Lucene search
K

2236 matches found

EUVD
EUVD
added yesterday6 views

EUVD-2026-43495

Buffer overflow vulnerability has been found in "extension/readdir.c" program file of gawk ftype routine. This issue could be used to crash the program and potentially to achieve code execution, although the latter has not been confirmed to be feasible. It affects gawk in versions 5.4.0 and below...

7.5CVSS6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago6 views

Malicious code in cookie-parser-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c6c2bd7c1b5b363e72753401f6edebf816965a625227e6523210e4620ce9bb8a cookie-parser-js impersonates the widely used cookie-parser package: it copies TJ Holowaychuk / Doug Wilson author metadata, the description, the...

6.6AI score
Exploits0References7
NVD
NVD
added 6 days ago8 views

CVE-2026-56273

Flowise before 3.1.0 contains a path traversal vulnerability in Faiss and SimpleStore vector store implementations that accept unsanitized basePath parameters from authenticated users. Attackers with valid API tokens can write vector store data to arbitrary filesystem locations, potentially...

6.5CVSS0.0033EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 6 days ago9 views

kernel: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache

A flaw was found in the Linux kernel's NFSv4.0 server nfsd. A remote, unauthenticated attacker can exploit this heap overflow vulnerability in the NFSv4.0 LOCK replay cache. By using two cooperating NFSv4.0 clients, where one sets a lock with a large owner string and another requests a conflictin...

9.8CVSS6.6AI score0.0049EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.10 views

PT-2026-56272

Name of the Vulnerable Software and Affected Versions DBI versions prior to 1.650 Description Code injection is possible via a caller-influenced Profile attribute. When a string is assigned to this attribute, the software splits it into path, package, and arguments, then interpolates the package...

8.8CVSS6.6AI score0.00498EPSS
Exploits0References14
RedhatCVE
RedhatCVE
added 2026/07/06 8:56 p.m.5 views

CVE-2026-8925

A flaw was found in curl. The logic handling SASL Simple Authentication and Security Layer authentication could lead to a double-free vulnerability. This occurs because the GSASL context may be deallocated twice without clearing the pointer, potentially leading to memory corruption. An attacker...

9.8CVSS6AI score0.0108EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/07/06 1:58 p.m.6 views

CVE-2026-50015

A flaw was found in pnpm. An attacker can exploit this by contributing a malicious patch file through a pull request. During the pnpm install process, the patch application pipeline fails to validate file paths extracted from these patch files. This allows the attacker to write or delete arbitrar...

7.3CVSS6.5AI score0.0027EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/07/06 8:24 a.m.33 views

CVE-2026-43867 Apache Camel: Camel-PQC: The AWS Secrets Manager key-lifecycle manager deserializes persisted key metadata with java.io.ObjectInputStream and no ObjectInputFilter

Deserialization of Untrusted Data vulnerability in Apache Camel PQC Component. The camel-pqc component persists post-quantum key metadata KeyMetadata through pluggable KeyLifecycleManager implementations. AwsSecretsManagerKeyLifecycleManager.deserializeMetadata reads that metadata back from the...

0.00691EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.9 views

PT-2026-55895

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.18.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.x Description Deserialization of untrusted data in the Apache Camel PQC component occurs when HashicorpVaultKeyLifecycleManager,...

8.8CVSS6.7AI score0.00485EPSS
Exploits0References5
OSV
OSV
added 2026/07/04 6:38 a.m.8 views

MGASA-2026-0234 Updated yt-dlp packages fix security vulnerabilities

CVE-2026-50019 If curl is used as an external downloader for yt-dlp, cookies may be leaked to an unintended host upon HTTP redirect or when the host for download fragments differs from their parent manifest's. CVE-2026-50023 A vulnerability exists in yt-dlp that allows a remote attacker to write...

9.6CVSS6.5AI score0.00555EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.5 views

Mozilla Firefox < 152.0.4

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 152.0.4. It is, therefore, affected by a vulnerability as referenced in the mfsa2026-62 advisory. - Memory safety bugs present in Firefox 152.0.3. Some of these bugs showed evidence of memory corruption and we presu...

9.8CVSS6.2AI score0.00232EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 11:16 p.m.4 views

CVE-2025-71371

picklescan before 0.0.29 fails to detect malicious pickle files using code.InteractiveInterpreter.runcode in reduce methods. Attackers can craft pickle payloads that bypass picklescan detection and execute arbitrary code when loaded via pickle.load...

8.1CVSS0.00499EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 6:25 p.m.4 views

GHSA-FJQC-HQ36-QH5P LangGraph Checkpoint: Unsafe JSON deserialization in checkpoint loading

Summary LangGraph's JsonPlusSerializer can reconstruct Python objects from JSON checkpoint payloads. Under conditions where someone could modify checkpoint bytes at rest in the backing store, the deserialization path could reconstruct objects beyond what the application expects, which could in tu...

6.8CVSS6.4AI score0.00232EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/25 6:2 p.m.6 views

CVE-2026-53078

A flaw was found in the Linux kernel's Berkeley Packet Filter BPF socket operations sockops program. When a BPF sockops program accesses context fields with the same destination and source registers, certain macros fail to properly clear the destination register. This can lead to a...

7.8CVSS6.2AI score0.00112EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability in busybox

A flaw was discovered in BusyBox. Incomplete path sanitization in its archive extraction utilities allows attackers to create malicious archives. When these archives are extracted, and under certain conditions, they may write to files outside of the intended directory. This can lead to arbitrary...

7CVSS7.6AI score0.00682EPSS
Exploits2References2
Github Security Blog
Github Security Blog
added 2026/06/23 9:21 p.m.97 views

jackson-databind has a PolymorphicTypeValidator bypass via generic type parameters that allows arbitrary class instantiation

jackson-databind's PolymorphicTypeValidator PTV is the primary safety mechanism guarding polymorphic deserialization. When polymorphic typing is enabled and a type identifier contains generic parameters i.e. the type ID string contains when only java.util.ArrayList is allow-listed. The container...

8.1CVSS6.2AI score0.00617EPSS
Exploits1References4Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/06/23 12:12 p.m.5 views

CVE-2026-56258

Crawl4AI before 0.8.8 contains an arbitrary file write vulnerability in the screenshot and PDF endpoints that allows unauthenticated attackers to write files outside the intended directory via symlink and time-of-check-time-of-use TOCTOU attacks on the outputpath parameter. Remote attackers can...

9.2CVSS6.5AI score0.00656EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/22 3:17 a.m.9 views

firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume...

8.1CVSS5.9AI score0.00407EPSS
Exploits0References6
Snyk
Snyk
added 2026/06/21 3:13 p.m.4 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the cProfile.runctx function in pickle file reduce methods. An attacker can execute arbitrary code by...

8.1CVSS6.2AI score0.00338EPSS
Exploits1References2
OSV
OSV
added 2026/06/17 2:44 p.m.4 views

SUSE-SU-2026:2437-1 Security update for wireshark

This update for wireshark fixes the following issues - CVE-2026-5405: RDP dissector crash bsc1263767. - CVE-2026-5656: Profile import crash and possible code execution bsc1263809...

7.8CVSS6.2AI score0.0018EPSS
Exploits2References5
Rows per page
Query Builder