Lucene search
K

3599 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago9 views

Malicious code in fast-dotenv (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da3250a4b69ccce49128d2e75ffb9e577746de4fb3afe0e0d242fbe5d094d02d The package presents itself as a.env loader but on load/config spawns a background thread that, after a 72–96 hour activation delay jittered by...

6.2AI score
Exploits0References6
NVD
NVD
added 5 days ago4 views

CVE-2026-40452

Incorrect Authorization, Improper Access Control vulnerability in Apache IoTDB. Authorization bypass in /rest/v2/fastLastQuery exposes last-value data to unauthorized authenticated users. This issue affects Apache IoTDB: from 1.3.5 before 1.3.8, from 2.0.5 before 2.0.10. Users are recommended to...

7.5CVSS0.00256EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 6 days ago4 views

fast-uri: fast-uri: Path traversal vulnerability allows bypass of security policies

A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by providing a specially crafted Uniform Resource Locator URL containing percent-encoded path separators and dot segments. Due to incorrect processing, fast-uri would decode these elements before proper normalization...

7.5CVSS7.2AI score0.00521EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 6 days ago5 views

fast-uri: fast-uri: URI authority bypass due to improper delimiter handling

A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by crafting a malicious Uniform Resource Identifier URI that contains percent-encoded authority delimiters. The fast-uri library incorrectly decodes these delimiters during normalization and then re-emits them as raw...

7.5CVSS6AI score0.00475EPSS
Exploits0References6
Fedora
Fedora
added 6 days ago10 views

[SECURITY] Fedora 43 Update: rust-jiter-0.16.0-1.fc43

Fast Iterable JSON parser...

5.9AI score
Exploits0
Fedora
Fedora
added 6 days ago13 views

[SECURITY] Fedora 44 Update: python-jiter-0.16.0-1.fc44

Fast iterable JSON parser...

5.9AI score
Exploits0
RedHat Linux
RedHat Linux
added last week5 views

kernel: wifi: mac80211: drop stray 'static' from fast-RX rx_result

A flaw was found in the Linux kernel's Wi-Fi mac80211 subsystem. The ieee80211invokefastrx function uses a static variable for rxresult, which is shared across concurrent calls. This can lead to incorrect processing of Wi-Fi packets, where a packet might be mishandled or its status incorrectly...

8.8CVSS5.9AI score0.00167EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/07 8:46 a.m.5 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.21.23 security and extras update

Red Hat OpenShift Container Platform release 4.21.23 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.21. Red Hat Product Security has rated this update as having a security impact of...

7.5CVSS6AI score0.00475EPSS
Exploits0References2
NVD
NVD
added 2026/07/02 9:16 p.m.6 views

CVE-2026-52830

fast-mcp-telegram is a Telegram MCP Server. Prior to 0.19.1, fast-mcp-telegram validates HTTP Bearer tokens by joining the raw token string into a session-file path. The verifier rejects the exact reserved token telegram, but it does not reject path separators or normalize the path before checkin...

9.4CVSS0.00423EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 8:39 p.m.9 views

CVE-2026-52830

fast-mcp-telegram is a Telegram MCP Server. Prior to 0.19.1, fast-mcp-telegram validates HTTP Bearer tokens by joining the raw token string into a session-file path. The verifier rejects the exact reserved token telegram, but it does not reject path separators or normalize the path before checkin...

9.4CVSS5.8AI score0.00423EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/07/02 8:39 p.m.7 views

EUVD-2026-41438

fast-mcp-telegram is a Telegram MCP Server. Prior to 0.19.1, fast-mcp-telegram validates HTTP Bearer tokens by joining the raw token string into a session-file path. The verifier rejects the exact reserved token telegram, but it does not reject path separators or normalize the path before checkin...

9.4CVSS5.8AI score0.00423EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/02 8:38 p.m.5 views

Improper Authentication

Overview fast-mcp-telegram is a Multi-tenant Telegram gateway for AI agents — HTTP+stdio transport, 8 agent-optimized tools, MTProto User API Affected versions of this package are vulnerable to Improper Authentication via the SessionFileTokenVerifier.verifytoken process. An attacker can gain...

9.4CVSS6AI score0.00423EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/02 11:15 a.m.36 views

CVE-2026-57683 WordPress WP Fast Total Search plugin <= 1.80.280 - SQL Injection vulnerability

Unauthenticated SQL Injection in WP Fast Total Search = 1.80.280 versions...

9.3CVSS0.00247EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.17 views

PT-2026-55313

Name of the Vulnerable Software and Affected Versions fast-mcp-telegram versions prior to 0.19.1 Description fast-mcp-telegram validates HTTP Bearer tokens by joining the raw token string into a session-file path. While the verifier rejects the exact reserved token telegram, it fails to reject pa...

9.4CVSS6AI score0.00423EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/07/01 11:9 a.m.6 views

fast-uri: fast-uri: URI authority bypass due to improper delimiter handling

A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by crafting a malicious Uniform Resource Identifier URI that contains percent-encoded authority delimiters. The fast-uri library incorrectly decodes these delimiters during normalization and then re-emits them as raw...

7.5CVSS5.8AI score0.00475EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/01 12:0 a.m.6 views

CVE-2026-38142

An unauthenticated command injection vulnerability in the /goform/fastsettinginternetset endpoint of Tenda AC18 v15.03.05.05 allows attackers to execute arbitrary commands via a crafted payload injected into the mac parameter...

6.5CVSS6.1AI score0.00685EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 12:0 a.m.11 views

CVE-2026-38142

CVE-2026-38142 describes an unauthenticated command-injection in the /goform/fast_setting_internet_set endpoint of Tenda AC18 v15.03.05.05, exploitable by injecting crafted payload into the mac parameter. The NVD/CVE listings confirm the vulnerability, with a CVSS 3.1 base score of 6.5 (Network, ...

6.5CVSS6.1AI score0.00685EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/30 7:44 a.m.3 views

Security Bulletin: IBM Maximo Application Suite uses ip-address-10.1.0.tgz and fast-xml-builder-1.1.5.tgz which are vulnerable to CVE-2026-44664, CVE-2026-44665 and CVE-2026-42338.

Summary IBM Maximo Application Suite uses ip-address-10.1.0.tgz and fast-xml-builder-1.1.5.tgz which are vulnerable to CVE-2026-44664, CVE-2026-44665 and CVE-2026-42338. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-42338...

8.1CVSS5.5AI score0.00471EPSS
Exploits2Affected Software1
OSV
OSV
added 2026/06/30 7:39 a.m.9 views

ROOT-APP-NPM-CVE-2026-27942 CVE-2026-27942 in @rootio/fast-xml-parser - Patched by Root

Root has patched CVE-2026-27942 in the @rootio/fast-xml-parser package for Root:npm. Multiple fixed versions available...

7.5CVSS5.9AI score0.00478EPSS
Exploits0
OSV
OSV
added 2026/06/30 7:39 a.m.11 views

ROOT-APP-NPM-CVE-2026-41650 CVE-2026-41650 in @rootio/fast-xml-parser - Patched by Root

Root has patched CVE-2026-41650 in the @rootio/fast-xml-parser package for Root:npm. Multiple fixed versions available...

6.1CVSS5.8AI score0.00238EPSS
Exploits1
Rows per page
Query Builder