Lucene search
K

1086993 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.12 views

RHEL 9 : samba (RHSA-2026:25049)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25049 advisory. Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol,...

9.8CVSS6.1AI score0.12797EPSS
Exploits8References15
Redos
Redos
added 2026/06/10 12:0 a.m.7 views

ROS-20260610-73-0040

The vulnerability of the driveprocessirpread function in the RDP client FreeRDP is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure...

9.8CVSS8.6AI score0.00453EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.16 views

PT-2026-48415

Ghidra before 12.0.4 contains a path traversal vulnerability in the theme import functionality that allows attackers to write files outside the intended theme directory. Attackers can craft malicious theme ZIP files with traversal sequences in filenames to execute arbitrary code or modify sensiti...

8.4CVSS6AI score0.00215EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.30 views

PT-2026-48436

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /waf///rule//save accepts a config file name form field that is passed straight through to config mod.master slave upload and restart... as the destination path. The validati...

9.9CVSS5.5AI score0.00372EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.23 views

dracut project dracut 命令注入漏洞

Dracut is an event-driven initramfs generation tool developed by Dracutdevs. Dracut has a vulnerability related to operating system command injection. This vulnerability arises when remote attackers provide custom DHCP options, which are improperly processed and written into temporary shell...

7.5CVSS6.1AI score0.01131EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.14 views

Fission 安全漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.25.0 contained security vulnerabilities. These vulnerabilities stemmed from a lack of inclusion of CAPSYSTIME in the capability checks during PodSpec security validation. As a result, tenan...

8.5CVSS5.5AI score0.00274EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.12 views

crawlee 代码问题漏洞

Crawlee is an open-source web scraping and browser automation library developed by Apify. Versions of Crawlee from 1.0.0 to 1.7.0 had code vulnerabilities. These vulnerabilities stemmed from URLs generated using site maps, which could lead to server-side request forgeing attacks...

2.3CVSS5.3AI score0.00286EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.18 views

PT-2026-48526

Name of the Vulnerable Software and Affected Versions dracut affected versions not specified Description A flaw in the legacy DHCP path allows a remote attacker on the adjacent network to achieve root code execution within the initramfs initial RAM file system, which is loaded with the kernel at...

7.5CVSS5.8AI score0.01131EPSS
Exploits0References31
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.6 views

RHEL 8 : flatpak (RHSA-2026:25068)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25068 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: Flatpak:...

10CVSS8.3AI score0.0168EPSS
Exploits0References6
Snyk
Snyk
added 2026/06/10 12:0 a.m.9 views

Deserialization of Untrusted Data

Overview org.springframework.graphql:spring-graphql is a GraphQL Support for Spring Applications Affected versions of this package are vulnerable to Deserialization of Untrusted Data via deserialization of pagination-related data in Spring GraphQL. An attacker can achieve remote code execution by...

9.8CVSS6.5AI score0.0043EPSS
Exploits0References3
OSV
OSV
added 2026/06/10 12:0 a.m.18 views

ALSA-2026:25049 Critical: samba security update

Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fixes: samba: Missing access check on reparse point operations...

9.8CVSS6AI score0.12797EPSS
Exploits8References14
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.16 views

PT-2026-48486

Name of the Vulnerable Software and Affected Versions Palo Alto Networks PAN-OS affected versions not specified Description A memory corruption issue occurs during the processing of tunnel traffic. An authenticated user can trigger system reboots by sending a maliciously crafted packet. If these...

6.9CVSS5.3AI score0.00192EPSS
Exploits0References5
NVD
NVD
added 2026/06/09 11:16 p.m.10 views

CVE-2026-44963

A vulnerability allowing remote code execution RCE on the Backup Server by an authenticated domain user...

9.4CVSS0.02042EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 11:5 p.m.9 views

CVE-2026-46517 LMDeploy: Hardcoded trust_remote_code=True is an implicit unsafe remote-code load path with no user opt-out

LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, hardcoded "trustremotecode=True" enables HF supply-chain RCE without user opt-in. At time of publication, there are no publicly available patches...

7.8CVSS5.4AI score0.00148EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 11:5 p.m.22 views

CVE-2026-46517

LMDeploy has a hardcoded trust_remote_code=True path in multiple code locations (e.g., get_model_arch and related calls) that is invoked for every model load. This creates an implicit unsafe remote-code load path when loading HuggingFace models from a repository, with no user opt-out or CLI flag ...

7.8CVSS5.4AI score0.00148EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 11:5 p.m.10 views

EUVD-2026-35874

LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, hardcoded "trustremotecode=True" enables HF supply-chain RCE without user opt-in. At time of publication, there are no publicly available patches...

7.8CVSS5.4AI score0.00148EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 11:5 p.m.36 views

CVE-2026-46517 LMDeploy: Hardcoded trust_remote_code=True is an implicit unsafe remote-code load path with no user opt-out

LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, hardcoded "trustremotecode=True" enables HF supply-chain RCE without user opt-in. At time of publication, there are no publicly available patches...

7.8CVSS0.00148EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 11:5 p.m.7 views

CVE-2026-46432 LMDeploy: Arbitrary code execution via hardcoded trust_remote_code=True in lmdeploy model initialization

LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, LMDeploy is vulnerable to arbitrary code execution through hardcoded "trustremotecode=True" in multiple HuggingFace model-loading call sites. At time of publication, there are no...

7.8CVSS6.2AI score0.00142EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 11:5 p.m.11 views

EUVD-2026-35873

LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, LMDeploy is vulnerable to arbitrary code execution through hardcoded "trustremotecode=True" in multiple HuggingFace model-loading call sites. At time of publication, there are no...

7.8CVSS6.2AI score0.00142EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 11:5 p.m.33 views

CVE-2026-46432

CVE-2026-46432 (LMDeploy) affects lmdeploy

7.8CVSS6.2AI score0.00142EPSS
Exploits0References1
Rows per page
Query Builder