Lucene search
+L

365 matches found

osv
osv
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-502 PyMySQL SQL Injection vulnerability

PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escapedict...

9.8CVSS6.6AI score0.00691EPSS
Exploits1References9
osv
osv
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-286 asyncmy is vulnerable to SQL injection via crafted dict keys

SQL injection vulnerability in long2ice asyncmy thru 0.2.10 allows attackers to execute arbitrary SQL commands via crafted dict keys...

9.8CVSS6.1AI score0.00373EPSS
Exploits0References5
osv
osv
added 2026/06/12 12:25 p.m.8 views

OESA-2026-2646 assimp security update

Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose. Security Fixes: A vulnerability was detected in Assi...

4.8CVSS4.8AI score0.00118EPSS
Exploits0References3
nessus
nessus
added 2026/06/09 12:0 a.m.10 views

EulerOS 2.0 SP11 : protobuf (EulerOS-SA-2026-2260)

According to the versions of the protobuf packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypasse...

8.2CVSS6.5AI score0.00613EPSS
Exploits0References2
nessus
nessus
added 2026/06/06 12:0 a.m.8 views

EulerOS Virtualization 2.12.0 : protobuf (EulerOS-SA-2026-2109)

According to the versions of the protobuf packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit...

8.2CVSS6.5AI score0.00613EPSS
Exploits0References2
nvd
nvd
added 2026/06/01 12:16 a.m.15 views

CVE-2026-10202

A vulnerability was identified in OFCMS 1.1.3. This issue affects the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SystemDictController.java of the component JSON Query Interface. The manipulation leads to sql injection. The attack can be initiated...

6.5CVSS0.00192EPSS
Exploits0References5
osv
osv
added 2026/05/31 11:16 p.m.9 views

DEBIAN-CVE-2026-10199

A vulnerability has been found in Assimp up to 6.0.4. Affected by this issue is the function glTF2::LazyDict in the library glTF2Asset.h. Such manipulation of the argument operator leads to null pointer dereference. The attack must be carried out locally. The exploit has been disclosed to the...

4.8CVSS5.2AI score0.00118EPSS
Exploits0References1
cve
cve
added 2026/05/31 11:15 p.m.26 views

CVE-2026-10202

CVE-2026-10202 affects OFCMS 1.1.3. The vulnerability resides in the JSON Query Interface, specifically the function Query in SystemDictController.java, enabling SQL injection. The issue can be triggered remotely and a public exploit is available. Documents do not provide a remediation or patched...

6.5CVSS6.4AI score0.00192EPSS
Exploits0References5
attackerkb
attackerkb
added 2026/05/31 11:15 p.m.9 views

CVE-2026-10202

A vulnerability was identified in OFCMS 1.1.3. This issue affects the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SystemDictController.java of the component JSON Query Interface. The manipulation leads to sql injection. The attack can be initiated...

6.5CVSS6.4AI score0.00192EPSS
Exploits0References5
attackerkb
attackerkb
added 2026/05/31 10:30 p.m.10 views

CVE-2026-10199

A vulnerability has been found in Assimp up to 6.0.4. Affected by this issue is the function glTF2::LazyDict in the library glTF2Asset.h. Such manipulation of the argument operator leads to null pointer dereference. The attack must be carried out locally. The exploit has been disclosed to the...

4.8CVSS5.2AI score0.00118EPSS
Exploits0References9
cve
cve
added 2026/05/31 10:30 p.m.60 views

CVE-2026-10199

CVE-2026-10199 affects Assimp up to 6.0.4 in glTF2Asset.h: the glTF2::LazyDict function exposed by operator[] manipulation can cause a null pointer dereference. The issue is exploitable locally, with a proof-of-concept in the public domain. A patch is available (patch hash d24b85319bd70c65883a2b9...

4.8CVSS5.2AI score0.00118EPSS
Exploits0References9
github
github
added 2026/05/28 9:32 p.m.3 views

OpenStack Keystone has an Authorization Bypass

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforcecall unconditionally merges the raw JSON request body into the policy enforcement dictionary via policydict.updatejsoninput.copy, overwriting trusted target data that was previously set from...

8.8CVSS5.9AI score0.00329EPSS
Exploits1References8Affected Software1
osv
osv
added 2026/05/28 12:0 a.m.1 views

CVE-2026-42999

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforcecall unconditionally merges the raw JSON request body into the policy enforcement dictionary via policydict.updatejsoninput.copy, overwriting trusted target data that was previously set from...

6CVSS6.1AI score0.00329EPSS
Exploits1References7
osv
osv
added 2026/05/26 8:31 p.m.19 views

USN-8063-2 protobuf vulnerability

USN-8063-1 fixed a vulnerability in Protocol Buffers. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that Protocol Buffers incorrectly handled recursion when the Python google.protobuf.jsonformat.ParseDict...

8.2CVSS6.6AI score0.00613EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.11 views

Astra Linux – Vulnerability in Poppler

In Poppler 0.72.0, a vulnerability exists in the dictLookup assertion that allows attackers to cause a denial of service due to the lack of a check for the dict data type. This vulnerability is demonstrated through the use of the FileSpec class in FileSpec.cc in the pdfdetach function...

6.5CVSS6.7AI score0.02682EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Poppler

In Poppler 0.74.0, the PDFDoc::markObject method in PDFDoc.cc mishandles dict marking, resulting in stack consumption in the Dict::find function located in Dict.cc. This issue can be triggered by passing a malicious PDF file to the pdfunite binary...

6.5CVSS6.7AI score0.02251EPSS
Exploits1References2
redhatcve
redhatcve
added 2026/05/15 7:57 p.m.10 views

CVE-2026-31218

The loadmodel function in the neuralmagictraining.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f 2024-07-21 is vulnerable to insecure deserialization CWE-502. When loading a model state dictionary from a statedict.pt file via torch.load, the function does not...

8.8CVSS6.3AI score0.00559EPSS
Exploits0References1
cvelist
cvelist
added 2026/05/12 12:0 a.m.35 views

CVE-2026-31218

The loadmodel function in the neuralmagictraining.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f 2024-07-21 is vulnerable to insecure deserialization CWE-502. When loading a model state dictionary from a statedict.pt file via torch.load, the function does not...

0.00559EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/05/12 12:0 a.m.8 views

CVE-2026-31218

The loadmodel function in the neuralmagictraining.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f 2024-07-21 is vulnerable to insecure deserialization CWE-502. When loading a model state dictionary from a statedict.pt file via torch.load, the function does not...

6.3AI score0.00559EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/12 12:0 a.m.10 views

OptiMate 安全漏洞

OptiMate is an AI model optimization tool library developed by Nebuly. There is a security vulnerability in OptiMate. This vulnerability stems from the loadmodel function in the neuralmagictraining.py script, which loads the statedict.pt file using torch.load, without enabling the weightsonly=Tru...

8.8CVSS6.2AI score0.00559EPSS
Exploits0References2
Rows per page
Query Builder