Lucene search
K

8021 matches found

EUVD
EUVD
added 2026/06/29 4:2 p.m.6 views

EUVD-2026-40135

Improper neutralization in the Snowpark annotation processor callback template in Snowflake CLI versions prior to 3.19 allowed arbitrary code execution during application bundling or deployment. An attacker could exploit this by supplying crafted project content that is interpolated into generate...

8.8CVSS6.5AI score0.0037EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/29 3:58 p.m.6 views

CVE-2026-13748

Improper restriction of file path resolution in Snowflake CLI versions prior to 3.19 allowed arbitrary local file content to be read and transmitted to Snowflake services. An attacker could exploit this by supplying crafted repository or project content that referenced files outside the intended...

6.3CVSS6AI score0.00139EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/29 3:40 p.m.13 views

CVE-2026-13744

CVE-2026-13744 affects Snowflake CLI versions prior to 3.19. The vulnerability arises from improper neutralization of attacker-controlled content, allowing unintended SQL execution when a victim processes crafted repository content, project configuration, manifest data, or specification input thr...

8.8CVSS5.9AI score0.0032EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.13 views

PT-2026-53309

Name of the Vulnerable Software and Affected Versions Snowflake CLI versions prior to 3.19 Description Improper neutralization of attacker-controlled content allows unintended SQL execution. An attacker can execute arbitrary SQL within the context of a victim user's Snowflake session by providing...

8.8CVSS6.1AI score0.0032EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.13 views

PT-2026-53322

Name of the Vulnerable Software and Affected Versions Snowflake CLI versions prior to 3.19 Description Improper neutralization of parameters allows unintended SQL execution. An attacker can exploit this by providing crafted values to vulnerable command paths, leading the CLI to execute unauthoriz...

8CVSS6.1AI score0.00188EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/28 9:50 p.m.10 views

Malicious code in skillspector (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c77584b4e40db9023ca0b8a90fa1bd611c859ed486f99ca3a7c9a83dbfa9877 This package presents itself as a redistribution of NVIDIA/skillspector pyproject Homepage points to github.com/NVIDIA/skillspector and the source...

5.9AI score
Exploits0References2
Fedora
Fedora
added 2026/06/27 1:12 a.m.6 views

[SECURITY] Fedora 44 Update: docker-buildx-0.35.0-1.fc44

Docker CLI plugin for extended build capabilities with BuildKit...

8.8CVSS6.3AI score0.004EPSS
Exploits0
Fedora
Fedora
added 2026/06/27 12:57 a.m.4 views

[SECURITY] Fedora 43 Update: docker-buildx-0.35.0-1.fc43

Docker CLI plugin for extended build capabilities with BuildKit...

8.8CVSS6.3AI score0.004EPSS
Exploits0
NVD
NVD
added 2026/06/26 9:16 p.m.11 views

CVE-2026-48778

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the tag in config.xml is read by NppXml::value Parameters.cpp:6430 and stored in nppGUI.commandLineInterpreter without any validation, whitelist, or digital signature check. When the user triggers IDMFILEOPENCMD File → Open...

7.8CVSS0.01314EPSS
Exploits5References2
Cvelist
Cvelist
added 2026/06/26 8:22 p.m.27 views

CVE-2026-48770 Notepad++ WM_COPYDATA COPYDATA_FULL_CMDLINE local DoS crash

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, a local process in the same interactive Windows session can send a malformed WMCOPYDATA message to Notepad++ using the COPYDATAFULLCMDLINE path. The handler appears to process COPYDATASTRUCT.lpData as an unbounded...

5CVSS0.00258EPSS
Exploits2References2
Cvelist
Cvelist
added 2026/06/26 8:21 p.m.38 views

CVE-2026-48778 Notepad++: Arbitrary Code Execution via config.xml commandLineInterpreter

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the tag in config.xml is read by NppXml::value Parameters.cpp:6430 and stored in nppGUI.commandLineInterpreter without any validation, whitelist, or digital signature check. When the user triggers IDMFILEOPENCMD File → Open...

7.8CVSS0.01314EPSS
Exploits5References2
RedhatCVE
RedhatCVE
added 2026/06/26 12:27 p.m.7 views

CVE-2026-56370

An out-of-bounds access vulnerability exists in ImageMagick's ConnectedComponentsImage function. By passing malformed connected-components definitions through the CLI, an attacker can cause a denial of service or potentially execute arbitrary code. Mitigation Prevent the injection of malformed...

7.8CVSS6.2AI score0.00121EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/06/25 3:34 p.m.5 views

CVE-2026-55693

Vim is an open source, command line text editor. Prior to 9.2.0653, the treecountwords function in src/spellfile.c fills in the word-count fields of a spell-file word trie by walking it iteratively with a depth counter. The counter is bounded only by the trie structure itself; it is never checked...

8.4CVSS5.8AI score0.00126EPSS
Exploits0
Snyk
Snyk
added 2026/06/24 7:15 p.m.7 views

Arbitrary Argument Injection

Overview Jellyfin.Common is an a Free Software Media System that puts you in control of managing and streaming your media. Affected versions of this package are vulnerable to Arbitrary Argument Injection via the SubtitleEncoder.ConvertTextSubtitleToSrtInternal process. An attacker can achieve...

8.8CVSS6AI score0.00357EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/24 5:52 p.m.12 views

CVE-2026-49980

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until 1.74.3, rclone rcd --rc-serve accepts unauthenticated GET and HEAD requests to paths of the form: /remote:path/object. The remote value is parsed from the URL and passed...

9.8CVSS6AI score0.00701EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/06/24 1:37 p.m.4 views

CVE-2026-12537

Improper Neutralization used in an OS Command in the container launcher in Google Gemini CLI versions prior to 0.39.1 and run-gemini-cli GitHub Action versions prior to 0.1.22 on headless CI platforms allows an unprivileged attacker to achieve pre-sandbox host-level code execution a maliciously...

10CVSS6.3AI score0.00134EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 11:53 a.m.12 views

EUVD-2026-38756

ImageMagick before 7.1.2-19 contains an out-of-bounds access vulnerability in ConnectedComponentsImage when processing connected-components artifacts with invalid indices. Attackers can trigger access violations by specifying malformed connected-components definitions via CLI, causing denial of...

4.8CVSS6AI score0.00121EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-52028

Name of the Vulnerable Software and Affected Versions Warp versions 0.2025.10.08.08.12.stable 00 through 0.2026.05.06.15.42.stable 00 Description A command execution permission-check bypass exists in the default unsandboxed CLI agent profile. This profile is non-interactive and utilizes a command...

8.6CVSS6AI score0.00145EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 2:46 p.m.6 views

Malicious code in react-simple-utils-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 038aa6bccd8008fec1f309d718e53dd4b89e4ca15a976c6a80652e0dd58a5b58 Package advertises itself as 'a simple date formatting utility for React projects' 3-function index.js, but ships a postinstall.js that runs on every...

5.9AI score
Exploits0References17
RedhatCVE
RedhatCVE
added 2026/06/23 7:44 a.m.4 views

CVE-2026-44170

A flaw was found in MariaDB server. When the CONNECT engine is installed and REST support is enabled on Windows, a user can exploit improper sanitization of the table HTTP attribute. This attribute is interpolated into the curl command line, allowing for arbitrary shell command execution on the...

9.9CVSS6.1AI score0.00797EPSS
Exploits0References5
Rows per page
Query Builder