Lucene search
K

1086352 matches found

OSV
OSV
added 2026/06/18 3:11 p.m.3 views

MINI-84HW-RMGH-9M3V

Bulletin has no description...

10CVSS5AI score0.00285EPSS
Exploits0
OSV
OSV
added 2026/06/18 3:7 p.m.4 views

MINI-WPQV-82XP-97FV

Bulletin has no description...

10CVSS4.9AI score0.00218EPSS
Exploits0
Snyk
Snyk
added 2026/06/18 3:4 p.m.6 views

Improper Restriction of Rendered UI Layers or Frames

Overview Affected versions of this package are vulnerable to Improper Restriction of Rendered UI Layers or Frames via the NbconvertFileHandler and NbconvertPostHandler classes when rendering user-authored notebook HTML without a proper sandbox directive in the Content-Security-Policy. An attacker...

9.3CVSS6.7AI score0.00227EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/18 3:4 p.m.22 views

Jupyter Server: Stored XSS in `NbconvertFileHandler` / `NbconvertPostHandler` via missing `sandbox` CSP

The nbconvert HTTP handlers in jupyterserver render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy. Combined with nbconvert.HTMLExporter's default non-sanitizing behavior, a notebook carrying an HTML payload in a displaydata outpu...

9.3CVSS5.3AI score0.00227EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/18 2:52 p.m.4 views

MINI-97H9-956F-MMC3

Bulletin has no description...

9.1CVSS4.9AI score0.00338EPSS
Exploits0
OSV
OSV
added 2026/06/18 2:52 p.m.3 views

MINI-5V95-JF79-M8HG

Bulletin has no description...

9.1CVSS4.9AI score0.005EPSS
Exploits0
OSV
OSV
added 2026/06/18 2:51 p.m.3 views

MINI-Q7V9-CWXC-6969

Bulletin has no description...

9.8CVSS6.5AI score0.00472EPSS
Exploits0
OSV
OSV
added 2026/06/18 2:50 p.m.2 views

MINI-3PJH-MR2Q-G7VR

Bulletin has no description...

9.1CVSS4.9AI score0.00373EPSS
Exploits0
OSV
OSV
added 2026/06/18 2:50 p.m.5 views

MINI-C43J-XCX3-G4C5

Bulletin has no description...

9.1CVSS4.9AI score0.005EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/18 2:43 p.m.6 views

CVE-2026-42536

A flaw was found in Apache HTTP Server, specifically within the modxml2enc module. This heap-based buffer overflow vulnerability can be triggered when processing untrusted content through the xml2StartParse function. A remote attacker could potentially exploit this to cause a denial of service,...

7.5CVSS6AI score0.00605EPSS
Exploits0References4
OSV
OSV
added 2026/06/18 2:42 p.m.5 views

MINI-XF6J-CW8V-HG9X

Bulletin has no description...

9.1CVSS4.9AI score0.00457EPSS
Exploits0
OSV
OSV
added 2026/06/18 2:41 p.m.5 views

MINI-45G9-XV4J-7F78

Bulletin has no description...

9.1CVSS4.9AI score0.00338EPSS
Exploits0
OSV
OSV
added 2026/06/18 2:32 p.m.3 views

SUSE-SU-2026:22160-1 Security update for unbound

This update for unbound fixes the following issues - CVE-2026-32792: Packet of death with DNSCrypt bsc1265583. - CVE-2026-33278: Possible remote code execution during DNSSEC validation bsc1265587. - CVE-2026-40622: "Ghost domain name" variant bsc1265581. - CVE-2026-41292: Parsing a long list of...

10CVSS6.5AI score0.01272EPSS
Exploits0References23
OSV
OSV
added 2026/06/18 2:32 p.m.2 views

SUSE-SU-2026:22213-1 Security update for unbound

This update for unbound fixes the following issues - CVE-2026-32792: Packet of death with DNSCrypt bsc1265583. - CVE-2026-33278: Possible remote code execution during DNSSEC validation bsc1265587. - CVE-2026-40622: "Ghost domain name" variant bsc1265581. - CVE-2026-41292: Parsing a long list of...

10CVSS6.5AI score0.01272EPSS
Exploits0References23
EUVD
EUVD
added 2026/06/18 2:28 p.m.10 views

EUVD-2026-37730

python-statemachine SCXML Eval Injection...

9.8CVSS5.2AI score0.00801EPSS
Exploits0References4
OSV
OSV
added 2026/06/18 2:28 p.m.4 views

GHSA-V4JC-PM6R-3VJ8 python-statemachine SCXML <data expr> Eval Injection

Summary python-statemachine 3.1.2 evaluates attributes in SCXML documents using Python's eval. Any application that passes attacker-controlled SCXML content to SCXMLProcessor is vulnerable to arbitrary code execution in the context of the hosting process. Details SCXMLProcessor.parsescxmlfile...

9.8CVSS6.2AI score0.00801EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/18 2:28 p.m.8 views

python-statemachine SCXML <data expr> Eval Injection

Summary python-statemachine 3.1.2 evaluates attributes in SCXML documents using Python's eval. Any application that passes attacker-controlled SCXML content to SCXMLProcessor is vulnerable to arbitrary code execution in the context of the hosting process. Details SCXMLProcessor.parsescxmlfile...

9.8CVSS6.2AI score0.00801EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/06/18 2:23 p.m.25 views

CVE-2025-27511

CVE-2025-27511 affects the GeoServer DB2 DataStore Extension. According to the connected advisories, prior to version 2.27.0, an authenticated administrator could perform a JNDI attack via a specially crafted DB2 JDBC URL, leading to Remote Code Execution (RCE). The issue is the JNDI injection vu...

7.2CVSS5.5AI score0.00582EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/06/18 2:23 p.m.20 views

CVE-2025-27511 GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.27.0 of the GeoServer DB2 DataStore Extension, an administrator can perform a JNDI attack through specially crafted DB2 jdbc url leading to to Remote Code Execution RCE. Version 2.27.0 fixes...

7.2CVSS0.00582EPSS
Exploits0References4
NVD
NVD
added 2026/06/18 2:17 p.m.63 views

CVE-2026-8461

An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some cases, can be exploited for remote code execution. This vulnerability is associated with the file libavcodec/magicyuv.C. This issue affects FFmpeg befor...

8.8CVSS0.00477EPSS
Exploits3References4
Rows per page
Query Builder