Lucene search
K

648740 matches found

Github Security Blog
Github Security Blog
added 1 hour ago4 views

DSpace: ORE resource URI does not validate scheme for non-web resources

Overview When ingesting an aggregated ORE resource by URI using the OAI-ORE Harvester, the ORE Ingestion Crosswalk does not validate the URI scheme. This may allow for local file inclusion via malicious paths like file:///etc/passwd. This vulnerability impacts DSpace versions = 7.6.6, 8.0 = 8.3,...

6AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 1 hour ago2 views

DSpace has a possible Path Traversal Vulnerability in its Curation Task Reporter output path

Overview The Curation Task feature allows an output path to be used by the reporter -r parameter, typically used to stream results and status of curation task operations. It is not restricted to any particular base path, meaning that any path writable by the DSpace often 'tomcat' user is allowed...

5.7AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 1 hour ago2 views

Nuclio: Unsanitized cron trigger event headers/body injected into CronJob shell command leads to persistent RCE

Summary Nuclio controller builds a curl invocation string for each cron trigger and stores it as the args of a Kubernetes CronJob container /bin/sh, -c, . Two fields in the trigger specification flow into this string without adequate sanitization: - event.headers keys — interpolated verbatim insi...

6.4AI score
Exploits0References4Affected Software1
NVD
NVD
added 5 hours ago5 views

CVE-2026-59882

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.3, Uri::assertValidHost does not reject URI host components containing authority delimiters, embedded ports, or malformed IPv6 brackets, allowing Uri::getHost to disagree with the URI authority used for security ...

4.2CVSS
Exploits0References4
Microsoft Secure
Microsoft Secure
added 5 hours ago4 views

Protecting Microsoft at AI speed: How SFI proactively hardens our cloud

AI models have reached a threshold where they exhibit expert-level capabilities in vulnerability discovery, exploit chaining, and proof-of-concept generation. As AI-powered vulnerability discovery matures, every organization that builds or runs software at scale needs continuous proactive...

6.2AI score
Exploits0
Mageia
Mageia
added 5 hours ago3 views

Updated openvpn packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Possible 1-byte buffer overrun on NTLMv2 proxy responses. CVE-2026-11771 Memory-leak in tls-crypt-v2 client key handling that could lead to out-of-memory situations and subsequent server crashes. CVE-2026-12932 Use-after-free bug in ackwritebuf,...

6CVSS7.3AI score0.00521EPSS
Exploits0References4
NVD
NVD
added 6 hours ago4 views

CVE-2026-14966

BBOT's unarchive module rejects archives containing symlink entries before extraction, but for zip and 7z archives it failed to detect symlinks whose listing carries a DOS-attribute prefix before the unix mode, as produced by legacy versions of p7zip. Such an archive, downloaded and extracted...

3.1CVSS
Exploits0References1
CVE
CVE
added 6 hours ago6 views

CVE-2026-59882

The CVE affects guzzlehttp/psr7 (PSR-7 HTTP message library for PHP). Prior to version 2.12.3, Uri::assertValidHost() fails to reject authority delimiters, embedded ports, or malformed IPv6 brackets in host components, causing Uri::getHost() to disagree with the URI authority used for security or...

4.2CVSS6AI score
Exploits0References4
Vulnrichment
Vulnrichment
added 6 hours ago3 views

CVE-2026-59882 guzzlehttp/psr7: Host Confusion via Weak URI Host Validation

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.3, Uri::assertValidHost does not reject URI host components containing authority delimiters, embedded ports, or malformed IPv6 brackets, allowing Uri::getHost to disagree with the URI authority used for security ...

4.2CVSS6AI score
Exploits0References4
Cvelist
Cvelist
added 6 hours ago5 views

CVE-2026-59882 guzzlehttp/psr7: Host Confusion via Weak URI Host Validation

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.3, Uri::assertValidHost does not reject URI host components containing authority delimiters, embedded ports, or malformed IPv6 brackets, allowing Uri::getHost to disagree with the URI authority used for security ...

4.2CVSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 6 hours ago2 views

CVE-2026-59882

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.3, Uri::assertValidHost does not reject URI host components containing authority delimiters, embedded ports, or malformed IPv6 brackets, allowing Uri::getHost to disagree with the URI authority used for security ...

4.2CVSS6AI score
Exploits0References5Affected Software1
EUVD
EUVD
added 6 hours ago3 views

EUVD-2026-42319

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.3, Uri::assertValidHost does not reject URI host components containing authority delimiters, embedded ports, or malformed IPv6 brackets, allowing Uri::getHost to disagree with the URI authority used for security ...

4.2CVSS6AI score
Exploits0References4
Debian CVE
Debian CVE
added 6 hours ago3 views

CVE-2026-42505

Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello...

5.9AI score
Exploits0
Debian CVE
Debian CVE
added 6 hours ago3 views

CVE-2026-39822

On Unix systems, opening a file in an os.Root improperly follows symlinks to locations outside of the Root when the final path component of the a path is a symbolic link and the path ends in /. For example, 'root.Open"symlink/"' will open "symlink" even when "symlink" is a symbolic link pointing...

6AI score
Exploits0
RedHat Linux
RedHat Linux
added 6 hours ago3 views

gstreamer1-plugins-good: GStreamer: Heap buffer overflow in WavPack decoder via integer overflow

A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good. When processing a specially crafted WavPack file, an integer overflow in the buffer size calculation 4 blocksamples channels in gstwavpackdechandleframe causes a very small heap allocation. The WavPack library then writes...

7.6CVSS6.4AI score0.003EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 7 hours ago2 views

kernel: Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use-after-free bugs caused by scosocktimeout When the sco connection is established and then, the sco socket is releasing, timeoutwork will be scheduled to judge whether the sco disconnection is timeout. The sock...

7.8CVSS6.3AI score0.00757EPSS
Exploits1References5
NVD
NVD
added 7 hours ago5 views

CVE-2026-49145

App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The project-source option blocklist in App::Ack::ConfigLoader does not include...

7.5CVSS
Exploits0References2
Vulnrichment
Vulnrichment
added 7 hours ago3 views

CVE-2026-14966 Symlink guard bypass in unarchive module allows planting symlinks during extraction

BBOT's unarchive module rejects archives containing symlink entries before extraction, but for zip and 7z archives it failed to detect symlinks whose listing carries a DOS-attribute prefix before the unix mode, as produced by legacy versions of p7zip. Such an archive, downloaded and extracted...

3.1CVSS5.9AI score
Exploits0References1
Cvelist
Cvelist
added 7 hours ago6 views

CVE-2026-14966 Symlink guard bypass in unarchive module allows planting symlinks during extraction

BBOT's unarchive module rejects archives containing symlink entries before extraction, but for zip and 7z archives it failed to detect symlinks whose listing carries a DOS-attribute prefix before the unix mode, as produced by legacy versions of p7zip. Such an archive, downloaded and extracted...

3.1CVSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 7 hours ago2 views

CVE-2026-14966

BBOT's unarchive module rejects archives containing symlink entries before extraction, but for zip and 7z archives it failed to detect symlinks whose listing carries a DOS-attribute prefix before the unix mode, as produced by legacy versions of p7zip. Such an archive, downloaded and extracted...

3.1CVSS5.9AI score
Exploits0References2Affected Software1
Rows per page
Query Builder