Lucene search
K

955 matches found

CNNVD
CNNVD
added 2026/05/27 12:0 a.m.9 views

Synology Surveillance Station 安全漏洞

Synology Surveillance Station is an application developed by Synology, a Chinese company. It provides intelligent monitoring and video management tools to protect your valuable assets. There are security vulnerabilities in versions of Synology Surveillance Station prior to 9.2.2.2-11575 and...

4.9CVSS5.8AI score0.0023EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.12 views

PT-2026-43600

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dash layout.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a no...

7.1CVSS6AI score0.00223EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.11 views

PT-2026-44137

Description Symfony Mailer selects a transport via the MAILER DSN environment variable / configuration e.g. smtp://..., sendmail://..., native://default. SendmailTransport invokes the local sendmail binary and supports two modes: -bs speak SMTP over stdin: the default and -t read the message on...

8.6CVSS5.8AI score0.00062EPSS
Exploits0References7
CBLMariner
CBLMariner
added 2026/05/23 3:30 p.m.15 views

CVE-2025-51480 affecting package pytorch for versions less than 2.2.2-15

CVE-2025-51480 affecting package pytorch for versions less than 2.2.2-15. A patched version of the package is available...

8.8CVSS7.3AI score0.00578EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2026/05/19 7:17 p.m.9 views

CVE-2026-42526

In the AWS Secrets Manager and SSM Parameter Store secrets backends of apache-airflow-providers-amazon prior to 9.28.0, the team-scoping logic could resolve a connid containing a / e.g. "myteam/conn" to the same path as another team's team-scoped secret when the caller had no team context. A...

5.3CVSS5.8AI score0.00413EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/19 6:28 p.m.14 views

python: Python: Command-line option injection in webbrowser.open() via crafted URLs

A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...

7.1CVSS7AI score0.00308EPSS
Exploits0References7
OSV
OSV
added 2026/05/18 9:29 a.m.16 views

CLSA-2026-1779096552 Fix CVE(s): CVE-2025-13836, CVE-2026-4519

SECURITY UPDATE: memory denial of service via attacker-controlled Content-Length in http.client - debian/patches/CVE-2025-13836.patch: rewrite Lib/http/client.py saferead to read large responses in geometrically-growing chunks bounded by MINREADBUFSIZE 1 MiB, preventing OOM when a malicious serve...

7.5CVSS5.8AI score0.01525EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 4:16 p.m.39 views

CVE-2026-44664

fast-xml-builder builds XML from JSON. In 1.1.5, the fix for CVE-2026-41650 in fast-xml-parser sanitizes -- sequences in XML comment content using .replace/--/g, '- -'. This skip the values containing three consecutive dashes e.g., ---..., allowing an attacker to break out of an XML comment and...

6.1CVSS0.00194EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 3:27 p.m.7 views

CVE-2026-44664

fast-xml-builder builds XML from JSON. In 1.1.5, the fix for CVE-2026-41650 in fast-xml-parser sanitizes -- sequences in XML comment content using .replace/--/g, '- -'. This skip the values containing three consecutive dashes e.g., ---..., allowing an attacker to break out of an XML comment and...

6.1CVSS5.9AI score0.00238EPSS
Exploits1References2Affected Software1
Snyk
Snyk
added 2026/05/11 2:28 p.m.15 views

External Control of File Name or Path

Overview streamlink is a Streamlink is a command-line utility that extracts streams from various services and pipes them into a video player of choice. Affected versions of this package are vulnerable to External Control of File Name or Path via the parsing process for HLS and DASH playlists or...

7.1CVSS6AI score0.00345EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.9 views

FreeBSD : dash -- arith: INTMAX_MIN / -1 overflow (ab2258a2-4cea-11f1-aec8-bc241107513d)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ab2258a2-4cea-11f1-aec8-bc241107513d advisory. https://git.kernel.org/pub/scm/utils/dash/dash.git/commit/?id=0034bfe185d3d875cebace8cb3ca5c9dabf9e0f3...

5.9AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/10 12:0 a.m.18 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python3 (SUSE-SU-2026:1715-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1715-1 advisory. - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined...

9.1CVSS6.9AI score0.00621EPSS
Exploits1References31
CBLMariner
CBLMariner
added 2026/05/09 3:31 a.m.9 views

CVE-2026-40386 affecting package libexif for versions less than 0.6.24-3

CVE-2026-40386 affecting package libexif for versions less than 0.6.24-3. A patched version of the package is available...

7.1CVSS5.8AI score0.0014EPSS
Exploits0
EUVD
EUVD
added 2026/05/08 6:31 p.m.13 views

EUVD-2026-28802

Directory Traversal vulnerability in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execute arbitrary code via the dashuploader/httprequesthandler.py, aseHttpRequestHandler.gettemproot, BaseHttpRequestHandler.post components...

9.8CVSS6.2AI score0.05982EPSS
Exploits4References7
OSV
OSV
added 2026/05/08 6:31 p.m.7 views

GHSA-3RF6-X59V-5JFV dash-uploader has a directory traversal vulnerability

Impact An unauthenticated path traversal vulnerability exists in dash-uploader versions 0.1.0 through 0.7.0a2. The library's HTTP request handler at dashuploader/httprequesthandler.py reads three form parameters uploadid, resumableFilename, resumableIdentifier from request.form.get and passes the...

9.8CVSS6AI score0.05982EPSS
Exploits4References8
vulnersOsv
vulnersOsv
added 2026/05/08 6:31 p.m.8 views

aurora-cycler-manager (>=0.10.0 <=0.11.4), fusion-tools (>=3.6.19 <=3.6.90) +9 more potentially affected by CVE-2026-38360 via dash-uploader (>=0.6.0 <=0.7.0a2)

dash-uploader PYPI version =0.6.0, =0.10.0, =3.6.19, =0.0.11, =0.0.30, =0.2.4b0, =0.0.50.0, =0.1.7.3, =2.0.1, =0.2.0, =0.4.1 Source cves: CVE-2026-38360 Source advisory: OSV:GHSA-3RF6-X59V-5JFV...

9.8CVSS7.2AI score0.05982EPSS
Exploits4
Github Security Blog
Github Security Blog
added 2026/05/08 6:31 p.m.10 views

dash-uploader has a directory traversal vulnerability

Impact An unauthenticated path traversal vulnerability exists in dash-uploader versions 0.1.0 through 0.7.0a2. The library's HTTP request handler at dashuploader/httprequesthandler.py reads three form parameters uploadid, resumableFilename, resumableIdentifier from request.form.get and passes the...

9.8CVSS6AI score0.05982EPSS
Exploits4References8Affected Software1
vulnersOsv
vulnersOsv
added 2026/05/08 6:28 p.m.10 views

aurora-cycler-manager (>=0.10.0 <=0.11.4), fusion-tools (>=3.6.19 <=3.6.90) +9 more potentially affected by CVE-2026-38360 via dash-uploader (>=0.6.0 <=0.7.0a2)

dash-uploader PYPI version =0.6.0, =0.10.0, =3.6.19, =0.0.11, =0.0.30, =0.2.4b0, =0.0.50.0, =0.1.7.3, =2.0.1, =0.2.0, =0.4.1 Source cves: CVE-2026-38360 Source advisory: SNYK:PYTHON-DASHUPLOADER-16635838...

9.8CVSS7.2AI score0.05982EPSS
Exploits4
Snyk
Snyk
added 2026/05/08 6:28 p.m.7 views

Directory Traversal

Overview dash-uploader is an Upload large files using resumable.js Affected versions of this package are vulnerable to Directory Traversal via improper validation of user-supplied input in the gettemproot and post functions. An attacker can gain unauthorized access to files and execute arbitrary...

9.8CVSS6.5AI score0.05982EPSS
Exploits4References2
NVD
NVD
added 2026/05/08 5:16 p.m.14 views

CVE-2026-38360

Directory Traversal vulnerability in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execute arbitrary code via the dashuploader/httprequesthandler.py, BaseHttpRequestHandler.gettemproot, BaseHttpRequestHandler.post components...

9.8CVSS0.05982EPSS
Exploits4References8
Rows per page
Query Builder