Lucene search
K

1211 matches found

EUVD
EUVD
added yesterday5 views

EUVD-2026-43574

Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hvexts. When building the extension hash via extensions, extensionsbylongname, extensionsbyoid, or hasextensionoid, the code passes OBJobj2txt's return value as the hash-key...

6.2AI score0.00106EPSS
Exploits0References3
CVE
CVE
added 4 days ago15 views

CVE-2026-11426

CVE-2026-11426 concerns the UnderConstructionPage PRO plugin for WordPress. The vulnerability, present in all versions up to 5.76, allows Arbitrary File Read via the template_thumbnail parameter, where local file paths are copied into a publicly accessible uploads file. This permits authenticated...

6.5CVSS6.2AI score0.00308EPSS
Exploits0References2
NVD
NVD
added 5 days ago8 views

CVE-2026-57230

OpenReplay is a self-hosted session replay suite. Prior to 1.27.0, the session search and analytics API in enterprise editions with multi-tenancy enabled built ClickHouse queries by inserting user input into the query string, including two positions that took input without escaping, allowing an...

5.4CVSS0.00207EPSS
Exploits0References4
EUVD
EUVD
added 6 days ago14 views

EUVD-2026-42577

Impact: In body-parser versions prior to 1.20.6 1.x line and 2.3.0 2.x line, when the parser is configured with an invalid limit option value such as an unparseable string or NaN, bytes.parse returns null and the request body size check is silently skipped. Applications that rely on limit as thei...

3.7CVSS6AI score0.0025EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/07/08 3:52 p.m.5 views

crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...

7.5CVSS7.1AI score0.00459EPSS
Exploits2References8
NVD
NVD
added 2026/07/03 1:17 p.m.8 views

CVE-2026-56015

Net::IP::LPM versions through 1.10 for Perl allow a heap out-of-bounds read via an unbounded prefix length. add passes the prefix string to the trie builder addPrefixToTrie without checking it against the address width. addPrefixToTrie then walks the prefix buffer by prefixlength bits, reading...

9.1CVSS0.00537EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/03 12:56 p.m.6 views

EUVD-2026-41541

Net::IP::LPM versions through 1.10 for Perl allow a heap out-of-bounds read via an unbounded prefix length. add passes the prefix string to the trie builder addPrefixToTrie without checking it against the address width. addPrefixToTrie then walks the prefix buffer by prefixlength bits, reading...

6AI score0.00537EPSS
Exploits0References2
CVE
CVE
added 2026/07/03 12:56 p.m.21 views

CVE-2026-56015

CVE-2026-56015 affects Net::IP::LPM v1.10 and earlier for Perl, enabling a heap out-of-bounds read when adding prefixes with unbounded lengths. The bug arises in addPrefixToTrie() which walks the prefix buffer by prefix_length bits without verifying it against the address width (4 bytes IPv4, 16 ...

9.1CVSS6AI score0.00537EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.17 views

PT-2026-55535

Name of the Vulnerable Software and Affected Versions Net::IP::LPM versions prior to 1.11 Description An issue exists where a heap out-of-bounds read can occur due to an unbounded prefix length. The add function passes a prefix string to the addPrefixToTrie function without verifying it against t...

9.1CVSS6.1AI score0.00537EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.12 views

PT-2026-53759

Name of the Vulnerable Software and Affected Versions Dgraph versions prior to 25.3.4 Description The checkUserPassword GraphQL query is susceptible to DQL Dgraph Query Language injection. This occurs because user-supplied password values are interpolated directly into a DQL checkpwd query using...

7.5CVSS6.2AI score0.00484EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2026/06/25 6:32 p.m.9 views

LangGraph SDK has unsafe URL path construction

Summary langgraph-sdk constructs HTTP request paths for resource operations by interpolating caller-supplied identifier values into URL templates. Without sanitization of those values, identifiers that contain characters with special meaning in URL paths could cause the resulting request to addre...

9.1CVSS5.7AI score0.00216EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/25 6:32 p.m.3 views

GHSA-W39P-VH2G-G8G5 LangGraph SDK has unsafe URL path construction

Summary langgraph-sdk constructs HTTP request paths for resource operations by interpolating caller-supplied identifier values into URL templates. Without sanitization of those values, identifiers that contain characters with special meaning in URL paths could cause the resulting request to addre...

4.2CVSS5.7AI score0.00216EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/18 5:24 p.m.6 views

crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...

7.5CVSS7.3AI score0.00459EPSS
Exploits2References8
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.19 views

PT-2026-50562

Name of the Vulnerable Software and Affected Versions github workflows affected versions not specified Description The github workflows module constructs local directory paths using repository names provided by the user without validating for symlinks. A local attacker with access to the scan...

2.2CVSS5.2AI score0.00091EPSS
Exploits0References12
OSV
OSV
added 2026/06/16 7:51 p.m.4 views

CVE-2026-48776 LangGraph SDK has unsafe URL path construction

LangGraph Python SDK is used to connect to running LangGraph API servers, manage assistants, threads and stream runs from Python applications. Versions 0.3.14 and prior have unsafe URL path construction through unsanitized caller-supplied identifier values used in HTTP request paths for resource...

4.2CVSS5.8AI score0.00216EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/06/16 4:41 a.m.88 views

Exploit for CVE-2026-54686

CVE-2026-54686: Warp Remote SSH Command Injection PoC Desc...

6.1AI score0.00278EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.28 views

PT-2026-50078

Name of the Vulnerable Software and Affected Versions LangGraph Python SDK versions prior to 0.3.15 Description Unsafe URL path construction occurs due to unsanitized caller-supplied identifier values used in HTTP request paths for resource operations. Identifiers containing characters with speci...

9.1CVSS5.9AI score0.00216EPSS
Exploits0References12
Snyk
Snyk
added 2026/06/11 7:14 p.m.12 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to the improper sanitization of non-string values in the prefix, postfix, or dir parameters during path construction. An attacker can create files outside the intended temporary directory, potentially overwriting...

8.7CVSS6.2AI score0.00496EPSS
Exploits2References2
OSV
OSV
added 2026/06/11 1:4 p.m.10 views

GHSA-34XG-WGJX-8XPH guzzlehttp/psr7 has Host Confusion via Authority Reinterpretation

Impact guzzlehttp/psr7 improperly interpreted malformed Host header values when constructing request URIs from inbound request data. This issue concerns inbound request parsing and server request construction. It does not require serializing a PSR-7 request, and it is not part of the normal...

5.3CVSS5.5AI score0.00198EPSS
Exploits0References3
OSV
OSV
added 2026/06/10 2:2 p.m.3 views

CVE-2026-45559 Roxy-WI: LDAP injection in /user/ldap/<username> (admin-only)

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, getldapemail app/modules/roxywi/user.py:120-157 builds the LDAP search filter via f-string concatenation. The username URL path parameter is taken verbatim — no checkAjaxInput, no...

4.9CVSS6AI score0.00234EPSS
Exploits0References3
Rows per page
Query Builder