Lucene search
+L

10791 matches found

CVE
CVE
added 4 days ago14 views

CVE-2026-26032

Summary of CVE-2026-26032 (Apache Ivy): The PackagerResolver can repack downloaded artifacts via an Ant script in a subdirectory of buildRoot. If any Ivy coordinates contain "../" sequences, an attacker who can access a packager repository can escape the buildRoot and overwrite other files. The i...

5.4CVSS6.1AI score0.00583EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-44763

The PackagerResolver of Apache Ivy is able to download online artifacts and to repackage them in a format defined by a packager.xml file. This repackaging is done by an Ant script, which is stored in a subdirectory of the configured "buildRoot" directory. This subdirectory is calculated based on...

5.4CVSS6.1AI score0.00583EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 4 days ago5 views

SUSE SLES16 Security Update : rust-keylime (SUSE-SU-2026:22583-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:22583-1 advisory. Update to version 0.2.9+49. Security issues fixed: - CVE-2026-41676: openssl: Deriver:derive and PkeyCtxRef:derive can overflow...

9.3CVSS5.8AI score0.00359EPSS
Exploits0References26
OSV
OSV
added 5 days ago5 views

MAL-2026-10613 Malicious code in ethereum-lib-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58bddf420dcb894a940b62fba777628f0c3a9d31dd7fa915afaea618c1914d52 Package [email protected] impersonates the widely-used ethereumjs-util library: the package name, README badge, repository, homepage, and auth...

6.2AI score
Exploits0References2
Microsoft KB
Microsoft KB
added 5 days ago242 views

June 9, 2026—KB5095051 (OS Build 28000.2269)

None None...

9.8CVSS6.8AI score0.02797EPSS
Exploits2
Microsoft KB
Microsoft KB
added 5 days ago11 views

July 14, 2026—KB5099540 (OS Build 20348.5386)

None None...

9.8CVSS6.1AI score0.02545EPSS
Exploits0
Microsoft KB
Microsoft KB
added 5 days ago11 views

July 14, 2026—KB5099536 (OS Build 26100.33158)

None None...

9.8CVSS6.1AI score0.02545EPSS
Exploits0
Microsoft KB
Microsoft KB
added 5 days ago10 views

July 14, 2026—KB5099538 (OS Build 17763.9020)

None None...

9.8CVSS6.1AI score0.01751EPSS
Exploits0
Microsoft KB
Microsoft KB
added 5 days ago8 views

July 14, 2026—KB5099535 (OS Build 14393.9339)

None None...

9.8CVSS6.1AI score0.02287EPSS
Exploits0
Microsoft KB
Microsoft KB
added 5 days ago9 views

July 14, 2026—KB5099414 (OS Build 22631.7376)

None None...

9.8CVSS6.1AI score0.00816EPSS
Exploits0
Microsoft KB
Microsoft KB
added 5 days ago7 views

July 14, 2026-KB5101014 Cumulative Update for .NET Framework 3.5 for Windows 11, version 26H1 (build 28000) and later

None None...

8.1CVSS6.1AI score0.01579EPSS
Exploits0
The Hacker News
The Hacker News
added 5 days ago14 views

Grok Build Uploaded Entire Git Repositories to xAI Storage, Not Just Files It Read

xAI's Grok Build coding CLI was uploading entire Git repositories, full commit history and all, to a Google Cloud Storage bucket run by xAI, not just the files a coding task needed. A researcher publishing as cereblab, testing version 0.2.93, captured one of those uploads, cloned the git bundle o...

6.2AI score
Exploits0
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-43554

FlashAttention through 2.8.3.post1, fixed in commit 0816ef1, contains a symlink attack vulnerability in the downloadandcopy function within hopper/setup.py that extracts NVIDIA toolchain archives without validating symlinks or filtering tar members. A local attacker can pre-plant a symlink in the...

6.6CVSS6.2AI score0.00129EPSS
Exploits0References5
NVD
NVD
added 6 days ago8 views

CVE-2026-62239

FlashAttention through 2.8.3.post1, fixed in commit 0816ef1, contains a symlink attack vulnerability in the downloadandcopy function within hopper/setup.py that extracts NVIDIA toolchain archives without validating symlinks or filtering tar members. A local attacker can pre-plant a symlink in the...

6.6CVSS0.00129EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-62239 FlashAttention Symlink Attack via tarfile.extractall in hopper/setup.py

FlashAttention through 2.8.3.post1, fixed in commit 0816ef1, contains a symlink attack vulnerability in the downloadandcopy function within hopper/setup.py that extracts NVIDIA toolchain archives without validating symlinks or filtering tar members. A local attacker can pre-plant a symlink in the...

6.6CVSS0.00129EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 6 days ago4 views

CVE-2026-62239

FlashAttention through 2.8.3.post1, fixed in commit 0816ef1, contains a symlink attack vulnerability in the downloadandcopy function within hopper/setup.py that extracts NVIDIA toolchain archives without validating symlinks or filtering tar members. A local attacker can pre-plant a symlink in the...

6.6CVSS6.2AI score0.00129EPSS
Exploits0References5
CVE
CVE
added 6 days ago11 views

CVE-2026-62239

FlashAttention (up to 2.8.3.post1) contains a symlink attack in hopper/setup.py: download_and_copy() extracts NVIDIA toolchain archives without validating symlinks or filtering tar members. A local attacker can plant a predictable symlink in the cache to redirect extracted binaries to a chosen lo...

6.6CVSS6.2AI score0.00129EPSS
Exploits0References4
NVD
NVD
added 6 days ago4 views

CVE-2026-55773

CedarJava is an open source Java implementation of the Cedar policy language, used for fine-grained authorization decisions. In versions prior to 2.3.6, 3.4.1 and 4.9.0, under certain circumstances, improper input handling could allow Cedar-expression injection via unescaped toCedarExpr. The...

8.8CVSS0.00294EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago6 views

Security Bulletin: Vulnerability in bytes bundled with IBM Fusion, IBM Fusion HCI, and IBM Fusion Content-Aware Storage

Summary IBM Fusion, IBM Fusion HCI, and IBM Fusion Content-Aware Storage include the bytes library, which is affected by an integer overflow vulnerability. CVE-2026-25541 Vulnerability Details CVEID:CVE-2026-25541 DESCRIPTION: Bytes is a utility library for working with bytes. From version 1.2.1 ...

7.5CVSS6AI score0.00559EPSS
Exploits1Affected Software2
OSV
OSV
added 6 days ago4 views

OPENSUSE-SU-2026:21333-1 Security update for nasm

This update for nasm fixes the following issues - CVE-2026-6067: heap buffer overflow vulnerability due to a lack of bounds checking in the objdirective function bsc1261986. - CVE-2026-6068: heap use after free vulnerability in response file processing bsc1261985. Changes for nasm: - Update to...

9.6CVSS6.1AI score0.00414EPSS
Exploits2References4
Rows per page
Query Builder