Lucene search
K

6919 matches found

ATTACKERKB
ATTACKERKB
added 6 days ago5 views

CVE-2026-33734

FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have a SQL injection vulnerability in the Massmailer module filter functionality. An authenticated administrator can supply crafted filter values when updating a mass email message, causing...

6.9CVSS6AI score0.00218EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 6 days ago5 views

CVE-2026-34038

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, an authenticated remote command injection vulnerability in application deployment handling allows users with application write permissions to achieve remote code execution...

9.9CVSS6.6AI score0.02539EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 6 days ago27 views

CVE-2026-55514 vLLM denial of service via prompt embeds on M-RoPE models

vLLM is a library for LLM inference and serving. From 0.12.0 to before 0.24.0, sending a pure prompt embeds payload in a /v1/completions request with a model using M-RoPE causes EngineCore to fail an assertion and fatally crash, shutting down the entire server application. Any remote user who is...

7.1CVSS0.0037EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-50135 Hugo: Symlink confinement bypass in resources.Get

Hugo is a static site generator. From 0.123.0 to 0.161.1, a regression made RootMappingFs.statRoot use Stat follows symlinks instead of Lstat , so a direct resources.Get of a symlink pointing outside its mount returned the target's contents — letting a symlink planted in a local mount e.g. a...

6.9CVSS0.00275EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-50135

Hugo is a static site generator. From 0.123.0 to 0.161.1, a regression made RootMappingFs.statRoot use Stat follows symlinks instead of Lstat , so a direct resources.Get of a symlink pointing outside its mount returned the target's contents — letting a symlink planted in a local mount e.g. a...

6.9CVSS5.9AI score0.00275EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 6 days ago36 views

CVE-2026-50134 Hugo: security.http.urls allow-list bypass via HTTP redirects

Hugo is a static site generator. From 0.91.0 until 0.162.0, resources.GetRemote enforces security.http.urls on the URL it is called with, but it did not re-validate intermediate URLs on HTTP 3xx redirects. An allowed server or an attacker controlling its DNS or response could therefore redirect t...

6.3CVSS0.00249EPSS
Exploits0References3
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-41901

Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile.open read image dimensions from the GD 2.x header and stored them in self.size without calling Image.decompressionbombcheck, allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This iss...

7.5CVSS6AI score0.00361EPSS
Exploits1References3
NVD
NVD
added 6 days ago7 views

CVE-2026-59152

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to 0.8.18, an attacker who can send an HTTP request to a server running the LangSmith SDK's TracingMiddleware can cause that server to read an arbitrary file from its local filesystem and upload the contents to...

5CVSS0.00174EPSS
Exploits0References1
NVD
NVD
added 6 days ago8 views

CVE-2026-13708

Imager::File::JPEG versions before 1.003 for Perl leak heap memory when reading a JPEG with repeated APP13 markers in ireadjpegwiol. ireadjpegwiol walks the marker list libjpeg returns and, for each APP13 marker, allocates a new buffer with iptcitext = mymalloc... and overwrites the previous...

7.5CVSS0.00375EPSS
Exploits0References3
OSV
OSV
added 6 days ago4 views

BIT-ACTIVEMQ-2026-53917 Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker: Unbounded memory allocation in OpenWire property unmarshalling

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker. An authenticated user can cause a broker DoS by sending a crafted OpenWire Message with a large encoded size value for the map. OpenWire message...

7.5CVSS5.9AI score0.00796EPSS
Exploits0References3
OSV
OSV
added last week6 views

ROOT-OS-UBUNTU-2404-CVE-2025-39679 CVE-2025-39679 in rootio-linux - Patched by Root

Root has patched CVE-2025-39679 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

5.5CVSS8.1AI score0.00145EPSS
Exploits0
OSV
OSV
added last week6 views

ROOT-OS-UBUNTU-2404-CVE-2026-45860 CVE-2026-45860 in rootio-linux - Patched by Root

Root has patched CVE-2026-45860 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

7CVSS5.3AI score0.00686EPSS
Exploits0
Debian
Debian
added 2026/07/03 8:56 p.m.10 views

[SECURITY] [DSA 6376-1] openvpn security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6376-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 03, 2026 https://www.debian.org/security/faq -...

7.5CVSS6AI score0.00549EPSS
Exploits0
Snyk
Snyk
added 2026/07/03 8:14 p.m.7 views

Double Free

Overview Affected versions of this package are vulnerable to Double Free in the ExportToBlob function of the PLY Model Handler component. An attacker can cause memory corruption or application crashes by triggering a double free condition remotely. Remediation There is no fixed version for assimp...

6.5CVSS6.7AI score0.00233EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.10 views

PT-2026-55516

Name of the Vulnerable Software and Affected Versions Apache Lucene.Net.Replicator versions 4.8.0-beta00005 through 4.8.0-beta00017 Description A Path Traversal issue exists in the Lucene.Net.Replicator library, which allows an unauthenticated user to perform an arbitrary file read on the...

8.9CVSS6.1AI score0.00703EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/07/02 4:2 p.m.35 views

CVE-2026-50281 Craft CMS: Mass assignment via id in newAttributes during bulk duplicate overwrites existing elements

Craft CMS is a content management system CMS. Versions 5.7.0 and above, prior to 5.9.21 contain a mass-assignment flaw in the bulk-duplicate element action. An attacker who is only able to duplicate their own entires can submit an arbitrary id through the newAttributes request parameter. The...

7.1CVSS0.00253EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/02 1:50 p.m.3 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the BalancerForward process. An attacker can manipulate upstream IP-based logic, such as rate limiting, access control, and audit logging, by injecting a spoofed X-Real-IP header value in requests. Remediation The...

6.9CVSS6AI score0.00455EPSS
Exploits0References2
NVD
NVD
added 2026/07/01 10:16 p.m.5 views

CVE-2026-55793

Craft CMS is a content management system CMS. In versions 5.0.0-RC1 through 5.9.22, an author-level control panel user can store a malicious JavaScript payload in an entry title. When an admin, or any control panel user with saveEntries for the same Structure section, drags another entry under th...

5.9CVSS0.00412EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/01 9:29 p.m.9 views

Security Bulletin: Nomad vulnerable to path traversal in dynamic host volume which may lead to code execution

Summary HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to code execution on the client host through a path traversal attack. This vulnerability CVE-2026-7474 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11. Vulnerability Details CVEID:CVE-2026-7474 DESCRIPTION: A user with...

8.8CVSS6.1AI score0.06892EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/01 8:29 p.m.4 views

CVE-2026-54756

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.18, Jodit.configureoptions — and the internal ConfigMerge / ConfigProto helpers — merged user-supplied options into the editor configuration without filtering...

6.3CVSS5.7AI score0.00273EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder