Lucene search
+L

340 matches found

EUVD
EUVD
added 2026/07/10 7:13 a.m.7 views

EUVD-2026-42836

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Apache IoTDB. The pipe processor reads a fully qualified Java class name and instantiates it using Class.forName.newInstance without any validation or allowlisting. This issue affects Apache IoTDB:...

9.8CVSS6.1AI score0.00332EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.11 views

PT-2026-53944

Name of the Vulnerable Software and Affected Versions IBM WebSphere Extreme Scale versions 8.6.1.0 through 8.6.1.6 Description Approximately 50 CORBA stub classes within the ogclient.jar file call the ORB.string to object function using an attacker-controlled IOR string during Java deserializatio...

10CVSS6.6AI score0.03415EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/29 3:40 p.m.38 views

CVE-2026-13744 Snowflake CLI SQL Injection Through Improper Neutralization of User-Controlled Input

Improper neutralization of attacker-controlled content in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. By supplying crafted repository content, project configuration, manifest data, or specification input, an attacker could cause Snowflake CLI to execute unintended SQL i...

8.3CVSS0.0032EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 6:17 p.m.21 views

CVE-2026-49851

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Mistune is vulnerable to a CPU exhaustion DoS due to superlinear approximately On² behavior in parselinktext. When parsing Markdown containing many consecutive characters, parselinktext repeatedly scans the input usin...

8.7CVSS0.0035EPSS
Exploits0References4
OSV
OSV
added 2026/06/23 5:42 p.m.8 views

PSF-2026-29

When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters \r the resulting file could be injected with unexpected keys and values if the attacker controls the written value...

4.1CVSS5.8AI score0.00128EPSS
Exploits0References7
Snyk
Snyk
added 2026/06/15 5:24 p.m.11 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the formatDate function when processing an excessively long or attacker-controlled date format string. An attacker can cause high CPU and memory consumption, leading to application...

8.2CVSS5.8AI score0.00331EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/15 5:22 p.m.9 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the two-way property binding. An attacker can execute arbitrary JavaScript in the context of the user's browser by supplying crafted input to a sensitive DOM property bound with two-way binding syntax. Note:...

8.3CVSS5.9AI score0.00195EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/15 4:51 p.m.39 views

@angular/core: Angular Template and Dynamic Component Namespace Bypass leading to Cross-Site Scripting (XSS)

An issue in the @angular/core package allows bypassing script-execution restrictions during dynamic component creation. Specifically, the dynamic component instantiation mechanism createComponent failed to reject mounting components directly onto a or namespaced script element such as . This...

6.1CVSS6.1AI score0.00238EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.16 views

PT-2026-49564

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.14.0 Description Attacker-controlled input included in multipart/payload headers can be used to modify a request to inject additional headers or change the request contents. This occurs when an application passes...

6.9CVSS5.8AI score0.00301EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.20 views

PT-2026-49583

Name of the Vulnerable Software and Affected Versions Angular versions prior to 22.0.1 Angular versions prior to 21.2.17 Angular versions prior to 20.3.25 Description A Denial of Service DoS issue exists in the @angular/common package. The formatDate function, also used by the standard DatePipe,...

8.2CVSS5.9AI score0.00331EPSS
Exploits0References7
Snyk
Snyk
added 2026/06/12 3:13 p.m.10 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the NuxtLink href when attacker-controlled input is bound to the to or href properties. An attacker can execute arbitrary scripts in the context of the application by supplying a crafted javascript: or data:...

5.4CVSS5.3AI score0.00198EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.30 views

PT-2026-48932

Summary A NoSQL injection vulnerability existed in MongoDBSaver where checkpoint identifier fields from config.configurable were used in MongoDB queries without strict type enforcement. In vulnerable versions, attacker-controlled object payloads for example MongoDB operators like $gt and $ne coul...

6.7CVSS5.4AI score0.00022EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.20 views

PT-2026-48666

Guzzle Services provides an implementation of the Guzzle Command library that uses Guzzle service descriptions to describe web services, serialize requests, and parse responses into easy to use model structures. Versions prior ro 1.5.4 do not safely serialize scalar XML element values containing...

5.8CVSS5.4AI score0.00219EPSS
Exploits0References2
OSV
OSV
added 2026/06/09 4:3 p.m.2 views

CVE-2026-7383 Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion

Issue summary: A signed integer overflow when sizing the destination buffer for Unicode output in ASN1mbstringncopy can lead to a heap buffer overflow. Impact summary: A heap buffer overflow may lead to a crash or possibly attacker controlled code execution or other undefined behaviour. In...

8.1CVSS7.6AI score0.00358EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.28 views

PT-2026-48313

Name of the Vulnerable Software and Affected Versions Spring Data Relational/JDBC/R2DBC versions 4.0.0 through 4.0.5 Spring Data Relational/JDBC/R2DBC versions 3.5.0 through 3.5.11 Spring Data Relational/JDBC/R2DBC versions 3.4.0 through 3.4.14 Spring Data Relational/JDBC/R2DBC versions 3.3.0...

4.8CVSS5.8AI score0.00227EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/08 12:0 a.m.8 views

Cross-site Scripting (XSS)

Overview org.springframework:spring-webmvc is a package that provides Model-View-Controller MVC architecture and ready components that can be used to develop flexible and loosely coupled web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via...

6.9CVSS5.6AI score0.0014EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.13 views

CVE-2026-9241

The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 1.4.6. This is due to the getvalue function in classes/fixed/fixeduserrole.php trusting the attacker-controlled...

4.3CVSS5.4AI score0.00213EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/02 12:25 p.m.10 views

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview org.apache.calcite:calcite-core is a Core Calcite APIs and engine. Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via user-controled models. An attacker can achieve arbitrary code execution by supplying...

6.9CVSS6.2AI score0.00436EPSS
Exploits0References2
NVD
NVD
added 2026/06/02 10:16 a.m.13 views

CVE-2026-46718

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Apache Calcite. This issue affects Apache Calcite: from 1.5.0 before 1.42. Users are recommended to upgrade to version 1.42, which fixes the issue...

6.5CVSS0.00436EPSS
Exploits0References2
OSV
OSV
added 2026/05/28 10:16 a.m.7 views

UBUNTU-CVE-2026-46197

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: validate SVM ioctl nattr against buffer size Validate nattr field against the buffer size, preventing out-of-bounds buffer access via user-controlled attribute count. cherry picked from commit...

7.8CVSS5.8AI score0.00139EPSS
Exploits0References8
Rows per page
Query Builder