Lucene search
K

1138 matches found

ATTACKERKB
ATTACKERKB
added 6 days ago5 views

CVE-2026-59926

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, renderadmonition in src/mistune/directives/admonition.py concatenates the Admonition directive :class: option into the HTML class attribute without escaping, allowing attribute injection and cross-site scripting even...

5.3CVSS5.8AI score0.00191EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/07/07 10:17 a.m.4 views

PYSEC-2026-971 Tensorflow vulnerable to Out-of-Bounds Read

Impact When the BaseCandidateSamplerOp function receives a value in trueclasses larger than rangemax, a heap oob vuln occurs. python tf.rawops.ThreadUnsafeUnigramCandidateSampler trueclasses=0x100000,1, numtrue = 2, numsampled = 2, unique = False, rangemax = 2, seed = 2, seed2 = 2 Patches We have...

6.8CVSS5.9AI score0.0038EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2026/07/07 9:20 a.m.7 views

CVE-2026-33264

A bug in BaseSerialization.deserialize allowed unrestricted importstring of attacker-controlled class paths when the Scheduler / API Server loaded a serialized DAG: a DAG author could embed a malicious trigger into a DAG to gain remote code execution on the API Server / Scheduler process, crossin...

9.8CVSS6.7AI score0.01649EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/07/07 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-12252

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and...

10CVSS7.7AI score0.00809EPSS
Exploits4References3
RedhatCVE
RedhatCVE
added 2026/07/06 2:1 p.m.6 views

CVE-2026-14759

A flaw was found in radareorg radare2. A local attacker can perform a manipulation in the RBinJava Line Number Table Parser component, specifically within the rbinjavainnerclassesattrcalcsize function. This can lead to a heap-based buffer overflow, resulting in a denial of service. Mitigation...

7.8CVSS5.9AI score0.00153EPSS
Exploits1References10
NVD
NVD
added 2026/07/05 4:19 p.m.9 views

CVE-2026-14759

A security flaw has been discovered in radareorg radare2 up to 6.1.6. This issue affects the function rbinjavainnerclassesattrcalcsize of the file shlr/java/class.c of the component RBinJava Line Number Table Parser. Performing a manipulation results in heap-based buffer overflow. The attack...

7.8CVSS0.00153EPSS
Exploits1References7
OSV
OSV
added 2026/07/05 4:19 p.m.4 views

UBUNTU-CVE-2026-14759

A security flaw has been discovered in radareorg radare2 up to 6.1.6. This issue affects the function rbinjavainnerclassesattrcalcsize of the file shlr/java/class.c of the component RBinJava Line Number Table Parser. Performing a manipulation results in heap-based buffer overflow. The attack...

7.8CVSS6AI score0.00153EPSS
Exploits1References10
Cvelist
Cvelist
added 2026/07/05 3:15 p.m.35 views

CVE-2026-14759 radareorg radare2 RBinJava Line Number Table class.c r_bin_java_inner_classes_attr_calc_size heap-based overflow

A security flaw has been discovered in radareorg radare2 up to 6.1.6. This issue affects the function rbinjavainnerclassesattrcalcsize of the file shlr/java/class.c of the component RBinJava Line Number Table Parser. Performing a manipulation results in heap-based buffer overflow. The attack...

4.8CVSS0.00153EPSS
Exploits1References7
Debian CVE
Debian CVE
added 2026/07/05 3:15 p.m.6 views

CVE-2026-14759

A security flaw has been discovered in radareorg radare2 up to 6.1.6. This issue affects the function rbinjavainnerclassesattrcalcsize of the file shlr/java/class.c of the component RBinJava Line Number Table Parser. Performing a manipulation results in heap-based buffer overflow. The attack...

7.8CVSS6.1AI score0.00153EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2026/07/05 3:15 p.m.8 views

CVE-2026-14759

A security flaw has been discovered in radareorg radare2 up to 6.1.6. This issue affects the function rbinjavainnerclassesattrcalcsize of the file shlr/java/class.c of the component RBinJava Line Number Table Parser. Performing a manipulation results in heap-based buffer overflow. The attack...

4.8CVSS6.1AI score0.00153EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2026/07/05 3:15 p.m.6 views

CVE-2026-14759 radareorg radare2 RBinJava Line Number Table class.c r_bin_java_inner_classes_attr_calc_size heap-based overflow

A security flaw has been discovered in radareorg radare2 up to 6.1.6. This issue affects the function rbinjavainnerclassesattrcalcsize of the file shlr/java/class.c of the component RBinJava Line Number Table Parser. Performing a manipulation results in heap-based buffer overflow. The attack...

4.8CVSS5.9AI score0.00153EPSS
Exploits1References9
EUVD
EUVD
added 2026/07/05 3:15 p.m.10 views

EUVD-2026-41769

A security flaw has been discovered in radareorg radare2 up to 6.1.6. This issue affects the function rbinjavainnerclassesattrcalcsize of the file shlr/java/class.c of the component RBinJava Line Number Table Parser. Performing a manipulation results in heap-based buffer overflow. The attack...

4.8CVSS6.1AI score0.00153EPSS
Exploits1References7
AlpineLinux
AlpineLinux
added 2026/07/05 3:15 p.m.6 views

CVE-2026-14759

A security flaw has been discovered in radareorg radare2 up to 6.1.6. This issue affects the function rbinjavainnerclassesattrcalcsize of the file shlr/java/class.c of the component RBinJava Line Number Table Parser. Performing a manipulation results in heap-based buffer overflow. The attack...

7.8CVSS5.9AI score0.00153EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.11 views

PT-2026-53944

Name of the Vulnerable Software and Affected Versions IBM WebSphere Extreme Scale versions 8.6.1.0 through 8.6.1.6 Description Approximately 50 CORBA stub classes within the ogclient.jar file call the ORB.string to object function using an attacker-controlled IOR string during Java deserializatio...

10CVSS6.6AI score0.03415EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/25 2:19 a.m.7 views

SUSE CVE-2026-54512

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4, and 3.1.4, jackson-databind's PolymorphicTypeValidator PTV is the primary safety mechanism guarding polymorphic deserialization. When polymorphic...

8.1CVSS5.8AI score0.00617EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.13 views

PT-2026-51444

Name of the Vulnerable Software and Affected Versions Spinnaker versions prior to 2026.1.0 Spinnaker versions prior to 2026.0.3 Spinnaker versions prior to 2025.4.4 Spinnaker versions prior to 2025.3.3 Description Unsafe YAML processing bypasses safe deserialization during CloudFormation...

8.8CVSS6.6AI score0.01001EPSS
Exploits0References7
FreeBSD
FreeBSD
added 2026/06/17 12:0 a.m.10 views

mail/mailpit -- Incomplete SSRF protection in Link Check API via uncovered IPv6 forms

Mailpit authorreports: The tools.IsInternalIP deny-list relies on Go's stdlib classification helpers IsLoopback, IsPrivate, IsLinkLocalUnicast, IsLinkLocalMulticast, IsUnspecified, IsMulticast plus an inline CGNAT range, but those helpers do not match two classes of IPv6 address that should be...

5.8CVSS5.3AI score0.00282EPSS
Exploits0References1
OSV
OSV
added 2026/06/12 12:26 p.m.10 views

OESA-2026-2655 bind security update

BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...

7.5CVSS5.5AI score0.0181EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/11 5:4 a.m.14 views

EUVD-2026-36212

Spring for GraphQL applications are vulnerable to Unsafe Deserialization when processing paginated GraphQL queries. An attacker can craft a malicious GraphQL request that can lead to Remote Code Execution when the application exposes a paginated Connection field and the classpath contains specifi...

8.1CVSS5.7AI score0.0043EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/10 3:39 p.m.8 views

Spring Boot: Spring Boot: Remote code execution via timing attack in DevTools remote secret comparison

A flaw was found in Spring Boot. An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about a remote secret. In extreme circumstances, this could allow the attacker to determine the secret and upload changed classes, leading to...

7.5CVSS6.2AI score0.00262EPSS
Exploits0References5
Rows per page
Query Builder