Lucene search
K

2474 matches found

Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.12 views

PT-2026-45370

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.2.2 Description A bug in the Variable response masker allows the bypass of nested-key redaction when the nesting depth of a JSON value exceeds the recursion limit of the shared secrets masker. This occurs wit...

6.5CVSS5.8AI score0.00335EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/05/30 2:8 a.m.18 views

SUSE CVE-2026-33278

NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwriting a destination pointer. An adversary can exploit the...

8.6CVSS6.5AI score0.01272EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/05/30 12:0 a.m.17 views

PT-2026-45077

Name of the Vulnerable Software and Affected Versions Traccar Client versions prior to 9.7.20 Description The application registers a custom org.traccar.client://config deep-link scheme that allows the silent modification of persistent configuration settings without user confirmation or...

9.3CVSS5.3AI score0.00323EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.15 views

CVE-2026-46526

Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.10, the URL checking logic in local-deep-research has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. The current project uses validateurl to validate the input URL. The...

5CVSS5.8AI score0.00247EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/29 1:20 a.m.13 views

SUSE CVE-2026-42328

go-ipld-prime is an implementation of the InterPlanetary Linked Data IPLD spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Prior to 0.23.0, the DAG-CBOR and DAG-JSON decoders recurse on each nested map or list...

6.2CVSS5.9AI score0.0012EPSS
Exploits0References3
OSV
OSV
added 2026/05/28 7:18 p.m.8 views

GHSA-G23J-2VWM-5C25 local-deep-research has an SSRF bypass in `safe_get`

Summary The URL checking logic in local-deep-research has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. Details The current project uses validateurl to validate the input URL. The main logic is to perform security checks on the host portion of the URL extracted by...

5CVSS5.9AI score0.00247EPSS
Exploits0References8
NVD
NVD
added 2026/05/28 7:16 p.m.18 views

CVE-2026-46526

Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.10, the URL checking logic in local-deep-research has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. The current project uses validateurl to validate the input URL. The...

5CVSS0.00247EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/28 5:59 p.m.10 views

CVE-2026-43979

Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.0, PDFService.markdowntohtml constructs an HTML document by interpolating user-controlled values — specifically title sourced from research.title or research.query and metadata key-value pairs —...

5CVSS5.9AI score0.00263EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/05/28 5:58 p.m.35 views

CVE-2026-46526

CVE-2026-46526 concerns Local Deep Research. Before version 1.6.10, the URL validation flow had a logical flaw that could bypass SSRF protections because parsing differed between urlparse and the HTTP request library. The code first runs SSRF checks via validate_url and then uses requests.get to ...

5CVSS5.8AI score0.00247EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/28 5:58 p.m.12 views

EUVD-2026-32977

Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.10, the URL checking logic in local-deep-research has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. The current project uses validateurl to validate the input URL. The...

5CVSS5.8AI score0.00247EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/28 5:58 p.m.32 views

CVE-2026-46526 Local Deep Research: SSRF bypass in `safe_get`

Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.10, the URL checking logic in local-deep-research has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. The current project uses validateurl to validate the input URL. The...

5CVSS0.00247EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/28 5:58 p.m.11 views

CVE-2026-46526 Local Deep Research: SSRF bypass in `safe_get`

Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.10, the URL checking logic in local-deep-research has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. The current project uses validateurl to validate the input URL. The...

5CVSS5.8AI score0.00247EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/28 5:52 p.m.10 views

EUVD-2026-32976

deepobj provides get, set, delete deep objects in javascript. Prior to 1.0.3, prototype pollution is possible when property paths contain proto/constructor/prototype. The property path must not be exposed as user input. This vulnerability is fixed in 1.0.3...

8.2CVSS5.8AI score0.00316EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.18 views

PT-2026-44472

Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.10, the URL checking logic in local-deep-research has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. The current project uses validate url to validate the input URL. Th...

5CVSS5.8AI score0.00247EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

Local Deep Research 代码问题漏洞

Local Deep Research is an AI search assistant developed by LearningCircuit. Versions of Local Deep Research prior to 1.6.10 contained code vulnerabilities. These vulnerabilities stemmed from defects in the URL checking logic, which could be exploited by attackers, leading to SSRF attacks...

5CVSS5.8AI score0.00247EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

Local Deep Research 安全漏洞

Local Deep Research is an AI search assistant developed by LearningCircuit. Versions prior to 1.6.0 of Local Deep Research contained a security vulnerability. This vulnerability stemmed from PDFService.markdowntohtml not properly escaping user-controlled values, allowing authentication attackers ...

5CVSS5.9AI score0.00263EPSS
Exploits0References3
Amazon
Amazon
added 2026/05/26 12:0 a.m.18 views

Important: unbound

Issue Overview: NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwriting a destination pointer. An adversary c...

10CVSS6.6AI score0.01272EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/25 7:33 a.m.6 views

azure-ai-generative (>=1.0.0b1 <=1.0.0b3), azure-ai-resources (>=1.0.0b1 <=1.0.0b9) +15 more potentially affected by CVE-2026-2651 via mlflow-skinny (>=3.0.0 <=3.0.1)

mlflow-skinny PYPI version =3.0.0, =1.0.0b1, =1.0.0b1, =0.1.0, =0.1.0, =2.5.0, =0.0.13, =3.0.0, =0.1.0, =0.1.4 and more Source cves: CVE-2026-2651 Source advisory: SNYK:PYTHON-MLFLOWSKINNY-16874026...

9CVSS7.7AI score0.00345EPSS
Exploits1
OSV
OSV
added 2026/05/23 11:2 a.m.6 views

CLSA-2026-1779534149 unbound: Fix of CVE-2026-33278

CVE-2026-33278: use-after-free in DNSSEC validator dnsmsgdeepcopyregion during NSEC3 sub-query suspend/resume; buggy struct-assignment overwrote the destination's freshly-allocated rrsets pointer with the source's pointer, leaving a dangling pointer dereferenced after the source region was freed...

10CVSS6.4AI score0.01272EPSS
Exploits0References1
OSV
OSV
added 2026/05/22 1:21 p.m.8 views

OESA-2026-2427 jq security update

jq is a lightweight and flexible command-line JSON processor. you can use it to slice and filter and map and transform structured data. It is written in portable C, and it has zero runtime dependencies. it can mangle the data format that you have into the one that you want. Security Fixes: jq is ...

7.3CVSS6AI score0.00161EPSS
Exploits7References8
Rows per page
Query Builder