Lucene search
K

6241 matches found

CVE
CVE
added 4 days ago10 views

CVE-2026-57273

GeoWebPlayer Websocket Server connectInfo handler in GeoVision software contains multiple stack-based buffer overflows in user-supplied JSON fields. Specifically, overflows occur in: username and password when key is absent (64-byte buffers), and username_enc, password_enc, key_blob, ip fields wh...

8.3CVSS5.9AI score0.00286EPSS
Exploits0References2
CVE
CVE
added 5 days ago17 views

CVE-2026-55886

CVE-2026-55886 — Jodit Prototype Pollution Affected software: Jodit Editor (npm package) up to version 4.12.25 (vulnerability fixed in 4.12.26). Root cause: Prototype pollution via Jodit.modules.Helpers.set(chain, value, obj) which walks a dot-separated path and creates path segments without filt...

6.3CVSS5.7AI score0.00315EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago5 views

Malicious code in twrap-tool (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9903cc9163ada9951dee4ee1f364648cac0e492df9a32582ad3ed8303d29231 twraptool/init.py defines two public functions, formatblock and aligncolumns, whose real behavior is to fetch a Python file from...

6.1AI score
Exploits0References2
NVD
NVD
added 5 days ago7 views

CVE-2026-6682

In FatFS R0.16 and earlier contains a FAT32 integer overflow bug in mountvolume where fasize = fs-nfats can wrap, leading to attacker-controlled file-size metadata and unsafe read lengths in downstream callers. This maps to CWE-190 Integer Overflow or Wraparound. Estimated CVSS v3.1 vector:...

7.6CVSS0.0021EPSS
Exploits2References4
CVE
CVE
added 5 days ago45 views

CVE-2026-6682

CVE-2026-6682 affects FatFs in R0.16 and earlier, where in mount_volume() a multiply operation fasize *= fs->n_fats can overflow, causing an integer wrap. This overflow can lead to attacker-controlled file-size metadata and unsafe read lengths in downstream callers. Impact described as CWE-190...

7.6CVSS5.9AI score0.0021EPSS
Exploits2References4Affected Software1
ATTACKERKB
ATTACKERKB
added 5 days ago4 views

CVE-2026-6682

In FatFS R0.16 and earlier contains a FAT32 integer overflow bug in mountvolume where fasize = fs-nfats can wrap, leading to attacker-controlled file-size metadata and unsafe read lengths in downstream callers. This maps to CWE-190 Integer Overflow or Wraparound. Estimated CVSS v3.1 vector:...

7.6CVSS5.9AI score0.0021EPSS
Exploits2References5
NVD
NVD
added 5 days ago7 views

CVE-2026-10538

Messaging consumer functionality allows deserialization of user-controlled data without sufficient restriction of allowed object types in the out of support Control-M/Server and Control-M/Enterprise Manager versions 9.0.20.x and potentially earlier. This issue may allow an authenticated attacker ...

8.9CVSS0.00246EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-40926

Messaging consumer functionality allows deserialization of user-controlled data without sufficient restriction of allowed object types in the out of support Control-M/Server and Control-M/Enterprise Manager versions 9.0.20.x and potentially earlier. This issue may allow an authenticated attacker ...

8.9CVSS5.8AI score0.00246EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-40427

Capgo before 12.128.2 contains a broken object level authorization vulnerability in middlewareKey that accepts the client-controlled x-limited-key-id header without validating ownership, allowing authenticated users to adopt cross-tenant limited keys. Attackers can supply another tenant's limited...

8.8CVSS5.8AI score0.00322EPSS
Exploits0References3
NVD
NVD
added 6 days ago5 views

CVE-2026-56230

Capgo before 12.128.2 contains a broken object level authorization vulnerability in middlewareKey that accepts the client-controlled x-limited-key-id header without validating ownership, allowing authenticated users to adopt cross-tenant limited keys. Attackers can supply another tenant's limited...

8.8CVSS0.00322EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-40410

An unauthenticated URL redirection vulnerability has been identified in Archer AX20 V2 due to improper validation of user-supplied URL input within the web interface. An unauthenticated attacker can craft URLs containing URL-encoded path traversal sequences. When processed by the embedded web...

5.9CVSS5.8AI score0.00296EPSS
Exploits0References2
CVE
CVE
added 6 days ago10 views

CVE-2026-13773

CVE-2026-13773 affects IBM WebSphere eXtreme Scale 8.6.1.0–8.6.1.6. Approximately 50 generated CORBA stub classes in ogclient.jar deserialize an attacker-controlled IOR via ObjectInputStream, using ORB.string_to_object() to perform outbound IIOP SSRF to a chosen host. When combined with IBM ORB g...

10CVSS6.4AI score0.03415EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-40351

Vibe-Trading before 0.1.10 builds the proposal file path by joining a caller-supplied proposal identifier onto the broker proposals directory without sanitization agent/src/live/mandate/commit.py. A proposal identifier containing path traversal sequences causes the application to load an...

8.3CVSS5.8AI score0.00416EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-53997

Name of the Vulnerable Software and Affected Versions yudao-cloud versions prior to 2026.06 Description A broken access control issue exists in the BPM module. An authenticated user can access arbitrary process instance records by providing a caller-controlled process-instance identifier to an...

7.1CVSS6AI score0.00235EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 6 days ago11 views

RHEL 10 : perl-IO-Compress (RHSA-2026:30860)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:30860 advisory. This distribution provides a Perl interface to allow reading and writing of compressed data created with the zlib and bzip2 libraries. IO-Compress...

7.8CVSS6.5AI score0.00292EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-53928

Name of the Vulnerable Software and Affected Versions Woodpecker versions prior to 3.15.0 Description When using the GitLab forge driver, the system matches the ApprovalAllowedUsers bypass list against the pipeline.Author variable. The pipeline.Author is populated from the commit.author.name...

9.2CVSS6.1AI score0.00546EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-53944

Name of the Vulnerable Software and Affected Versions IBM WebSphere Extreme Scale versions 8.6.1.0 through 8.6.1.6 Description Approximately 50 CORBA stub classes within the ogclient.jar file call the ORB.string to object function using an attacker-controlled IOR string during Java deserializatio...

10CVSS6.6AI score0.03415EPSS
Exploits0References3
OSV
OSV
added last week4 views

EEF-CVE-2026-53429 Unbounded native memory leak in mdex escaped-tag rendering enables unauthenticated denial of service

Summary Missing Release of Memory after Effective Lifetime vulnerability in leandrocp mdex and mdex\native allows an attacker who controls a rendered document to cause a denial of service through unbounded native memory exhaustion. The native rendering code permanently leaks memory when rendering...

6.9CVSS5.8AI score0.00126EPSS
Exploits0References5
Cvelist
Cvelist
added last week28 views

CVE-2026-53427 Cross-site scripting in MDEx via unescaped highlight_lines_class code-fence attribute

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in leandrocp MDEx allows stored or reflected cross-site scripting via attacker-controlled Markdown. When syntax highlighting and full info-string forwarding render: fullinfostring: true are enabled, t...

2.3CVSS0.00405EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added last week5 views

perl-IO-Compress: perl-IO-Compress: Arbitrary code execution via attacker-controlled output glob

A flaw was found in perl-IO-Compress, a component used for data compression and decompression. A remote attacker could exploit this vulnerability by crafting a malicious input, specifically an output glob, that bypasses the intended security measures. This could lead to the execution of...

7.3CVSS6.1AI score0.00292EPSS
Exploits2References6
Rows per page
Query Builder