyk
Snyk
added 2026/06/26 11:18 p.m.6 views

Unsafe Dependency Resolution

Overview pnpm is a Fast, disk space efficient package manager Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the approval process for dependency sources. An attacker can execute unauthorized code during the build lifecycle by crafting a dependency source...

8.8CVSS5.9AI score0.00118EPSS
Exploits1References4
Snyk
Snyk
added 2026/06/26 11:18 p.m.5 views

Unsafe Dependency Resolution

Overview @pnpm/building.policy is a Create a function for filtering out dependencies that are not allowed to be built Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the approval process for dependency sources. An attacker can execute unauthorized code during...

8.8CVSS5.8AI score0.00118EPSS
Exploits1References4
NVD
NVD
added 2026/06/26 2:17 p.m.12 views

CVE-2026-53914

In JetBrains Kotlin before 2.4.20 code execution was possible via unsafe deserialization in the build cache metadata...

9.8CVSS0.00196EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 1:1 p.m.36 views

CVE-2026-53914

In JetBrains Kotlin before 2.4.20 code execution was possible via unsafe deserialization in the build cache metadata...

6.7CVSS0.00196EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 1:1 p.m.142 views

CVE-2026-53914

CVE-2026-53914 affects JetBrains Kotlin prior to 2.4.20, where unsafe deserialization in the build cache metadata allows code execution. The NVD notes a high-severity, network-vector vulnerability with critical impact to confidentiality, integrity, and availability; local context in CVSS from CNA...

9.8CVSS6.2AI score0.00196EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/26 7:9 a.m.6 views

CVE-2026-54232

A flaw was found in vLLM, an inference and serving engine for large language models LLMs. This vulnerability, a dependency confusion attack, allows a remote attacker to execute arbitrary code with root privileges during the Docker build process. By exploiting this, an attacker can compromise the...

8.8CVSS6.1AI score0.00304EPSS
Exploits1References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 1:42 a.m.10 views

Malicious code in animatecss-postcss-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6be12cec08d0999c157774b746c3e431825ae61635bb8ddddf36061d4602cec7 [email protected] ships a tiny PostCSS plugin factory whose body contains an obfuscator.io-style string-array + RC4 decoder functions...

5.9AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.12 views

PT-2026-52700

Name of the Vulnerable Software and Affected Versions JetBrains Kotlin versions prior to 2.4.20 Description Unsafe deserialization in the build cache metadata allows for remote code execution. Deserialization is the process of converting a data format, such as JSON or XML, back into an object tha...

9.8CVSS6.1AI score0.00196EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/25 7:25 p.m.11 views

Security Bulletin: Due to the use of IBM Db2, IBM Cloud Pak System is affected by multiple vulnerabilities

Summary Vulnerabilities found in IBM Db2 LUW that affect Foundation and IBM Tivoli Monitoring ITM pattern Types pTypes shipped with IBM Cloud Pak System. Vulnerabilities were addressed in IBM Cloud Pak System. IBM Cloud Pak System v2.3.6.0 has updated Foundation and ITM pTypes to Foundation versi...

7.5CVSS6AI score0.00384EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/25 5:33 p.m.3 views

Security Bulletin: Unauthenticated Access to Private Flow Build Events and Cancellation in Langflow OSS

Summary Langflow OSS contains unauthenticated access vulnerability in /api/v1/buildpublictmp/ router endpoints allowing arbitrary jobid access without authentication or authorization checks. Two endpoints affected: 1 GET /buildpublictmp/jobid/events chat.py:758 streams live build events for any...

9.1CVSS6.1AI score0.00272EPSS
Exploits0Affected Software1
Debian CVE
Debian CVE
added 2026/06/25 8:39 a.m.4 views

CVE-2026-53195

In the Linux kernel, the following vulnerability has been resolved: USB: serial: ioti: fix heap overflow in buildi2cfwhdr buildi2cfwhdr allocates a fixed-size buffer of 161024 - 512 + sizeofstruct tii2cfirmwarerec bytes, then copies le16tocpuimgheader-Length bytes into it without validating that...

7.8CVSS5.9AI score0.00153EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.15 views

PT-2026-52511

Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description A trust-chain bypass exists in the OpenSSL compatibility certificate verifier function wolfSSL X509 verify cert. This issue occurs in builds configured with --enable-opensslextra when an...

8.2CVSS5.8AI score0.00145EPSS
Exploits0References6
Rows per page
Query Builder