Lucene search
K

964 matches found

NVD
NVD
added yesterday2 views

CVE-2026-50686

Access of resource using incompatible type 'type confusion' in Windows OLE allows an unauthorized attacker to execute code over a network...

8.1CVSS
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-50686

CVE-2026-50686 is a Windows OLE remote code execution vulnerability caused by a type confusion in resource access. It enables network-exposed code execution without authentication and is documented with CVSS v3.1 base score 8.1 (High). Public references identify the affected area as Windows OLE, ...

8.1CVSS6.2AI score
Exploits0References1
Cvelist
Cvelist
added yesterday21 views

CVE-2026-50686 Windows OLE Remote Code Execution Vulnerability

...

8.1CVSS
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-50344

CVE-2026-50344 corresponds to an Windows OLE elevation-of-privilege vulnerability. Description from sources: “Improper authorization in Windows OLE allows an authorized attacker to elevate privileges locally.” Exploitation details are not provided beyond that this is a local privilege escalation ...

7.8CVSS6AI score
Exploits0References1
Cvelist
Cvelist
added yesterday19 views

CVE-2026-50344 Windows OLE Elevation of Privilege Vulnerability

...

7.8CVSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added yesterday4 views

Windows OLE Elevation of Privilege Vulnerability

Improper authorization in Windows OLE allows an authorized attacker to elevate privileges locally...

7.8CVSS6.1AI score
Exploits0
Microsoft CVE
Microsoft CVE
added yesterday5 views

Windows OLE Remote Code Execution Vulnerability

Access of resource using incompatible type 'type confusion' in Windows OLE allows an unauthorized attacker to execute code over a network...

8.1CVSS6.2AI score
Exploits0
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-58332

Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description Improper authorization in Windows OLE Object Linking and Embedding, a framework that allows embedding documents and other objects in one application within another application allows an...

7.8CVSS6.1AI score
Exploits0References3
NVD
NVD
added 5 days ago4 views

CVE-2026-55405

LangChain4j is a Java library for building LLM-powered applications on the JVM. Prior to 1.2.1-beta8, 1.5.1-beta11, 1.11.8-beta19, and 1.16.3-beta26, the MariaDB and pgvector embedding stores build metadata-filter SQL by string-concatenating filter keys, and in MariaDB string values, directly int...

7.6CVSS0.00348EPSS
Exploits0References7
NVD
NVD
added 2026/07/08 9:16 a.m.7 views

CVE-2026-13128

Embedding JavaScript within a PDF file will cause the page to be deleted. Subsequent scripts will continue to access the relevant properties of the document view, eventually leading to the crash of the application...

7.8CVSS0.00116EPSS
Exploits0References1
CVE
CVE
added 2026/07/06 7:49 p.m.11 views

CVE-2026-54234

CVE-2026-54234 affects vLLM prior to version 0.24.0. A frontend multi-request speculative decoding path could cause the rejection sampler to produce a recovered token equal to the model vocabulary size boundary value, which becomes negative one when the next live token is selected. This out-of-vo...

7.5CVSS6AI score0.00343EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/06/30 11:34 a.m.3 views

OPENSUSE-SU-2026:21180-1 Security update for mupdf

This update for mupdf fixes the following issues: Changes in mupdf: - Build and ship MuPDF as a shared library make shared=yes instead of static-only: New subpackage libmupdf272 carries libmupdf.so.27.2 the SONAME tracks the upstream minor.patch version. Replaced the static-only mupdf-devel-stati...

7.5CVSS6AI score0.00477EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/06/29 5:2 a.m.7 views

CVE-2026-56340

A flaw was found in vLLM. This vulnerability allows a remote attacker to trigger crashes or resource exhaustion, leading to a denial of service DoS. By submitting specially crafted embedding requests with malformed tensor indices, when the prompt-embeds feature is enabled, an attacker could also...

8.8CVSS6.1AI score0.00352EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.30 views

CVE-2026-53025 greybus: raw: fix use-after-free on cdev close

In the Linux kernel, the following vulnerability has been resolved: greybus: raw: fix use-after-free on cdev close This addresses a use-after-free bug when a raw bundle is disconnected but its chardev is still opened by an application. When the application releases the cdev, it causes the followi...

7.8CVSS0.00129EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/20 6:27 p.m.12 views

EUVD-2026-38129

vLLM versions = 0.10.2 and 0.13.0 are missing sparse tensor validation in multimodal embeddings processing. Because PyTorch disables sparse tensor invariant checks by default, an attacker can submit crafted embedding requests with malformed negative or out-of-bounds tensor indices, when the...

8.8CVSS6.1AI score0.00849EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/17 6:39 p.m.15 views

LangChain4j: SQL injection via metadata filters in langchain4j-mariadb and langchain4j-pgvector

Summary The MariaDB and pgvector embedding stores build metadata-filter SQL by string-concatenating filter keys and, in MariaDB, string values directly into the query without adequate escaping. A crafted metadata key in EmbeddingSearchRequest.filter can break out of its SQL context and inject...

7.6CVSS5.8AI score0.00348EPSS
Exploits0References2Affected Software2
Snyk
Snyk
added 2026/06/17 6:39 p.m.3 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the EmbeddingSearchRequest.filter process. An attacker can access sensitive data, modify or delete database records, or cause denial of service by injecting crafted input into metadata filter keys or values, which are...

7.6CVSS5.8AI score0.00348EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/17 6:39 p.m.4 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the EmbeddingSearchRequest.filter process. An attacker can access sensitive data, modify or delete database records, or cause denial of service by injecting crafted input into metadata filter keys or values, which are...

7.6CVSS5.8AI score0.00348EPSS
Exploits0References2
OSV
OSV
added 2026/06/16 5:35 p.m.6 views

GHSA-79PH-745M-6WXQ Langflow: Path Traversal in Knowledge Bases API via Creation Endpoint

Summary Langflow is vulnerable to Path Traversal in the Knowledge Bases API POST /api/v1/knowledgebases. This occurs because user-supplied knowledge base names are used directly to create file paths without proper sanitization or containment checks. An authenticated attacker can exploit this flaw...

6.5CVSS5.5AI score0.00313EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.36 views

PT-2026-50141

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.9.0 Description Langflow contains a path traversal flaw in the Knowledge Bases API endpoint 'POST /api/v1/knowledge bases'. The issue resides in the create knowledge base function, where the name variable is used t...

6.5CVSS6AI score0.00313EPSS
Exploits1References12
Rows per page
Query Builder