Lucene search
K

954 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-374 LangChain Experimental Eval Injection vulnerability

langchainexperimental aka LangChain Experimental 0.1.17 through 0.3.0 for LangChain allows attackers to execute arbitrary code through sympy.sympify which uses eval in LLMSymbolicMathChain. LLMSymbolicMathChain was introduced in fcccde406dd9e9b05fc9babcbeb9ff527b0ec0c6 2023-10-05...

9.8CVSS6.1AI score0.01387EPSS
Exploits1References7
OSV
OSV
added 2026/06/29 11:50 a.m.8 views

PYSEC-2026-375 LangChain Experimental vulnerable to arbitrary code execution

langchainexperimental aka LangChain Experimental before 0.0.52, part of LangChain before 0.1.8, allows an attacker to bypass the CVE-2023-44467 fix and execute arbitrary code via the import, subclasses, builtins, globals, getattribute, bases, mro, or base attribute in Python code. These are not...

9.8CVSS7.7AI score0.00766EPSS
Exploits0References5
Veracode
Veracode
added 2026/06/25 5:18 a.m.10 views

Improper Authorization

Apache DolphinScheduler is vulnerable to Improper Authorization. The vulnerability is due to incorrect authorization checks in the experimental /v2 interface, where insufficient access control allows attackers to perform unauthorized actions or access protected resources...

9.1CVSS5.9AI score0.00337EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/18 9:49 a.m.4 views

BIT-MASTODON-2026-47777 Mastodon has a consent-check bypass in its remote Collections

Mastodon is a free, open-source social network server based on ActivityPub. In versions there is a missing condition in the check if remote accounts consented to be featured in a remote Collection could lead to attackers bypassing the check and faking consent. An attacker could forge the...

7.5CVSS5.5AI score0.00167EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 1:20 p.m.9 views

CVE-2026-32967

Incorrect Authorization vulnerability of /v2 experimental interface in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...

9.1CVSS0.00337EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 4:54 p.m.10 views

EUVD-2026-36742

Mastodon is a free, open-source social network server based on ActivityPub. In versions there is a missing condition in the check if remote accounts consented to be featured in a remote Collection could lead to attackers bypassing the check and faking consent. An attacker could forge the...

7.5CVSS5.4AI score0.00167EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 12:58 p.m.51 views

CVE-2026-47200

Nuxt CVE-2026-47200 affects Nuxt 3.11.0–3.21.5 and 4.0.0-alpha.1–4.4.5 with experimental.componentIslands enabled. Server islands under /_nuxt_island/page * for .server.vue pages could bypass route middleware, exposing server-rendered content without Vue Router middleware running. Patch applied i...

6.3CVSS5.2AI score0.0023EPSS
Exploits1References2Affected Software2
Vulnrichment
Vulnrichment
added 2026/06/12 12:58 p.m.13 views

CVE-2026-47200 Nuxt: Route middleware not enforced when rendering `.server.vue` pages via `/__nuxt_island/page_*`

Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.11.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, when experimental.componentIslands is enabled default in Nuxt 4, any...

6.3CVSS5.3AI score0.0023EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.10 views

CVE-2026-5393

Dual-Algorithm CertificateVerify out-of-bounds read. When processing a dual-algorithm CertificateVerify message, an out-of-bounds read can occur on crafted input. This can only occur when --enable-experimental and --enable-dual-alg-certs is used when building wolfSSL...

9.1CVSS5.4AI score0.00194EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/01 4:3 p.m.16 views

CVE-2026-7459

The Simple History – Track, Log, and Audit WordPress Changes plugin for WordPress is vulnerable to authenticated Subscriber+ account takeover in all versions up to, and including, 5.26.0 via the event reaction endpoints reacttoevent / unreacttoevent. The endpoints register getitemspermissionschec...

7.5CVSS5.8AI score0.00593EPSS
Exploits1References1
NVD
NVD
added 2026/05/30 10:16 a.m.20 views

CVE-2026-7459

The Simple History – Track, Log, and Audit WordPress Changes plugin for WordPress is vulnerable to authenticated Subscriber+ account takeover in all versions up to, and including, 5.26.0 via the event reaction endpoints reacttoevent / unreacttoevent. The endpoints register getitemspermissionschec...

7.5CVSS0.00593EPSS
Exploits1References12
EUVD
EUVD
added 2026/05/30 9:29 a.m.20 views

EUVD-2026-33455

The Simple History – Track, Log, and Audit WordPress Changes plugin for WordPress is vulnerable to authenticated Subscriber+ account takeover in all versions up to, and including, 5.26.0 via the event reaction endpoints reacttoevent / unreacttoevent. The endpoints register getitemspermissionschec...

7.5CVSS5.8AI score0.00593EPSS
Exploits1References12
Vulnrichment
Vulnrichment
added 2026/05/30 9:29 a.m.9 views

CVE-2026-7459 Simple History – Track, Log, and Audit WordPress Changes <= 5.26.0 - Authenticated (Subscriber+) Account Takeover via Missing Authorization on Event Reaction Endpoint

The Simple History – Track, Log, and Audit WordPress Changes plugin for WordPress is vulnerable to authenticated Subscriber+ account takeover in all versions up to, and including, 5.26.0 via the event reaction endpoints reacttoevent / unreacttoevent. The endpoints register getitemspermissionschec...

7.5CVSS5.8AI score0.00593EPSS
Exploits1References12
ATTACKERKB
ATTACKERKB
added 2026/05/30 9:29 a.m.11 views

CVE-2026-7459

The Simple History – Track, Log, and Audit WordPress Changes plugin for WordPress is vulnerable to authenticated Subscriber+ account takeover in all versions up to, and including, 5.26.0 via the event reaction endpoints reacttoevent / unreacttoevent. The endpoints register getitemspermissionschec...

7.5CVSS5.8AI score0.00593EPSS
Exploits1References13
Positive Technologies
Positive Technologies
added 2026/05/30 12:0 a.m.19 views

PT-2026-45088

Name of the Vulnerable Software and Affected Versions Simple History versions prior to 5.26.1 Description The Simple History plugin for WordPress allows authenticated users with Subscriber-level permissions or higher to take over accounts. The issue exists in the event reaction endpoints...

7.5CVSS5.8AI score0.00593EPSS
Exploits1References18
OSV
OSV
added 2026/05/29 5:15 p.m.10 views

GHSA-HG3F-28RG-4JXJ Nuxt's route middleware is not enforced when rendering `.server.vue` pages via `/__nuxt_island/page_*`

Summary When experimental.componentIslands is enabled default in Nuxt 4, any .server.vue file under pages/ is automatically registered as a server island under the key page and exposed via the /nuxtisland/:name endpoint. Until this fix, requests through that endpoint rendered the page component...

6.3CVSS5.9AI score0.0023EPSS
Exploits1References5
Packet Storm News
Packet Storm News
added 2026/05/29 12:0 a.m.16 views

How to Compare the Security of Code Written by Humans to LLM-Generated Code

Large language models LLMs are rapidly transforming how software is created and maintained. Comparing LLM-generated code against human-written standards is essential to determine whether these new tools uphold or erode the security baselines established by professional developers. Yet, we lack a...

5.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.18 views

PT-2026-45028

Name of the Vulnerable Software and Affected Versions Nuxt versions 3.11.0 through 3.21.5 Nuxt versions 4.0.0-alpha.1 through 4.4.5 @nuxt/nitro-server versions 3.20.0 through 3.21.5 @nuxt/nitro-server versions 4.0.0-alpha.1 through 4.4.5 Description When experimental.componentIslands is enabled,...

6.3CVSS5.3AI score0.0023EPSS
Exploits1References8
EUVD
EUVD
added 2026/05/27 3:33 p.m.11 views

EUVD-2026-32218

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix EEXIST abort due to non-consecutive gaps in chunk allocation I have been observing a number of systems aborting at insertdevextents in btrfscreatependingblockgroups. The following is a sample stack trace of such an abo...

5.8AI score0.00121EPSS
Exploits0References4
OSV
OSV
added 2026/05/27 2:17 p.m.12 views

UBUNTU-CVE-2026-45934

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix EEXIST abort due to non-consecutive gaps in chunk allocation I have been observing a number of systems aborting at insertdevextents in btrfscreatependingblockgroups. The following is a sample stack trace of such an abo...

5.5CVSS5.7AI score0.00121EPSS
Exploits0References3
Rows per page
Query Builder