Lucene search
+L

224 matches found

ptsecurity
ptsecurity
added 2026/07/08 12:0 a.m.8 views

PT-2026-56505

Name of the Vulnerable Software and Affected Versions Hono versions 4.0.0 through 4.12.26 Description The cx function in hono/css composes class names from plain strings but marks the result as already escaped without performing HTML-escaping on the input. This allows untrusted className values...

6.1CVSS6.2AI score0.00187EPSS
Exploits0References9
redhatcve
redhatcve
added 2026/06/05 7:12 p.m.11 views

CVE-2026-44555

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, Open WebUI supports model composition via basemodelid: a user-defined model e.g., "Cheap Assistant" can reference an existing base model e.g., "gpt-4-turbo-restricted" that provides...

7.6CVSS5.6AI score0.00248EPSS
Exploits1References1
osv
osv
added 2026/06/01 5:49 p.m.4 views

CVE-2026-40989 Self Routing guard bypassed via function composition

Under infinite recursion in the routing layer, request-handling can cause OOM error. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring Cloud Function 4.1.x: versions prior to 4.1.10 Spring Cloud Function 4.2.x: versions prior to 4.2.6 Spring Cloud...

5.7CVSS5.9AI score0.00211EPSS
Exploits0References3
astralinux
astralinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Thunderbird

Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive Chrome-level privileges; however, it could be used as a stepping stone for further attacks involving other vulnerabilities. This vulnerability affects...

6.5CVSS7AI score0.01267EPSS
Exploits0References2
ubuntucve
ubuntucve
added 2026/05/19 7:16 p.m.10 views

CVE-2026-33642

Kitty is a cross-platform GPU based terminal. In versions 0.46.2 and below, the handlecomposecommand function in kitty/graphics.c performs bounds validation on composition offsets using unsigned 32-bit arithmetic that is subject to integer wrapping, potentially leading to Heap Buffer...

9.9CVSS5.7AI score0.00286EPSS
Exploits1References4
cnnvd
cnnvd
added 2026/05/19 12:0 a.m.11 views

libheif 缓冲区错误漏洞

Libheif is a open-source decoder and encoder for the ISO/IEC 23008-12:2017 HEIF file format developed by Struktur. Versions of Libheif prior to 1.21.2 contain a buffer error vulnerability. This vulnerability stems from a heap buffer overflow during tile composition, allowing attackers to write...

8.8CVSS6AI score0.00514EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2026/05/18 12:0 a.m.18 views

PT-2026-41641

Name of the Vulnerable Software and Affected Versions Mattermost versions 11.5.0 through 11.5.1 Mattermost versions 10.11.0 through 10.11.13 Description Failure to escape certain variables during the composition of error pages allows an attacker with permissions to edit site configurations to...

4.8CVSS5.9AI score0.00143EPSS
Exploits0References9
packetstormnews
packetstormnews
added 2026/05/15 12:0 a.m.14 views

Compile-Time Security Analysis and Optimization of Sensitive String Producers

Content composition vulnerabilities remain among the most prevalent and persistent classes of security weakness in deployed software. Prior mitigations, including developer training, static analysis tools, and domain-specific template languages, each face diminishing returns; AI code generation...

5.9AI score
Exploits0
cvelist
cvelist
added 2026/05/12 7:40 p.m.38 views

CVE-2026-44219 ciguard: SCA HTTP client reads response body without size cap

ciguard is a static security auditor for CI/CD pipelines. From 0.6.0 to 0.8.1, both SCA HTTP clients src/ciguard/analyzer/sca/osv.py and src/ciguard/analyzer/sca/endoflife.py call payload = json.loadsresp.read.decode'utf-8' without a maximum-bytes cap. A hostile or compromised endoflife.date /...

3.7CVSS0.00301EPSS
Exploits0References1
packetstormnews
packetstormnews
added 2026/05/10 12:0 a.m.20 views

The Authorization-Execution Gap Is a Major Safety and Security Problem in Open-World Agents

This position paper argues that the Authorization-Execution Gap AEG is a major safety and security problem in open-world agents. The AEG is the divergence between what a principal intends to authorize and what an open-world agent ultimately executes. Because such agents act autonomously across...

5.8AI score
Exploits0
snyk
snyk
added 2026/05/08 12:0 a.m.11 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the SimpleFunctionRegistry composition. An attacker can exhaust memory or trigger unbounded recursive function composition by supplying crafted function definitions that...

8.7CVSS5.8AI score0.00211EPSS
Exploits0References2
packetstormnews
packetstormnews
added 2026/05/07 12:0 a.m.11 views

Beyond the Wrapper: Identifying Artifact Reliance in Static Malware Classifiers Using TRUSTEE

Modern cybersecurity relies heavily on static machine-learning-based malware classifiers. However, transformations such as packing and other non-semantic modifications applied to executable files limit their reliability. Malware classifiers often learn these unnecessary artifacts rather than the...

5.8AI score
Exploits0
ptsecurity
ptsecurity
added 2026/05/05 12:0 a.m.11 views

PT-2026-37315

Name of the Vulnerable Software and Affected Versions ciguard versions 0.6.0 through 0.8.1 Description Both SCA HTTP clients in src/ciguard/analyzer/sca/osv.py and src/ciguard/analyzer/sca/endoflife.py call the function json.loads on response data without a maximum-bytes cap. A hostile or...

3.7CVSS5.8AI score0.00301EPSS
Exploits0References12
ubuntu
ubuntu
added 2026/04/02 7:27 a.m.7 views

USN-8140-1: Cairo vulnerabilities

Alberto Garcia, Francisco Oca and Suleman Ali discovered that Cairo did not properly manage memory. An attacker could possibly use this issue to cause Cairo to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. CVE-2017-9814 ...

7.8CVSS6.7AI score0.03463EPSS
Exploits2
cve
cve
added 2026/03/30 12:0 a.m.14 views

CVE-2026-29954

CVE-2026-29954 affects KubePlus 4.1.4, specifically the mutating webhook and kubeconfiggenerator. The vulnerability arises when processing the chartURL field of ResourceComposition resources: the value is only URL-encoded and not validated, enabling SSRF. More critically, kubeconfiggenerator conc...

7.6CVSS6AI score0.00268EPSS
Exploits1References2Affected Software1
ptsecurity
ptsecurity
added 2026/03/30 12:0 a.m.4 views

PT-2026-29059

In KubePlus 4.1.4, the mutating webhook and kubeconfiggenerator components have an SSRF vulnerability when processing the chartURL field of ResourceComposition resources. The field is only URL-encoded without validating the target address. More critically, when kubeconfiggenerator uses wget to...

6AI score0.00268EPSS
Exploits1References3
packetstormnews
packetstormnews
added 2026/03/24 12:0 a.m.30 views

AgentRFC: Security Design Principles and Conformance Testing for Agent Protocols

AI agent protocols -- including MCP, A2A, ANP, and ACP -- enable autonomous agents to discover capabilities, delegate tasks, and compose services across trust boundaries. Despite massive deployment MCP alone has 97M+ monthly SDK downloads, no systematic security framework for these protocols...

5.8AI score
Exploits0
fedora
fedora
added 2026/03/16 1:0 a.m.9 views

[SECURITY] Fedora 43 Update: qgis-3.44.8-1.fc43

Geographic Information System GIS manages, analyzes, and displays databases of geographic information. QGIS supports shape file viewing and editing, spatial data storage with PostgreSQL/PostGIS, projection on-the-fly, map composition, and a number of other features via a plugin interface. QGIS al...

8.7CVSS5.8AI score0.00414EPSS
Exploits0
cve
cve
added 2026/03/03 7:48 p.m.15 views

CVE-2025-14604

CVE-2025-14604 affects IBM Storage Scale. It describes that when a directory has a specific ACL composition, a local user could unintentionally trigger additional permissions for resources, allowing execution by unintended actors. Affected products and versions: IBM Storage Scale 5.2.3.0–5.2.3.5 ...

7.8CVSS5.9AI score0.00132EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2026/03/03 7:48 p.m.4 views

CVE-2025-14604 The following vulnerabilities, which may affect IBM Storage Scale when a directory has a specific ACL composition and could lead to improper execute permissions, have been remediated in Storage Scale versions 5.2.3.6 and 6.0.0.2

IBM Storage Scale IBM S through rage Scale 5.2.3.0 - 5.2.3.5, and IBM S through rage Scale 6.0.0.0 - 6.0.0.1 could allow a local user to unintentionally trigger additional permissions for resources in a way that allows that resource to be executed by unintended actors...

6.6CVSS5.9AI score0.00132EPSS
Exploits0References1
Rows per page
Query Builder