Lucene search
+L

10791 matches found

CVE
CVE
added 2026/06/30 2:30 p.m.19 views

CVE-2026-48192

CVE-2026-48192 affects Mendix Studio Pro across multiple versions (10.x and 11.x) with a flaw where built project files are not properly validated/sanitized during the build pipeline. An attacker could trick a user into opening and running a specially crafted malicious project locally, potentiall...

6.8CVSS6.1AI score0.00193EPSS
Exploits0References1
OSV
OSV
added 2026/06/30 11:29 a.m.3 views

OPENSUSE-SU-2026:21179-1 Security update for lrzip

This update for lrzip fixes the following issues: Changes in lrzip: - Update to version 0.660: Do not clean up thread structures in decompression failure conditions, fixing a use-after-free in lzmadecompressbuf and a NULL pointer dereference in ucompthread on corrupt/malicious archives...

7.8CVSS5.8AI score0.00243EPSS
Exploits3References6
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.14 views

PT-2026-54038

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description Capgo lacks an UPDATE row-level security policy for the build requests table. This missing policy prevents API-key and anonymous access from persisting builder status updates. An attacker can exploi...

5.3CVSS5.8AI score0.00192EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.12 views

PT-2026-53958

Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.9.6 Description A missing authentication flaw exists in the /api/v1/build public tmp/ endpoints. This allows an unauthenticated attacker to use a valid job identifier to read build event data or cancel...

9.1CVSS5.9AI score0.00272EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.19 views

PT-2026-53956

Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.9.3 Description A code injection flaw allows an unauthenticated remote attacker to gain full control over the system without user interaction. This enables the attacker to read all secrets available to...

10CVSS5.9AI score0.00314EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.7 views

RHEL 10 : kernel (RHSA-2026:33486)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:33486 advisory. A special build of the kernel packages for Red Hat Enterprise Linux for NVIDIA. For more details about the security issues, including the...

9.8CVSS7AI score0.96267EPSS
Exploits282References42
NVD
NVD
added 2026/06/29 9:16 p.m.14 views

CVE-2026-34597

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.470, a critical Authenticated Host Remote Code Execution RCE vulnerability was discovered in Coolify. The flaw resides in the handling of user-defined build parameters for the...

8.8CVSS0.00526EPSS
Exploits0References1
CVE
CVE
added 2026/06/29 8:18 p.m.32 views

CVE-2026-34597

CVE-2026-34597 affects Coolify prior to 4.0.0-beta.470. The vulnerability lies in how user-supplied build parameters for the Nixpacks build pack are handled: the install_command provided by a user is directly concatenated into a shell command string executed on the deployment host during the buil...

8.8CVSS6.2AI score0.00526EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/29 8:18 p.m.29 views

CVE-2026-34597 Coolify: Authenticated Host RCE

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.470, a critical Authenticated Host Remote Code Execution RCE vulnerability was discovered in Coolify. The flaw resides in the handling of user-defined build parameters for the...

8.8CVSS0.00526EPSS
Exploits0References1
OSV
OSV
added 2026/06/29 8:18 p.m.4 views

CVE-2026-34597 Coolify: Authenticated Host RCE

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.470, a critical Authenticated Host Remote Code Execution RCE vulnerability was discovered in Coolify. The flaw resides in the handling of user-defined build parameters for the...

8.8CVSS6.3AI score0.00526EPSS
Exploits0References3
NVD
NVD
added 2026/06/29 6:16 p.m.18 views

CVE-2026-57951

Mythic before 3.4.0.60 contains a broken hasura permission filter on the payloadbuildstep table with an always-satisfied or condition that bypasses operation-scoped access controls. Authenticated operators and spectators can query payloadbuildstep to read stepstdout, stepstderr, stepname, and...

7.1CVSS0.00246EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/29 5:20 p.m.34 views

CVE-2026-57951 Mythic < 3.4.0.60 - Broken Permission Filter in payload_build_step Table

Mythic before 3.4.0.60 contains a broken hasura permission filter on the payloadbuildstep table with an always-satisfied or condition that bypasses operation-scoped access controls. Authenticated operators and spectators can query payloadbuildstep to read stepstdout, stepstderr, stepname, and...

7.1CVSS0.00246EPSS
Exploits0References4
CVE
CVE
added 2026/06/29 5:20 p.m.15 views

CVE-2026-57951

Summary: Mythic before 3.4.0.60 contains a broken hasura permission filter on the payload_build_step table with an always-satisfied OR condition that bypasses operation-scoped access controls. This allows authenticated operators and spectators to read fields (step_stdout, step_stderr, step_name, ...

7.1CVSS5.8AI score0.00246EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/06/29 5:20 p.m.5 views

CVE-2026-57951 Mythic < 3.4.0.60 - Broken Permission Filter in payload_build_step Table

Mythic before 3.4.0.60 contains a broken hasura permission filter on the payloadbuildstep table with an always-satisfied or condition that bypasses operation-scoped access controls. Authenticated operators and spectators can query payloadbuildstep to read stepstdout, stepstderr, stepname, and...

7.1CVSS6AI score0.00246EPSS
Exploits0References8
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/29 3:52 p.m.6 views

Security Bulletin: Multiple Vulnerabilities in IBM DevOps Build.

Summary Multiple vulnerabilities were addressed in IBM DevOps Build 7.1.0.4. Vulnerability Details CVEID:CVE-2026-41284 DESCRIPTION: Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M...

9.8CVSS7.4AI score0.01339EPSS
Exploits3Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.6 views

Unauthenticated Remote Code Execution in Langflow via Public Flow Build Endpoint

SummaryThe POST /api/v1/buildpublictmp/flowid/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses attacker-controlled flow data containing arbitrary Python code in node definitions instead of the stored flow...

9.8CVSS8.1AI score0.98191EPSS
Exploits22References14Affected Software1
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-379 Unauthenticated Remote Code Execution in Langflow via Public Flow Build Endpoint

Summary The POST /api/v1/buildpublictmp/flowid/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses attacker-controlled flow data containing arbitrary Python code in node definitions instead of the stored flow...

9.8CVSS6.8AI score0.98191EPSS
Exploits22References14
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.17 views

PT-2026-53669

Name of the Vulnerable Software and Affected Versions Mythic versions prior to 3.4.0.60 Description A broken Hasura permission filter exists on the payload build step table. This issue involves an always-satisfied or condition that bypasses operation-scoped access controls. Consequently,...

7.1CVSS6AI score0.00246EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-44517

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Build breakout using malicious Containerfile and Git Smart HTTP server or GitHub release tar archive CVE-2026-44517 Note that Nessus relies on the presence of t...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/28 6:1 a.m.10 views

Malicious code in @k18n/creatormarketplace-admin-language (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6213acbcf6c562c8a7690e6018490d502d8df9377a2ed85c5bca9d828ed261c8 Package claims the @k18n npm scope used internally by Kuaishou and publishes at version 99.0.0 — the canonical high-version dependency-confusion shap...

5.8AI score
Exploits0References3
Rows per page
Query Builder