Lucene search
K

543 matches found

Cvelist
Cvelist
added 2026/04/20 12:0 a.m.41 views

CVE-2026-6587 vibrantlabsai RAGAS Collections util.py _try_process_url server-side request forgery

A security flaw has been discovered in vibrantlabsai RAGAS up to 0.4.3. The affected element is the function tryprocesslocalfile/tryprocessurl of the file src/ragas/metrics/collections/multimodalfaithfulness/util.py of the component Collections Module. Performing a manipulation of the argument...

6.5CVSS0.00277EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.11 views

ragas 安全漏洞

Ragas is an open-source toolkit developed by Vibrant Labs for optimizing and evaluating large language models. Versions of Ragas 0.4.3 and earlier contained a security vulnerability. This vulnerability stemmed from improper handling of the parameter retrievedcontexts in the...

6.5CVSS6.6AI score0.00277EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.11 views

PT-2026-33656

A security flaw has been discovered in vibrantlabsai RAGAS up to 0.4.3. The affected element is the function try process local file/ try process url of the file src/ragas/metrics/collections/multi modal faithfulness/util.py of the component Collections Module. Performing a manipulation of the...

7.5CVSS6.1AI score0.00534EPSS
Exploits1References5
Packet Storm News
Packet Storm News
added 2026/04/07 12:0 a.m.3 views

Swiss-Bench 003: Evaluating LLM Reliability and Adversarial Security for Swiss Regulatory Contexts

The deployment of large language models LLMs in Swiss financial and regulatory contexts demands empirical evidence of both production reliability and adversarial security, dimensions not jointly operationalized in existing Swiss-focused evaluation frameworks. This paper introduces Swiss-Bench 003...

5.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/04 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-34877

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures...

9.8CVSS6.1AI score0.00426EPSS
Exploits0References3
OSV
OSV
added 2026/04/03 10:27 a.m.7 views

CLSA-2026-1775212043 opencryptoki: Fix of CVE-2026-23893

CVE-2026-23893: fix symlink-following vulnerabilities in privileged contexts...

6.8CVSS5.8AI score0.00162EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/02 6:31 p.m.5 views

EUVD-2026-18394

An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code execution. This is cause...

9.8CVSS6AI score0.00426EPSS
Exploits0References3
OSV
OSV
added 2026/04/02 5:16 p.m.4 views

DEBIAN-CVE-2026-34877

An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code execution. This is cause...

9.8CVSS5.8AI score0.00426EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/02 12:0 a.m.19 views

CVE-2026-34877

An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code execution. This is cause...

0.00426EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.6 views

PT-2026-29820

Name of the Vulnerable Software and Affected Versions Mbed TLS versions 2.19.0 through 3.6.5, Mbed TLS version 4.0.0 Description A flaw exists in Mbed TLS that, due to insufficient protection of serialized SSL context or session structures, could allow an attacker who can modify these structures ...

9.8CVSS6.2AI score0.00426EPSS
Exploits0References15
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.8 views

Mbed TLS 安全漏洞

Mbed TLS is an open-source, portable, easy-to-use, readable, and flexible SSL library developed by Mbed TLS. Mbed TLS versions 3.6.5 and earlier, as well as version 4.0.0, have security vulnerabilities. These vulnerabilities stem from insufficient protection for serialized SSL contexts or session...

9.8CVSS6.1AI score0.00426EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/02 12:0 a.m.4 views

CVE-2026-34877

An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code execution. This is cause...

9.8CVSS6AI score0.00426EPSS
Exploits0References3
OSV
OSV
added 2026/03/31 10:18 a.m.10 views

CLSA-2026-1774952276 opencryptoki: Fix of CVE-2026-23893

CVE-2026-23893: fix symlink-following vulnerabilities in privileged contexts...

6.8CVSS5.8AI score0.00162EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/27 8:41 p.m.4 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Cross-site Scripting XSS when sanitized HTML is reinserted into a new parsing context using innerHTML and special wrappers such as script, xmp, iframe,...

6.1CVSS5.9AI score
Exploits0References2
EUVD
EUVD
added 2026/03/26 4:39 p.m.4 views

EUVD-2026-16250

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to C++ UB potential memory corruption. This is triggered by an MQTT everestexternal/nodered/connector/cmd/switchthreephaseswhilecharging message and results in Charger::sharedcontext / internalcontext...

8.2CVSS5.8AI score0.00248EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2026/03/25 4:54 p.m.5 views

SUSE CVE-2026-23919

For performance reasons Zabbix Server/Proxy reuses JavaScript Duktape contexts used in script items, JavaScript reprocessing, Webhooks. This can lead to confidentiality loss where a regular non-super Zabbix administrator leaks data for hosts they do not have access to. A fix has been released tha...

7.1CVSS5.7AI score0.00154EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/25 12:26 a.m.8 views

SUSE CVE-2026-28406

kaniko is a tool to build container images from a Dockerfile, inside a container or Kubernetes cluster. Starting in version 1.25.4 and prior to version 1.25.10, kaniko unpacks build context archives using filepath.Joindest, cleanedName without enforcing that the final path stays within dest. A ta...

8.2CVSS6.3AI score0.00613EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.6 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the blkaddTrace function using the thiscpu operation within preemptible contexts, potentially leading t...

5.5CVSS5.8AI score0.00119EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/24 9:31 p.m.5 views

EUVD-2026-14950

For performance reasons Zabbix Server/Proxy reuses JavaScript Duktape contexts used in script items, JavaScript reprocessing, Webhooks. This can lead to confidentiality loss where a regular non-super Zabbix administrator leaks data for hosts they do not have access to. A fix has been released tha...

7.1CVSS5.7AI score0.00154EPSS
Exploits0References2
NVD
NVD
added 2026/03/24 7:16 p.m.5 views

CVE-2026-23919

For performance reasons Zabbix Server/Proxy reuses JavaScript Duktape contexts used in script items, JavaScript reprocessing, Webhooks. This can lead to confidentiality loss where a regular non-super Zabbix administrator leaks data for hosts they do not have access to. A fix has been released tha...

7.1CVSS0.00154EPSS
Exploits0References1
Rows per page
Query Builder