Lucene search
K

29728 matches found

Snyk
Snyk
added 2026/01/19 9:46 p.m.4 views

Eval Injection

Overview Affected versions of this package are vulnerable to Eval Injection via the resourceurlproxy function. An attacker can execute arbitrary system commands by supplying crafted input to the enginename attribute, which is evaluated within the application context. PoC require 'ostruct' def...

9.9CVSS6AI score0.00426EPSS
Exploits0References2
OSV
OSV
added 2026/01/19 9:9 p.m.7 views

CVE-2026-23885 AlchemyCMS has Authenticated Remote Code Execution (RCE) via eval injection in ResourcesHelper

Alchemy is an open source content management system engine written in Ruby on Rails. Prior to versions 7.4.12 and 8.0.3, the application uses the Ruby eval function to dynamically execute a string provided by the resourcehandler.enginename attribute in Alchemy::ResourcesHelperresourceurlproxy. Th...

6.4CVSS6.1AI score0.00426EPSS
Exploits0References7
SUSE Linux
SUSE Linux
added 2026/01/19 11:14 a.m.5 views

Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: MFSA 2026-05 bsc1256340: CVE-2026-0877: Mitigation bypass in the DOM in Security component CVE-2026-0878: Sandbox escape due to incorrect boundary conditions in the Graphics in CanvasWebGL component CVE-2026-0879: Sandbox escape due t...

6.1CVSS5.6AI score0.0057EPSS
Exploits0References28
OSV
OSV
added 2026/01/19 11:14 a.m.4 views

SUSE-SU-2026:0153-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: MFSA 2026-05 bsc1256340: - CVE-2026-0877: Mitigation bypass in the DOM in Security component - CVE-2026-0878: Sandbox escape due to incorrect boundary conditions in the Graphics in CanvasWebGL component - CVE-2026-0879: Sandbox escape...

9.8CVSS5.8AI score0.0057EPSS
Exploits0References15
Github Security Blog
Github Security Blog
added 2026/01/19 9:30 a.m.10 views

Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass

A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigger a vulnerability that allows...

7.5CVSS5.6AI score0.00744EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/01/19 9:30 a.m.4 views

GHSA-C399-Q49H-QWC8 Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass

A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigger a vulnerability that allows...

7.5CVSS5.6AI score0.00744EPSS
Exploits0References5
OSV
OSV
added 2026/01/19 9:16 a.m.5 views

CVE-2025-29847

A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and da When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigg...

7.5CVSS5.9AI score
Exploits0References2
Cvelist
Cvelist
added 2026/01/19 8:36 a.m.19 views

CVE-2025-29847 Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass

A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and da When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigg...

0.00744EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/19 8:36 a.m.2 views

CVE-2025-29847 Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass

A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and da When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigg...

5.5AI score0.00744EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/01/19 4:0 a.m.4 views

kernel: drm/i915: mark requests for GuC virtual engines to avoid use-after-free

A use-after-free vulnerability was found in the Linux kernel Intel i915 graphics driver's GuC virtual engine request handling. A local user with access to GPU rendering can create requests on GuC virtual engines and trap references via syncfile or dmabuf, causing fence release operations to acces...

7.8CVSS7.2AI score0.00156EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2026/01/19 12:0 a.m.14 views

StackWarp: Breaking AMD SEV-SNP Integrity via Deterministic Stack-Pointer Manipulation through the CPU's Stack Engine

In this paper, the authors present StackWarp, a software-based architectural attack exploiting the stack engine on AMD Zen CPUs to modify the stack pointer within an SEV-SNP guest, fully breaking integrity...

5.4AI score
Exploits0
CNVD
CNVD
added 2026/01/19 12:0 a.m.0 views

Mozilla Firefox and Mozilla Firefox ESR code execution vulnerability (CNVD-2026-11799)

Mozilla Firefox is an open source web browser from the Mozilla Foundation, USA.Mozilla Firefox ESR is an extended support version of Firefox web browser from the Mozilla Foundation, USA. A code execution vulnerability exists in Mozilla Firefox and Mozilla Firefox ESR due to a use-after-release in...

9.8CVSS6.6AI score0.00423EPSS
Exploits0References1
Snyk
Snyk
added 2026/01/18 11:48 p.m.3 views

Improper Neutralization of Special Elements Used in a Template Engine

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the export process. An attacker with export permissions can access sensitive information, including environment variables, user password hashes, serialized sessio...

8.2CVSS5.8AI score0.00389EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/01/18 12:0 a.m.4 views

Flow code issues and vulnerabilities

Flow is a free and open-source enterprise-level process application developed by FlowwJ, a Chinese developer. It combines technologies such as Flowable to create an integrated process engine solution. There are code issues and vulnerabilities in Flow; these vulnerabilities stem from incorrect...

6.5CVSS6.7AI score0.00224EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/01/18 12:0 a.m.4 views

openSUSE 16 Security Update : chromium (openSUSE-SU-2026:20054-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20054-1 advisory. Changes in chromium: - Chromium 144.0.7559.59 boo1256614 CVE-2026-0899: Out of bounds memory access in V8 CVE-2026-0900: Inappropriate...

9.8CVSS5.4AI score0.00382EPSS
Exploits0References21
Microsoft CVE
Microsoft CVE
added 2026/01/17 4:8 a.m.12 views

Chromium: CVE-2026-0902 Inappropriate implementation in V8

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.8CVSS6.4AI score0.00258EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/01/17 4:8 a.m.15 views

Chromium: CVE-2026-0899 Out of bounds memory access in V8

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.8CVSS6.4AI score0.00382EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/16 11:31 p.m.4 views

CVE-2026-1010

A stored cross-site scripting XSS vulnerability exists in the Altium Workflow Engine due to missing server-side input sanitization in workflow form submission APIs. A regular authenticated user can inject arbitrary JavaScript into workflow data. When an administrator views the affected workflow,...

8CVSS5.8AI score0.00303EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/16 9:33 p.m.18 views

CVE-2026-21906

An Improper Handling of Exceptional Conditions vulnerability in the packet forwarding engine PFE of Juniper Networks Junos OS on SRX Series allows an unauthenticated network-based attacker sending a specific ICMP packet through a GRE tunnel to cause the PFE to crash and restart. When PowerMode...

8.7CVSS7AI score0.00497EPSS
Exploits0References1
Fedora
Fedora
added 2026/01/16 5:43 p.m.8 views

[SECURITY] Fedora 43 Update: harfbuzz-11.5.1-2.fc43

HarfBuzz is an implementation of the OpenType Layout engine...

5.3CVSS7AI score0.00377EPSS
Exploits1
Rows per page
Query Builder