Lucene search
K

659 matches found

CVE
CVE
added 1 hour ago7 views

CVE-2026-55723

When NGINX Ingress Controller is configured with Custom Resource Definitions CRDs or Ingress annotations, an injection vulnerability exists in the configuration generator of NGINX Ingress Controller. Multiple user-controllable fields are written into the generated NGINX configuration without...

8.7CVSS
Exploits0References1
NVD
NVD
added 6 days ago6 views

CVE-2026-55212

Pimcore is an Open Source Data & Experience Management Platform. Prior to 2025.4.6 and 2026.1.6, the Studio API class definition creation endpoint POST /pimcore-studio/api/class/definition/configuration-view/detail/create is guarded by the objects permission instead of the classes permission,...

7.1CVSS0.00199EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 6 days ago7 views

CVE-2026-55212

Pimcore is an Open Source Data & Experience Management Platform. Prior to 2025.4.6 and 2026.1.6, the Studio API class definition creation endpoint POST /pimcore-studio/api/class/definition/configuration-view/detail/create is guarded by the objects permission instead of the classes permission,...

7.1CVSS6AI score0.00199EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 6 days ago6 views

CVE-2026-59928

A flaw was found in Mistune, a Python Markdown parser. A remote attacker could exploit this vulnerability by providing a specially crafted Markdown document containing numerous repeated or distinct reference-link definitions. This can lead to excessive processing, causing CPU exhaustion and a...

7.5CVSS6AI score0.00366EPSS
Exploits1References6
NVD
NVD
added last week9 views

CVE-2026-59928

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a Markdown document containing many repeated or distinct reference-link definitions causes quadratic work in src/mistune/blockparser.py and the reflinks environment dictionary handling, allowing denial of service...

7.5CVSS0.00366EPSS
Exploits1References3
OSV
OSV
added last week4 views

CVE-2026-59928 Mistune block_parser: quadratic-time parsing on long lists of repeated reference-link definitions

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a Markdown document containing many repeated or distinct reference-link definitions causes quadratic work in src/mistune/blockparser.py and the reflinks environment dictionary handling, allowing denial of service...

7.5CVSS6.1AI score0.00366EPSS
Exploits1References5
Cvelist
Cvelist
added last week39 views

CVE-2026-59928 Mistune block_parser: quadratic-time parsing on long lists of repeated reference-link definitions

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a Markdown document containing many repeated or distinct reference-link definitions causes quadratic work in src/mistune/blockparser.py and the reflinks environment dictionary handling, allowing denial of service...

7.5CVSS0.00366EPSS
Exploits1References3
CVE
CVE
added last week15 views

CVE-2026-59928

Mistune (Python Markdown parser) prior to version 3.3.0 is vulnerable to a denial of service due to quadratic work in the block_parser.py processing of long references and in the ref_links environment dictionary. The issue arises when a Markdown document contains many repeated or distinct referen...

7.5CVSS6AI score0.00366EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/07 8:35 p.m.6 views

CVE-2026-55635

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, chart quota and Y-axis filters embed attacker-controlled filter values directly into generated SQL in Quota2SQLObj.getYWheres without applying the SQL literal validation and escaping used by other filter paths,...

8.7CVSS6AI score0.00266EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2026/07/01 2:36 p.m.12 views

Critical: Red Hat Security Advisory: Cluster Observability Operator 1.5.0

The Cluster Observability Operator COO is a Red Hat OpenShift Container Platform Operator that you can deploy to manage observability component stacks by using custom resource descriptions CRDs. The 1.5 release of COO...

9.8CVSS6.7AI score0.03732EPSS
Exploits18References44
RedHat Linux
RedHat Linux
added 2026/06/30 11:22 a.m.4 views

mariadb: MariaDB server: Information disclosure of stored routine definitions due to insufficient privilege check

A flaw was found in MariaDB server. A user who has been granted EXECUTE access to a stored routine through a role can view the definition of that routine. This information disclosure occurs even if the user does not possess the SHOW CREATE ROUTINE privilege, potentially exposing sensitive routine...

4.3CVSS5.7AI score0.00161EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/30 7:8 a.m.3 views

mariadb: MariaDB server: Information disclosure of stored routine definitions due to insufficient privilege check

A flaw was found in MariaDB server. A user who has been granted EXECUTE access to a stored routine through a role can view the definition of that routine. This information disclosure occurs even if the user does not possess the SHOW CREATE ROUTINE privilege, potentially exposing sensitive routine...

4.3CVSS5.7AI score0.00161EPSS
Exploits0References6
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-461 PraisonAI Vulnerable to OS Command Injection

The executecommand function and workflow shell execution are exposed to user-controlled input via agent workflows, YAML definitions, and LLM-generated tool calls, allowing attackers to inject arbitrary shell commands through shell metacharacters. --- Description PraisonAI's workflow system and...

9.6CVSS6.2AI score0.00419EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/06/29 4:49 a.m.11 views

CVE-2026-54269

A flaw was found in protobufjs, a JavaScript JS library for compiling protobuf definitions. A remote attacker could exploit this vulnerability by providing specially crafted protobuf definitions or message types that contain names colliding with internal protobufjs runtime helpers. This could lea...

5.3CVSS5.8AI score0.00238EPSS
Exploits0References4
Veracode
Veracode
added 2026/06/25 5:20 a.m.8 views

Improper Authorization

Apache DolphinScheduler is vulnerable to Improper Authorization. The vulnerability is due to incorrect authorization checks when deleting task definitions, where users with valid system login privileges can delete task definitions in projects they are not authorized to manage...

4.9CVSS5.8AI score0.00437EPSS
Exploits0References2Affected Software1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: smack: /smack/doi/ accepts previously used values. Writing a value to /smack/doi that has ever been written there in the past disables networking for non-ambient labels. For example: bash cat /smack/doi 3 netlabelctl -p cipso lis...

5.5CVSS5.8AI score0.0016EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 1:16 p.m.11 views

CVE-2026-56370

ImageMagick before 7.1.2-19 contains an out-of-bounds access vulnerability in ConnectedComponentsImage when processing connected-components artifacts with invalid indices. Attackers can trigger access violations by specifying malformed connected-components definitions via CLI, causing denial of...

7.8CVSS0.00121EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 11:53 a.m.18 views

CVE-2026-56370

ImageMagick: CVE-2026-56370 is an out-of-bounds access vuln in ConnectedComponentsImage() when handling malformed connected-components artifacts, affecting ImageMagick before version 7.1.2-19. An invalid indices scenario via CLI can trigger access violations, potentially causing denial of service...

7.8CVSS6AI score0.00121EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/24 11:53 a.m.14 views

EUVD-2026-38756

ImageMagick before 7.1.2-19 contains an out-of-bounds access vulnerability in ConnectedComponentsImage when processing connected-components artifacts with invalid indices. Attackers can trigger access violations by specifying malformed connected-components definitions via CLI, causing denial of...

4.8CVSS6AI score0.00121EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 11:7 a.m.5 views

BIT-NGINX-GATEWAY-FABRIC-2026-11311 NGINX Gateway Fabric vulnerability

When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition serverTokens field and the...

8.6CVSS6AI score0.00567EPSS
Exploits0References2
Rows per page
Query Builder