Lucene search
K

235 matches found

Cvelist
Cvelist
added 11 hours ago6 views

CVE-2026-56349 n8n - Guardrail Node Bypass via Crafted Input

n8n before version 2.10.0 contains an input validation vulnerability in the Guardrail node that allows attackers to bypass default guardrail instructions. End users can craft malicious inputs to circumvent guardrail protections and compromise workflow integrity...

6.3CVSS
Exploits0References2
Snyk
Snyk
added 2026/07/01 9:19 p.m.5 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow due to incorrect handling of arguments in the JP2 encoder. An attacker can cause a heap buffer over-write by supplying specially crafted arguments during image processing. Remediation A fix was pushed into the...

6.9CVSS6.1AI score0.00103EPSS
Exploits0References2
NVD
NVD
added 2026/06/29 5:16 p.m.9 views

CVE-2026-13752

Improper neutralization of parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. An attacker could exploit this by supplying crafted values to vulnerable command paths, causing Snowflake CLI to execute unintended SQL in the context of the user’s Snowflake session...

8CVSS0.00188EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.24 views

PT-2026-53322

Name of the Vulnerable Software and Affected Versions Snowflake CLI versions prior to 3.19 Description Improper neutralization of parameters allows unintended SQL execution. An attacker can exploit this by providing crafted values to vulnerable command paths, leading the CLI to execute unauthoriz...

8CVSS6.1AI score0.00188EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/25 10:14 p.m.8 views

golang.org/x/crypto: Invoking byte arithmetic causes underflow and panic

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs...

7.5CVSS6AI score0.00359EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/06/25 10:14 p.m.3 views

GHSA-Q4H4-GMJ2-QVW2 golang.org/x/crypto: Invoking byte arithmetic causes underflow and panic

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs...

7.5CVSS6AI score0.00359EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/25 10:14 p.m.12 views

EUVD-2026-31388

golang.org/x/crypto/ssh: Invoking byte arithmetic causes underflow and panic...

7.5CVSS5.8AI score0.00359EPSS
Exploits0References6
OSV
OSV
added 2026/06/25 10:12 p.m.3 views

GHSA-9M57-25V3-79X9 golang.org/x/crypto: Invoking pathological inputs can lead to client panic

For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used...

5.3CVSS6AI score0.00313EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/25 10:12 p.m.11 views

EUVD-2026-31402

golang.org/x/crypto/ssh/agent: Invoking pathological inputs can lead to client panic...

5.3CVSS5.8AI score0.00313EPSS
Exploits0References5
OSV
OSV
added 2026/06/24 9:39 p.m.2 views

SUSE-SU-2026:22271-1 Security update for python-idna

This update for python-idna fixes the following issue - CVE-2026-45409: specially crafted inputs to idna.encode can bypass earlier security fix bsc1265413...

6.9CVSS6.3AI score0.00408EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 9:39 p.m.3 views

SUSE-SU-2026:22356-1 Security update for python-idna

This update for python-idna fixes the following issue - CVE-2026-45409: specially crafted inputs to idna.encode can bypass earlier security fix bsc1265413...

6.9CVSS6.3AI score0.00408EPSS
Exploits0References3
OSV
OSV
added 2026/06/22 5:39 a.m.5 views

BIT-DOTNET-SDK-2026-32175 .NET Core Tampering Vulnerability

A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the...

4.3CVSS6AI score0.00711EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/05 10:6 p.m.35 views

CVE-2026-45409 Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix

Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...

6.9CVSS0.00408EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/23 1:27 a.m.15 views

SUSE CVE-2026-46597

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs...

7.5CVSS5.8AI score0.00359EPSS
Exploits0References27
NVD
NVD
added 2026/05/22 4:16 a.m.15 views

CVE-2026-46597

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs...

7.5CVSS0.00359EPSS
Exploits0References4
OSV
OSV
added 2026/05/22 4:16 a.m.8 views

UBUNTU-CVE-2026-46598

For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used...

5.3CVSS5.8AI score0.00313EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2026/05/22 2:31 a.m.9 views

CVE-2026-46598

For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used...

5.3CVSS5.8AI score0.00313EPSS
Exploits0
OSV
OSV
added 2026/05/22 2:31 a.m.2 views

CVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent

For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used...

5.3CVSS6AI score0.00313EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.17 views

PT-2026-42717

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An incorrectly placed cast from bytes to int in the AES-GCM packet decoder allows for a server-side panic when processing well-crafted inputs. A server-side pani...

9.8CVSS5.8AI score0.00359EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.10 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from an error in the conversion between bytes and integers. This vulnerability may cause ...

7.5CVSS5.8AI score0.00359EPSS
Exploits0References5
Rows per page
Query Builder