Lucene search
+L

69 matches found

redhatcve
redhatcve
added 2026/06/05 7:29 p.m.15 views

CVE-2026-20175

A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an affected device, possibly leading to browser-based attacks. This vulnerability is due to insufficient validation of user-supplied input...

6.1CVSS5.9AI score0.0018EPSS
Exploits0References1
veracode
veracode
added 2026/05/23 6:7 a.m.20 views

Directory Traversal

Python Liquid is vulnerable to Directory Traversal. The vulnerability is due to insufficient validation of absolute file paths in the FileSystemLoader and CachingFileSystemLoader, which allows a malicious template author to load and render arbitrary files outside the configured search paths using...

8.2CVSS5.9AI score0.00335EPSS
Exploits0References3Affected Software1
cve
cve
added 2026/05/22 7:28 p.m.167 views

CVE-2026-5843

The CVE describes a vulnerability in Docker Model Runner (macOS) where the MLX-LM backend unconditionally imports and executes arbitrary Python files specified by model_file in a model's config.json via importlib, without a trust_remote_code gate or sandboxing. This enables container-to-host arbi...

8.8CVSS6.4AI score0.00224EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2026/05/20 5:47 p.m.14 views

CVE-2026-24217

NVIDIA BioNeMo Core for Linux contains a vulnerability where a user could cause a path traversal by loading a malicious file. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering...

8.8CVSS5.8AI score0.00764EPSS
Exploits0References3
astralinux
astralinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: x86/kexec: fixed the memory leak in the elf header buffer. This issue was reported by the kmemleak detector: Unreferenced object 0xffffc900002a9000 size 4096: comm “kexec”, pid 14950, jiffies 4295110793 age 373.951s Hex dump firs...

5.5CVSS6.4AI score0.0027EPSS
Exploits0References2
hackerone
hackerone
added 2026/05/13 10:12 p.m.32 views

curl: HSTS multi-trailing-dot bypass-ish: possible incomplete fix for CVE-2022-30115

Hi all, Honestly, I'm not completely certain about this issue, but I think the CVE-2022-30115 fix "HSTS bypass via trailing dot" is incomplete: the same asymmetry exists for hostnames with two or more trailing dots, so http://example.com../ still gets sent in plaintext when there's a valid HSTS...

4.3CVSS6.8AI score0.01118EPSS
Exploits1
susecve
susecve
added 2026/05/13 3:37 a.m.14 views

SUSE CVE-2026-41256

jq is a command-line JSON processor. In 1.8.1 and earlier, Top-level jq programs loaded from a file with -f are truncated at the first embedded NUL byte on current upstream HEAD. A crafted filter file such as . followed by \x00 and arbitrary suffix compiles and executes as only the prefix before...

5.5CVSS5.9AI score0.00158EPSS
Exploits1References3
osv
osv
added 2026/05/11 5:18 p.m.2 views

CVE-2026-41256 jq: Embedded NUL truncates top-level jq programs loaded with -f

jq is a command-line JSON processor. In 1.8.1 and earlier, Top-level jq programs loaded from a file with -f are truncated at the first embedded NUL byte on current upstream HEAD. A crafted filter file such as . followed by \x00 and arbitrary suffix compiles and executes as only the prefix before...

5.5CVSS6AI score0.00158EPSS
Exploits1References3
veracode
veracode
added 2026/04/16 8:59 a.m.13 views

Path Traversal

LiquidJS is vulnerable to Path Traversal. The vulnerability is due to the top-level file loads not enforcing the boundary set by the configured root, where a Liquid instance configured with an empty temporary directory as root can return the contents of arbitrary files and attackers can exploit...

7.5CVSS5.8AI score0.00447EPSS
Exploits0References4Affected Software1
zdi
zdi
added 2026/04/15 12:0 a.m.10 views

Malwarebytes Anti-Malware Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Malwarebytes Anti-Malware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

7.8CVSS6.1AI score
Exploits0
vulnrichment
vulnrichment
added 2026/02/18 1:57 p.m.4 views

CVE-2025-33253

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering...

7.8CVSS6.5AI score0.00187EPSS
Exploits0References3
susecve
susecve
added 2026/01/16 12:26 a.m.6 views

SUSE CVE-2025-71139

In the Linux kernel, the following vulnerability has been resolved: kernel/kexec: fix IMA when allocation happens in CMA area Bug description When I tested kexec with the latest kernel, I ran into the following warning: 40.712410 ------------ cut here ------------ 40.712576 WARNING: CPU: 2 PID:...

5.5CVSS6.5AI score0.00102EPSS
Exploits0References3
nvd
nvd
added 2026/01/14 3:16 p.m.6 views

CVE-2025-71139

In the Linux kernel, the following vulnerability has been resolved: kernel/kexec: fix IMA when allocation happens in CMA area Bug description When I tested kexec with the latest kernel, I ran into the following warning: 40.712410 ------------ cut here ------------ 40.712576 WARNING: CPU: 2 PID:...

5.5CVSS0.00102EPSS
Exploits0References2
cve
cve
added 2025/12/14 10:48 p.m.12 views

CVE-2025-67900

NXLog Agent before 6.11 is affected by a vulnerability where the process can load a file specified by the OPENSSL_CONF environment variable. This allows manipulation of the OpenSSL configuration, with potential impact on cryptographic operations. Affected product: NXLog Agent; vulnerable version(...

8.1CVSS6.5AI score0.00106EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2025/12/14 12:0 a.m.18 views

PT-2025-51178

Name of the Vulnerable Software and Affected Versions NXLog Agent versions prior to 6.11 Description NXLog Agent versions before 6.11 are susceptible to a local issue that allows attackers to manipulate the OpenSSL configuration. The issue involves the loading of a file specified by the OPENSSL...

8.1CVSS6.1AI score0.00106EPSS
Exploits0References3
githubexploit
githubexploit
added 2025/12/13 3:49 p.m.148 views

MicrosoftAmplifierPoC

Microsoft Amplifier RCE PoC Proof of concept demonstrating re...

8.2AI score
Exploits0
osv
osv
added 2025/10/22 4:45 p.m.4 views

GHSA-CQ46-M9X9-J8W2 Scapy Session Loading Vulnerable to Arbitrary Code Execution via Untrusted Pickle Deserialization

Summary An unsafe deserialization vulnerability in Scapy Internally, this triggers: python main.py SESSION = pickle.loadgzip.opensessionname, "rb" Since no validation or restriction is performed on the deserialized object, any code embedded via reduce will be executed immediately. This makes it...

5.4CVSS6.2AI score
Exploits0References3
cve
cve
added 2025/10/17 3:20 p.m.47 views

CVE-2025-49655

CVE-2025-49655 affects the Keras framework with deserialization of untrusted data in versions 3.11.0 up to, but not including, 3.11.3. A maliciously uploaded Keras file containing a TorchModuleWrapper class can execute arbitrary code on an end user’s system when loaded, even if safe mode is enabl...

9.8CVSS7AI score0.00699EPSS
Exploits0References2
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2016-4583

Malware in sbrugna...

6.1CVSS6.7AI score0.01673EPSS
Exploits0References4
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2011-1374

Malware in sbrugna...

9.3CVSS6.4AI score0.03628EPSS
Exploits0References6
Rows per page
Query Builder