Lucene search
K

11475 matches found

NVD
NVD
added 2026/03/19 4:16 p.m.11 views

CVE-2026-3029

A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5...

8.2CVSS0.00354EPSS
Exploits0References6
OSV
OSV
added 2026/03/19 4:16 p.m.3 views

CVE-2026-3029

A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5...

5.9AI score
Exploits0References3
OSV
OSV
added 2026/03/19 4:16 p.m.4 views

UBUNTU-CVE-2026-3029

A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5...

8.2CVSS5.9AI score0.00354EPSS
Exploits0References7
CVE
CVE
added 2026/03/19 3:53 p.m.47 views

CVE-2026-3029

Summary: CVE-2026-3029 affects PyMuPDF 1.26.5. A path traversal in the embedded_get function (in main .py) allows arbitrary file writes. Impact: writing files to arbitrary local locations, potentially with elevated privileges. Status: document set confirms version and file, with remediation guida...

8.2CVSS5.9AI score0.00354EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/19 3:53 p.m.28 views

CVE-2026-3029 CVE-2026-3029

A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5...

0.00354EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/19 3:53 p.m.3 views

CVE-2026-3029 CVE-2026-3029

A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5...

5.9AI score0.00354EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.9 views

wolfSSL 安全漏洞

wolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the American company wolfSSL, aimed at developers working with embedded systems. There is a security vulnerability in wolfSSL, which stems from a stack buffer overflow in the PKCS7 SignedData encoding function. When...

7.1CVSS6AI score0.00101EPSS
Exploits0References1
CNVD
CNVD
added 2026/03/19 12:0 a.m.2 views

WordPress Plugin WpEvently Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin WpEvently has an information disclosure vulnerability that can be exploited by...

5.3CVSS5.8AI score0.00251EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.9 views

wolfSSL 安全漏洞

wolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the American company wolfSSL, aimed at developers working with embedded systems. Versions of wolfSSL prior to 5.8.4 contained a security vulnerability. This vulnerability stemmed from an integer underflow in the AEA...

5.3CVSS6AI score0.00251EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.7 views

PT-2026-26432

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6, a vulnerability in the hotplug call function allows an attacker to bypass environment variable filtering and inject an arbitrary PATH variable, potentially leading to privilege escalation. The...

1.8CVSS5.8AI score0.00296EPSS
Exploits0References5
CVE
CVE
added 2026/03/18 5:53 p.m.20 views

CVE-2026-32633

Glances CVE-2026-32633 affects the Glances browser API in Central Browser mode prior to v4.5.2. The /api/4/serverslist endpoint returns in-memory mutated server objects that can include a uri field with embedded HTTP Basic credentials for downstream Glances servers. If the frontend is started wit...

9.1CVSS5.8AI score0.00472EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/18 5:53 p.m.2 views

CVE-2026-32633

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, the /api/4/serverslist endpoint returns raw server objects from GlancesServersList.getserverslist. Those objects are mutated in-place during background polling and can contain a uri...

9.1CVSS5.8AI score0.00472EPSS
Exploits1References4Affected Software1
AlpineLinux
AlpineLinux
added 2026/03/18 5:53 p.m.2 views

CVE-2026-32633

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, the /api/4/serverslist endpoint returns raw server objects from GlancesServersList.getserverslist. Those objects are mutated in-place during background polling and can contain a uri...

9.1CVSS5.8AI score0.00472EPSS
Exploits1References3
Snyk
Snyk
added 2026/03/17 4:45 a.m.4 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the uclobjectemit function when operating in UCLPARSERZEROCOPY mode and processing input containing a key with an embedded null byte. An attacker can cause a segmentation fault and disrupt service by submitting...

8.3CVSS5.8AI score0.00387EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/17 2:28 a.m.33 views

CVE-2026-0708 Libucl: libucl: denial of service via embedded null byte in ucl input

A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language UCL input that contains a key with an embedded null byte. This can cause a segmentation fault SEGV fault in the uclobjectemit function when parsing and emitting the...

8.3CVSS0.00387EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/17 2:28 a.m.4 views

CVE-2026-0708 Libucl: libucl: denial of service via embedded null byte in ucl input

A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language UCL input that contains a key with an embedded null byte. This can cause a segmentation fault SEGV fault in the uclobjectemit function when parsing and emitting the...

8.3CVSS5.8AI score0.00387EPSS
Exploits1References3
CVE
CVE
added 2026/03/17 2:28 a.m.64 views

CVE-2026-0708

CVE-2026-0708 (Libucl) describes a denial-of-service in libucl caused by a crafted UCL input containing a key with an embedded null byte. This can trigger a segmentation fault in ucl_object_emit during parsing/emitting, leading to DoS on affected systems. The CVSS base score is 8.3 ( HIGH ) with ...

8.3CVSS5.8AI score0.00387EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.22 views

PT-2026-25869

A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language UCL input that contains a key with an embedded null byte. This can cause a segmentation fault SEGV fault in the ucl object emit function when parsing and emitting the...

8.3CVSS5.8AI score0.00387EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/03/16 4:35 p.m.6 views

Glances's Browser API Exposes Reusable Downstream Credentials via `/api/4/serverslist`

Summary In Central Browser mode, the /api/4/serverslist endpoint returns raw server objects from GlancesServersList.getserverslist. Those objects are mutated in-place during background polling and can contain a uri field with embedded HTTP Basic credentials for downstream Glances servers, using t...

9.1CVSS5.8AI score0.00472EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/03/16 2:19 p.m.3 views

CVE-2026-28519

arduino-TuyaOpen before version 1.2.1 contains a heap-based buffer overflow vulnerability in the DnsServer component. An attacker on the same local area network who controls the LAN DNS server can send malicious DNS responses to overflow the heap buffer, potentially allowing execution of arbitrar...

8.8CVSS6.5AI score
Exploits0References3
Rows per page
Query Builder