Lucene search
K

416 matches found

OSV
OSV
added yesterday4 views

BIT-SETUPTOOLS-2026-59890 setuptools: MANIFEST.in exclusion bypass in sdist via Unicode normalization collision (NFC/NFD) on macOS APFS/HFS+

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unico...

6.1CVSS6.1AI score0.0029EPSS
Exploits1References4
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago8 views

Malicious code in multer-orm (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fb45c09aa7a237b2b9ff18ccf6426b76a4f46e5ea665c7747f35a345940e161 multer-orm is a typosquat of the widely used multer middleware. Its README is copied from multer, but the package adds a load-time dropper in...

6.7AI score
Exploits0References6
Cvelist
Cvelist
added last week35 views

CVE-2026-59890 setuptools: MANIFEST.in exclusion bypass in sdist via Unicode normalization collision (NFC/NFD) on macOS APFS/HFS+

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unico...

6.1CVSS0.0029EPSS
Exploits1References3
OSV
OSV
added last week4 views

CVE-2026-59890 setuptools: MANIFEST.in exclusion bypass in sdist via Unicode normalization collision (NFC/NFD) on macOS APFS/HFS+

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unico...

6.1CVSS6.1AI score0.0029EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.7 views

PT-2026-56503

Name of the Vulnerable Software and Affected Versions setuptools versions prior to 83.0.0 Description setuptools is a package used to download, build, install, upgrade, and uninstall Python packages. The FileList component fails to perform Unicode normalization when matching compiled glob pattern...

6.1CVSS6.1AI score0.0029EPSS
Exploits1References8
NVD
NVD
added 2026/06/24 5:17 p.m.9 views

CVE-2026-54905

concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::ReentrantReadWriteLock can incorrectly grant a write lock after one thread acquires the read lock 32,768 times. The lock stores a thread's local read and write hold counts in one integer. The low 15 bits are used...

5.5CVSS0.00106EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 4:28 p.m.22 views

CVE-2026-52973

Summary: CVE-2026-52973 relates to the Linux kernel futex subsystem. The issue arises from dropping the CLONE_THREAD requirement for private default futex hash allocation, because the function need_futex_hash_allocate_default() relied on strict pthread semantics. This misinteraction with CLONE_TH...

7.8CVSS5.7AI score0.00128EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/06/24 3:42 p.m.2 views

CVE-2026-54905 concurrent-ruby: `ReentrantReadWriteLock` read-count overflow grants a write lock without exclusivity

concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::ReentrantReadWriteLock can incorrectly grant a write lock after one thread acquires the read lock 32,768 times. The lock stores a thread's local read and write hold counts in one integer. The low 15 bits are used...

2CVSS5.9AI score0.00106EPSS
Exploits0References3
CVE
CVE
added 2026/06/24 3:42 p.m.38 views

CVE-2026-54905

CVE-2026-54905 affects the concurrent-ruby library, specifically Concurrent::ReentrantReadWriteLock. Before version 1.3.7, after a thread acquires the read lock 32,768 times, the local read count overflows into the WRITE_LOCK_HELD bit, causing try_write_lock to treat the thread as if it holds a w...

5.5CVSS5.8AI score0.00106EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/22 12:39 p.m.3 views

CVE-2026-56447 MISP remote code execution via arbitrary rdkafka configuration path

MISP allowed an authenticated site administrator to set the Kafkardkafkaconfig setting to an arbitrary filesystem path. MISP subsequently parsed the referenced INI file and passed its options to rdkafka. A crafted attacker-controlled configuration file could use rdkafka options such as...

9.3CVSS6.5AI score0.00342EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.16 views

PT-2026-51311

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description An authenticated site administrator can set the Kafka rdkafka config setting to an arbitrary filesystem path. The system parses the referenced INI file and passes its options to rdkafka. By usin...

9.3CVSS6.3AI score0.00342EPSS
Exploits0References7
OSV
OSV
added 2026/06/19 8:47 p.m.7 views

GHSA-WV3X-4VXV-WHPP Concurrent Ruby: `ReentrantReadWriteLock` read-count overflow grants a write lock without exclusivity

Summary Concurrent::ReentrantReadWriteLock can incorrectly grant a write lock after one thread acquires the read lock 32,768 times. The lock stores a thread's local read and write hold counts in one integer. The low 15 bits are used for the read hold count, and bit 15 is used as WRITELOCKHELD...

2CVSS5.9AI score0.00106EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/19 8:47 p.m.7 views

Concurrent Ruby: `ReentrantReadWriteLock` read-count overflow grants a write lock without exclusivity

Summary Concurrent::ReentrantReadWriteLock can incorrectly grant a write lock after one thread acquires the read lock 32,768 times. The lock stores a thread's local read and write hold counts in one integer. The low 15 bits are used for the read hold count, and bit 15 is used as WRITELOCKHELD...

5.5CVSS5.9AI score0.00106EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.14 views

PT-2026-51121

Name of the Vulnerable Software and Affected Versions SpiceDB versions prior to 1.54.0 Description Under concurrency, the CheckPermission and CheckBulkPermissions functions can incorrectly return PERMISSIONSHIP HAS PERMISSION instead of PERMISSIONSHIP CONDITIONAL PERMISSION for a specific resourc...

3.7CVSS5.9AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.14 views

PT-2026-51091

Name of the Vulnerable Software and Affected Versions concurrent-ruby versions prior to 1.3.7 Description Concurrent::ReentrantReadWriteLock can incorrectly grant a write lock after a single thread acquires the read lock 32,768 times. The lock manages a thread's local read and write hold counts...

5.5CVSS5.9AI score0.00106EPSS
Exploits0References8
RubySec
RubySec
added 2026/06/19 12:0 a.m.5 views

Concurrent Ruby - `ReentrantReadWriteLock` read-count overflow grants a write lock without exclusivity

Summary Concurrent::ReentrantReadWriteLock can incorrectly grant a write lock after one thread acquires the read lock 32,768 times. The lock stores a thread's local read and write hold counts in one integer. The low 15 bits are used for the read hold count, and bit 15 is used as WRITELOCKHELD...

5.5CVSS5.8AI score0.00106EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/12 2:15 p.m.10 views

EUVD-2026-36444

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM supports excluding public network builtins from the wildcard builtin option. With this configuration direct access to http, https, http2, net, dgram, tls, dns, and dns/promises is blocked. However, Node.js also exposes...

8.6CVSS5.2AI score0.00282EPSS
Exploits0References3
OSV
OSV
added 2026/06/08 1:15 p.m.8 views

JLSEC-2026-582 xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion...

xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes...

7.8CVSS7.2AI score0.00324EPSS
Exploits3References4
Debian CVE
Debian CVE
added 2026/05/28 9:35 a.m.10 views

CVE-2026-46106

In the Linux kernel, the following vulnerability has been resolved: eventfs: Hold eventfsmutex and SRCU when remount walks events Commit 340f0c7067a9 "eventfs: Update all the eventfsinodes from the events descriptor" had eventfssetattrs recurse through ei-children on remount. The walk only holds...

5.5CVSS5.7AI score0.00122EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iocost: Fixed the issue of dividing by zero when calculating donations from cgroups with an active hweight of less than 2. The donation calculation logic assumes that the donor will have a non-zero hweight after the donation...

5.5CVSS5.9AI score0.0025EPSS
Exploits0References2
Rows per page
Query Builder