Lucene search
K

8015 matches found

OSV
OSV
added 2026/06/21 1:38 p.m.6 views

MAL-2026-6248 Malicious code in jsonschema-viewer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3692022b4caf5ac51d868aaae58e793520ac3bd36703841eb615942baf85bb87 The package's only function — main in src/jsonschemaviewer/main.py, registered as the jsonschema-viewer console script — invokes os.system to fetch a...

6.2AI score
Exploits0References3
Cvelist
Cvelist
added 2026/06/21 1:26 p.m.29 views

CVE-2026-56236 Capgo CLI - Arbitrary File Overwrite via Symlink-Following in Local Credential Operations

Capgo CLI before 12.128.2 contains arbitrary file overwrite vulnerabilities in login and build credentials operations that follow symlinks without validation. Attackers can create malicious symlinks in repositories to overwrite arbitrary files or expose credentials with world-readable permissions...

6.8CVSS0.00134EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Parsec

The vulnerability of the parsecmdlin function in the PARSEC security subsystem is related to improper memory release after its use. Exploiting this vulnerability allows an attacker to cause a service failure...

5.5CVSS5.8AI score
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Wheel

A vulnerability was discovered in Python Packaging Authority PyPA Wheel 0.37.1 and earlier. This vulnerability allows remote attackers to cause a denial of service by using attacker-controlled input to the wheel cli...

7.5CVSS6.9AI score0.02659EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in glibc

The iconv program in the GNU C Library also known as glibc or libc6 version 2.31 and earlier, when invoked with multiple suffixes in the destination encoding TRANSLATE or IGNORE along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, resulting in a...

5.9CVSS6.3AI score0.04006EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in librabbitmq

A vulnerability was discovered in the C AMQP client library also known as rabbitmq-c for RabbitMQ in versions up to 0.13.0. credentials can only be entered via the command line e.g., for amqp-publish or amqp-consume, and therefore they are visible to local attackers who can list processes along...

5.5CVSS5.5AI score0.00214EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: init/main.c: Fixed a potential memory overflow issue with staticcommandline. We allocated memory of size ‘xlen + strlenbootcommandline + 1 for staticcommandline. However, the strings copied into staticcommandline were actually fr...

7.8CVSS6AI score0.00279EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in rabbitMQ-server

RabbitMQ is a multi-protocol messaging broker. In rabbitMQ-server prior to version 3.8.17, adding a new user through the management UI could result in the user’s banner being displayed in a confirmation message without proper tag sanitization, potentially allowing for JavaScript code execution...

5.4CVSS6.3AI score0.01437EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Ansible

A flaw was discovered in Ansible 2.7.16 and earlier versions, as well as 2.8.8 and earlier, and 2.9.5 and earlier. When a password is set using the “password” argument of the svn module, it is used in the svn command line, thereby exposing it to other users within the same node. An attacker could...

3.9CVSS6.7AI score0.00358EPSS
Exploits0References2
OSV
OSV
added 2026/06/18 3:42 p.m.5 views

ROOT-APP-MAVEN-CVE-2025-67635 CVE-2025-67635 in io.root.org.jenkins-ci.main:cli - Patched by Root

Root has patched CVE-2025-67635 in the io.root.org.jenkins-ci.main:cli package for Root:Maven. Multiple fixed versions available...

7.5CVSS7.7AI score0.00506EPSS
Exploits0
EUVD
EUVD
added 2026/06/17 4:17 p.m.8 views

EUVD-2026-37751

A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied commands. An attacker with vmadmin privileges could exploit this...

6CVSS5.3AI score0.00104EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 4:17 p.m.19 views

CVE-2026-20246 Cisco Umbrella Virtual Appliance Privilege Escalation Vulnerability

A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied commands. An attacker with vmadmin privileges could exploit this...

6CVSS0.00104EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/16 8:5 a.m.4 views

postgresql: PostgreSQL libpq: Buffer overflow allows server superuser to overwrite client stack memory

A flaw was found in PostgreSQL libpq. A server superuser can exploit a buffer overflow vulnerability in the PQfn function, which is used by client functions such as loexport, loread, lolseek64, and lotell64. This allows the superuser to send an arbitrarily large response, overwriting the client's...

8.8CVSS6.4AI score0.00464EPSS
Exploits0References5
Fedora
Fedora
added 2026/06/16 1:3 a.m.16 views

[SECURITY] Fedora 44 Update: 7zip-26.01-1.fc44

7-Zip is a file archiver with a high compression ratio. The main features of 7-Zip are: High compression ratio in 7z format with LZMA and LZMA2 compression Supported formats: Packing / unpacking: 7z, XZ, BZIP2, GZIP, TAR, ZIP and WIM Unpacking only: AR, ARJ, CAB, CHM, CPIO, CramFS, DMG, EXT, FAT,...

8.8CVSS5.3AI score0.00938EPSS
Exploits8
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.14 views

PT-2026-49536

Name of the Vulnerable Software and Affected Versions browserstack-cypress-cli versions prior to 1.36.4 Description The browserstack-cypress-cli allows users to run Cypress tests on BrowserStack. An OS command injection is possible through the cypress config file configuration parameter. In the...

7.8CVSS5.6AI score0.00533EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/12 8:57 p.m.10 views

Malicious code in claudechor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a9cbb36cf7ed82685830b5d3a2b341bff9ef86e2688842d1f54259b2b6fb533 The package's bin entry reads installer-owned Claude credential files /.claude/.credentials.json and /.claude.json — written by Anthropic's official...

5.3AI score
Exploits0References5
CVE
CVE
added 2026/06/12 8:37 p.m.20 views

CVE-2026-42853

Vulnerability: CVE-2026-42853 affects ApostropheCMS CLI (@apostrophecms/cli) versions up to 3.6.0. Description: command injection in the apos create flow caused by embedding unsanitized password-prompt input directly into a shell command, enabling arbitrary command execution on the host. Root cau...

6.5CVSS5.8AI score0.00428EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/12 7:21 p.m.89 views

aetherion

/\ | | | | | |...

8.8CVSS5.4AI score0.00541EPSS
Exploits12
Cvelist
Cvelist
added 2026/06/12 5:30 p.m.42 views

CVE-2026-44170 MariaDB: Argument injection in CONNECT REST Xcurl on Windows via unsanitized URL

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB on WIndows with installed CONNECT engine and enabled REST support interpolated table HTTP...

6.3CVSS0.00797EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/06/12 5:30 p.m.11 views

CVE-2026-44170

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB on WIndows with installed CONNECT engine and enabled REST support interpolated table HTTP...

9.9CVSS5.5AI score0.00797EPSS
Exploits0References12
Rows per page
Query Builder