Lucene search
+L

1459 matches found

EUVD
EUVD
added 2 days ago9 views

EUVD-2026-45188

A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to cause service disruption by supplying a repository release notes configuration file containing deeply nested YAML. When release notes were generated, the configuration file was parse...

8.3CVSS5.4AI score0.00268EPSS
Exploits0References5
CVE
CVE
added 4 days ago11 views

CVE-2026-46485

Dashy (self-hosted dashboard) is affected prior to version 4.0.8 where the config-saving functionality can allow unauthorized changes to the main config.yaml via OIDC deployments, enabling unauthenticated or non-admin users to modify dashboard configuration. Root cause: permission checks around c...

8.2CVSS6.1AI score0.00304EPSS
Exploits0References2
OSV
OSV
added 5 days ago4 views

CVE-2026-15702 tamagui config.ts updateConfig prototype pollution

A security vulnerability has been detected in tamagui up to 2.3.0. This affects the function updateConfig of the file code/core/web/src/config.ts. Such manipulation leads to improperly controlled modification of object prototype attributes. The attack may be performed from remote. Upgrading to...

5.3CVSS6.3AI score0.00337EPSS
Exploits0References10
Cvelist
Cvelist
added 5 days ago27 views

CVE-2026-15702 tamagui config.ts updateConfig prototype pollution

A security vulnerability has been detected in tamagui up to 2.3.0. This affects the function updateConfig of the file code/core/web/src/config.ts. Such manipulation leads to improperly controlled modification of object prototype attributes. The attack may be performed from remote. Upgrading to...

6.5CVSS0.00337EPSS
Exploits0References8
CVE
CVE
added 2026/07/10 1:58 p.m.7 views

CVE-2026-60089

Prais onAI (pip package praisonaiagents) prior to version 1.6.78 is affected by a path-traversal issue: defaults loaded from a project-local .praisonai/config.toml can set defaults.output.output_file to an absolute or .. traversal path. If an Agent is started without an explicit output parameter,...

6.9CVSS6.1AI score0.00141EPSS
Exploits0References3
OSV
OSV
added 2026/07/10 1:58 p.m.3 views

CVE-2026-60089 PraisonAI before 1.6.78 Path Traversal via config.toml

PraisonAI pip package praisonaiagents before 1.6.78 automatically loads defaults from a project-local .praisonai/config.toml when constructing an Agent, and does not validate the defaults.output.outputfile path. A repository-controlled config file can set outputfile to an absolute or '..' travers...

6.9CVSS6.1AI score0.00141EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2026/07/10 10:56 a.m.11 views

Study of 281 Free Android VPN Apps Finds Traffic Leaks, Unencrypted Data, and Tracking

Researchers ran 281 of the most popular free VPN apps on the Google Play Store through a new testing system and found that many fail at the basics people install a VPN for, i.e., keeping their traffic private and secure. The apps flagged with at least one problem have been installed more than 2.4...

6.1AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/07/10 9:5 a.m.7 views

CVE-2026-41879

R-SOFT DMS stores superadmin credentials using a non-salted nested MD5 hash. This allows an attacker who obtain password hash to decode superadmin credentials. Critically, this password cannot be changed except by modifying the configuration file. This issue was fixed in version v3.17-2000...

8.7CVSS6.1AI score0.01228EPSS
Exploits0References2
OSV
OSV
added 2026/07/09 6:8 a.m.2 views

SUSE-SU-2026:2809-1 Security update for systemd

This update for systemd fixes the following issue Security issues fixed: - CVE-2026-40226: nspawn: escape-to-host via malformed optional config file bsc1261400. Other updates and bugfixes: - Import commit 37508f8ec1 bsc1267647. - Import commit c7530fbea3 bsc1261982 bsc1261983. - Import commit...

6.4CVSS6.6AI score0.00072EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/06 9:38 p.m.33 views

CVE-2026-43921 FOSSBilling vulnerable to arbitrary PHP code injection via unescaped config serialization

FOSSBilling is a free, open-source billing and client management system. Versions 0.6.10 through 0.7.2 have a PHP code injection vulnerability in FOSSBilling's Config::prettyPrintArrayToPHP method. When configuration values are updated, string values are written into config.php without escaping...

8.9CVSS0.00274EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/06 9:38 p.m.6 views

CVE-2026-43921

FOSSBilling is a free, open-source billing and client management system. Versions 0.6.10 through 0.7.2 have a PHP code injection vulnerability in FOSSBilling's Config::prettyPrintArrayToPHP method. When configuration values are updated, string values are written into config.php without escaping...

8.9CVSS6.2AI score0.00274EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/07/06 7:17 p.m.56 views

CVE-2026-11405 Hidden backdoor authentication mechanism in multiple versions of Tenda firmware allows admin access to web management interface

The web server binary /bin/httpd contains a hidden backdoor authentication mechanism in the login function at 004c88b8. - The function contains a normal authentication path using MD5/hash-based password verification prodencode64/PasswordToMd5/checkrandkey. - After normal authentication fails, it...

0.00668EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.18 views

PT-2026-56028

Name of the Vulnerable Software and Affected Versions FOSSBilling versions 0.6.10 through 0.7.2 Description An issue exists in the Config::prettyPrintArrayToPHP method where string values are written into the config.php file without escaping single quotes during configuration updates. Since...

8.9CVSS6.1AI score0.00274EPSS
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/02 12:0 a.m.7 views

Malicious code in @marketfront/header (npm)

The @marketfront/header package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...

6.3AI score
Exploits0References2
Snyk
Snyk
added 2026/07/01 9:19 p.m.8 views

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource via the createconfig path in awscli/customizations/codedeploy/register.py. An attacker can read the CodeDeploy on-premises configuration file by accessing it on the same Unix-like ho...

6.8CVSS6AI score0.00118EPSS
Exploits0References2
NVD
NVD
added 2026/06/29 6:16 a.m.9 views

CVE-2026-13533

A security vulnerability has been detected in agentejo Cockpit CMS up to 0.12.2. Affected by this issue is the function Spyc::YAMLLoad of the file /config/config.yaml of the component htaccess Handler. Such manipulation leads to files or directories accessible. It is possible to launch the attack...

6.9CVSS0.00286EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/29 4:0 a.m.9 views

CVE-2026-13533

A security vulnerability has been detected in agentejo Cockpit CMS up to 0.12.2. Affected by this issue is the function Spyc::YAMLLoad of the file /config/config.yaml of the component htaccess Handler. Such manipulation leads to files or directories accessible. It is possible to launch the attack...

6.9CVSS5.6AI score0.00286EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/06/26 8:21 p.m.3 views

CVE-2026-48778 Notepad++: Arbitrary Code Execution via config.xml commandLineInterpreter

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the tag in config.xml is read by NppXml::value Parameters.cpp:6430 and stored in nppGUI.commandLineInterpreter without any validation, whitelist, or digital signature check. When the user triggers IDMFILEOPENCMD File → Open...

7.8CVSS7.1AI score0.01314EPSS
Exploits5References4
NVD
NVD
added 2026/06/26 6:17 p.m.8 views

CVE-2026-55441

mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.4, mise's trust feature gates config files mise.toml, .tool-versions through trustcheck, but task-include files are loaded on a path that never reaches it. When a directory has a task-include dir mise-tasks/,...

8.6CVSS0.00184EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 4:48 p.m.8 views

CVE-2026-55441

mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.4, mise's trust feature gates config files mise.toml, .tool-versions through trustcheck, but task-include files are loaded on a path that never reaches it. When a directory has a task-include dir mise-tasks/,...

8.6CVSS5.9AI score0.00184EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder