Lucene search
K

2562 matches found

RedHat Linux
RedHat Linux
added 2026/05/12 11:31 p.m.12 views

freerdp: FreeRDP has a heap-buffer-overflow in bitmap_cache_put via OOB cacheId

A heap based buffer overflow flaw has been discovered in FreeRDP. This client-side heap out-of-bounds read/write occurs in FreeRDP's bitmap cache subsystem due to an off-by-one boundary check in bitmapcacheput. A malicious server can send a CACHEBITMAPORDER Rev1 with cacheId equal to maxCells,...

8.2CVSS6.3AI score0.00309EPSS
Exploits1References6
OSV
OSV
added 2026/05/12 7:43 a.m.11 views

MAL-2026-3687 Malicious code in crazehub (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53d37c0e75f63e9da7adcc1f71f8b67a665d080342df6857a15dadc297e4f075 crazehub/init.py performs multiple user-hostile actions at import time. Lines 2-3 unconditionally run os.system"pip install phonenumbers" and...

6AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/12 12:0 a.m.8 views

Adobe Illustrator < 29.8.7 / 30.0 < 30.4 Multiple Vulnerabilities (APSB26-51)

The version of Adobe Illustrator installed on the remote Windows host is prior to 29.8.7, 30.4. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-51 advisory. - Illustrator versions 29.8.6, 30.3 and earlier are affected by a Heap-based Buffer Overflow vulnerabilit...

7.8CVSS6.4AI score0.00174EPSS
Exploits0References5
CVE
CVE
added 2026/05/12 12:0 a.m.19 views

CVE-2026-31236

The CVE-2026-31236 issue affects the llm CLI tool up to version 0.27.1. The vulnerability arises from the --functions argument, which accepts user-provided Python definitions and is executed with unsafe exec() without sanitization or sandboxing, enabling arbitrary code execution on a victim’s sys...

9.8CVSS6.3AI score0.00327EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/11 10:11 a.m.9 views

glib: GLib: Buffer underflow in GVariant parser leads to heap corruption

A flaw was found in GLib Gnome Lib. This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings...

9.8CVSS6.2AI score0.00754EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.8 views

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : opam vulnerability (USN-8256-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8256-1 advisory. Andrew Nesbitt discovered that opam did not properly validate file destination paths in package install files. An...

7.3CVSS6.5AI score0.0018EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.9 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS : Swish-e vulnerabilities (USN-8240-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8240-1 advisory. It was discovered that Expat, vendored in Swish-e incorrectly handled certain files. An...

9.8CVSS6.1AI score0.34174EPSS
Exploits0References3
OSV
OSV
added 2026/05/08 6:31 p.m.6 views

GHSA-3RF6-X59V-5JFV dash-uploader has a directory traversal vulnerability

Impact An unauthenticated path traversal vulnerability exists in dash-uploader versions 0.1.0 through 0.7.0a2. The library's HTTP request handler at dashuploader/httprequesthandler.py reads three form parameters uploadid, resumableFilename, resumableIdentifier from request.form.get and passes the...

9.8CVSS6AI score0.05982EPSS
Exploits4References8
ATTACKERKB
ATTACKERKB
added 2026/05/08 3:24 p.m.7 views

CVE-2026-41690

18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Versions prior to 3.9.3 allow an unauthenticated HTTP client to pollute Object.prototype in the Node.js process hosting the middleware, via two unvalidated entry points that...

8.6CVSS5.9AI score0.0031EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/05/08 4:16 a.m.11 views

CVE-2026-42203

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. From version 1.80.5 to before version 1.83.7, the POST /prompts/test endpoint accepted user-supplied prompt templates and rendered them without sandboxing. A crafted template could run arbitrary code inside the...

8.8CVSS0.00373EPSS
Exploits1References5
CVE
CVE
added 2026/05/08 3:1 a.m.14 views

CVE-2026-43941

Electerm CVE-2026-43941 affects version 3.8.15 and earlier. The terminal hyperlink handler forwards any URL clicked in the terminal directly to shell.openExternal without protocol validation. An attacker controlling terminal output (e.g., via a malicious SSH server, compromised remote host, or ma...

9.6CVSS6.4AI score0.00394EPSS
Exploits0References1Affected Software1
SUSE CVE
SUSE CVE
added 2026/05/08 2:42 a.m.9 views

SUSE CVE-2014-2027

eGroupware before 1.8.006.20140217 allows remote attackers to conduct PHP object injection attacks, delete arbitrary files, and possibly execute arbitrary code via the 1 addrfields or 2 trans parameter to addressbook/csvimport.php, 3 calfields or 4 trans parameter to calendar/csvimport.php, 5...

7.5CVSS6.2AI score0.04079EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/05/08 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-8093

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory safety bugs present in Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these coul...

8.1CVSS6AI score0.00323EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/07 5:29 p.m.7 views

pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image

A flaw was found the Pillow Python imaging library. Providing a specially crafted PSD image may lead to an out-of-bounds write. This could potentially allow for arbitrary code execution or information disclosure...

8.6CVSS7.8AI score0.00367EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/05/07 1:53 p.m.31 views

CVE-2026-41689 Wallos: Shared local webhook allowlist lets low-privilege users send arbitrary requests to allowlisted internal services

Wallos is an open-source, self-hostable personal subscription tracker. In versions 4.8.4 and prior, the webhook notification feature reuses an administrator-configured local-target allowlist for every logged-in user. Any normal user can fully control a webhook URL, headers, and body, then use...

6CVSS0.00176EPSS
Exploits0References1
OSV
OSV
added 2026/05/07 3:2 a.m.14 views

USN-8241-1 coin3 vulnerabilities

It was discovered that Expat, vendored in Coin3D incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code...

9.8CVSS7.1AI score0.34174EPSS
Exploits0References3
Mozilla
Mozilla
added 2026/05/07 12:0 a.m.16 views

Security Vulnerabilities fixed in Firefox ESR 140.10.2 — Mozilla

Memory safety bugs present in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

9.8CVSS6AI score0.00446EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.11 views

PT-2026-39181

Andrew Nesbitt discovered that opam did not properly validate file destination paths in package install files. An attacker could use this issue to bypass sandbox protections and write files to arbitrary locations, possibly leading to arbitrary code execution...

7.3CVSS6.5AI score0.0018EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.13 views

RHCOS 4 : OpenShift Container Platform 4.8.31 (RHSA-2022:0483)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0483 advisory. - jenkins: no POST request is required for the endpoint handling manual build requests which could result in CSRF CVE-2022-20612 -...

8.8CVSS6AI score0.02277EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.13 views

PT-2026-37257

Name of the Vulnerable Software and Affected Versions Kimai versions 2.27.0 through 2.53.x Description Users with ROLE USER privileges can create a tag containing a formula string such as =SUM54+51 via the 'POST /api/tags' endpoint and assign it to a timesheet. The ArrayFormatter.formatValue...

6.8CVSS5.8AI score0.0022EPSS
Exploits1References8
Rows per page
Query Builder