Lucene search
K

447 matches found

Snyk
Snyk
added 2026/07/08 6:47 p.m.8 views

Inefficient Algorithmic Complexity

Overview js-yaml is a human-friendly data serialization language. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in the merge key handling during YAML parsing, where each mapping in a chain re-enumerates the keys inherited from the previous mapping. An...

8.2CVSS6.5AI score0.0037EPSS
Exploits2References2
Snyk
Snyk
added 2026/07/08 6:46 p.m.6 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the safeurl process. An attacker can inject malicious URLs into rendered href and src attributes by crafting links that use legacy or chained schemes, potentially leading to script execution in affected user...

6.1CVSS6.1AI score0.00198EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/07/08 4:20 p.m.35 views

CVE-2026-59929 Mistune renderers/html.safe_url: HARMFUL_PROTOCOLS list misses legacy and chained schemes that historically chain to `javascript:` execution

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the safeurl filter in src/mistune/renderers/html.py blocks only javascript:, vbscript:, file:, and data: schemes, allowing legacy or chained schemes such as feed:, view-source:, jar:, livescript:, mocha:, ms-its:, mk:...

6.1CVSS0.00198EPSS
Exploits1References3
CVE
CVE
added 2026/07/08 4:20 p.m.11 views

CVE-2026-59929

Mistune is a Python Markdown parser. CVE-2026-59929 affects the safe_url filter in src/mistune/renderers/html.py prior to version 3.3.0, which blocks only javascript:, vbscript:, file:, and data: schemes. This allowed legacy or chained schemes such as feed:, view-source:, jar:, livescript:, mocha...

6.1CVSS6AI score0.00198EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/07/08 4:20 p.m.4 views

CVE-2026-59929 Mistune renderers/html.safe_url: HARMFUL_PROTOCOLS list misses legacy and chained schemes that historically chain to `javascript:` execution

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the safeurl filter in src/mistune/renderers/html.py blocks only javascript:, vbscript:, file:, and data: schemes, allowing legacy or chained schemes such as feed:, view-source:, jar:, livescript:, mocha:, ms-its:, mk:...

6.1CVSS6.2AI score0.00198EPSS
Exploits1References5
NVD
NVD
added 2026/07/08 4:16 p.m.8 views

CVE-2026-59869

js-yaml is a JavaScript YAML parser and dumper. From 3.0.0 before 3.15.0 and from 4.0.0 before 4.3.0, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys where each mapping merges the previous one. This issue is fixed in...

7.5CVSS0.0037EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/06/30 3:1 a.m.12 views

CVE-2026-53404

A flaw was found in Apache Tomcat's rewrite valve. This vulnerability involves an incorrect control flow implementation where, during the processing of rewrite rules, if the first condition in an OR chain matched, subsequent non-OR conditions were unexpectedly skipped. This can lead to unintended...

7.3CVSS5.7AI score0.00413EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/20 11:24 p.m.14 views

Malicious code in requests-enhancer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0f61f1a905e0ec1bb593f7b20d4f9a8a9e72deeb16440f72acbcaf00aeab1cd On import requestsenhancer, the package's init.py spawns a daemon thread that runs pip install...

6.7AI score
Exploits0References5
OSV
OSV
added 2026/06/20 11:24 p.m.19 views

MAL-2026-6247 Malicious code in requests-enhancer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0f61f1a905e0ec1bb593f7b20d4f9a8a9e72deeb16440f72acbcaf00aeab1cd On import requestsenhancer, the package's init.py spawns a daemon thread that runs pip install...

6.7AI score
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/03 1:28 p.m.6 views

CVE-2026-47324

ProjectsAndPrograms school-management-system is vulnerable to Stored Cross‑Site Scripting XSS in multiple attributes of students and teachers objects. An authorized attacker e.g., a teacher or administrator can inject malicious JavaScript that is subsequently executed in other users’ browsers...

5.1CVSS6.1AI score0.00291EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/05/28 7:44 p.m.30 views

CVE-2026-42399

CVE-2026-42399 describes an Uncontrolled Resource Consumption (CWE-400) vulnerability in Kibana where an authenticated, low-privilege user can trigger a denial of service by submitting a specially crafted Timelion visualization expression with deeply chained function calls. This causes an exponen...

6.5CVSS5.8AI score0.00296EPSS
Exploits0References1Affected Software1
GithubExploit
GithubExploit
added 2026/05/23 8:25 p.m.120 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Ipados

dyld-signing-oracle-poc A controlled exploration of dyld's pa...

7.8CVSS6AI score0.01319EPSS
Exploits4
GithubExploit
GithubExploit
added 2026/05/16 10:32 p.m.100 views

bug-bounty-reports

Bug Bounty Reports — Josef Basner Sanitized, redacted, resp...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI that is open source. Versions of Open WebUI prior to 0.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the model combination feature: the access control pipeline only verified users’ access...

7.6CVSS5.9AI score0.00248EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/28 1:13 p.m.6 views

CVE-2026-40552

mpGabinet is vulnerable to Remote Command Execution. An authorized user with access to the application and direct access to the backend database can achieve system command execution by uploading an attachment and modifying its storage path in the database to reference an attacker-controlled remot...

8.4CVSS5.8AI score0.00286EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.10 views

BinSoft mpGabinet 安全漏洞

BinSoft mpGabinet is a medical clinic management system developed by the Polish company BinSoft. Versions of BinSoft mpGabinet prior to December 23, 2021, contained security vulnerabilities. These vulnerabilities were due to issues with remote command execution, which could allow authorized users...

4.7CVSS5.9AI score0.00286EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/24 12:31 a.m.9 views

EUVD-2026-25323

OpenClaw before 2026.4.2 exposes configPath and stateDir metadata in Gateway connect success snapshots to non-admin authenticated clients. Non-admin clients can recover host-specific filesystem paths and deployment details, enabling host fingerprinting and facilitating chained attacks...

5.3CVSS5.8AI score0.00283EPSS
Exploits0References4
OSV
OSV
added 2026/04/24 12:31 a.m.8 views

GHSA-R7P2-R9G4-4XPH Duplicate Advisory: OpenClaw: Gateway hello snapshots exposed host config and state paths to non-admin clients

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2f7j-rp58-mr42. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.2 exposes configPath and stateDir metadata in Gateway connect success snapshots to non-admin...

5.3CVSS5.7AI score0.00283EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.14 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an integer underflow under the stmmac chained mode. This vulnerability could lead to arbitrary...

9.8CVSS6AI score0.00406EPSS
Exploits0References2
NVD
NVD
added 2026/04/23 10:16 p.m.11 views

CVE-2026-41339

OpenClaw before 2026.4.2 exposes configPath and stateDir metadata in Gateway connect success snapshots to non-admin authenticated clients. Non-admin clients can recover host-specific filesystem paths and deployment details, enabling host fingerprinting and facilitating chained attacks...

5.3CVSS0.00283EPSS
Exploits0References3
Rows per page
Query Builder