Lucene search
K

6903 matches found

Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.11 views

PT-2026-52627

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.31 Description Cacti is an open source performance and fault management framework. A path traversal issue allows for arbitrary file read through the Report format file parameter. The process occurs in two stages:...

6.5CVSS5.9AI score0.00324EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52525

Name of the Vulnerable Software and Affected Versions pnpm versions 11.3.0 through 11.5.2 Description The pnpm stage download command derives a local filename using package name and version fields controlled by the registry. A crafted manifest can lead to a path traversal, allowing an attacker to...

7.1CVSS5.8AI score0.00267EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.10 views

PT-2026-52498

Name of the Vulnerable Software and Affected Versions Trivy versions prior to 0.71.0 Description A security scanner issue occurs when processing Helm chart archives .tgz. The custom tar unpacker uses the io.ReadAlltr function without a size limit. An attacker can provide a specially crafted...

6.9CVSS5.8AI score0.0025EPSS
Exploits0References13
OSV
OSV
added 2026/06/24 11:16 p.m.3 views

UBUNTU-CVE-2026-39899

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal via filename parameter in packageimport.php. This issue has been fixed in version 1.2.31...

6.9CVSS5.7AI score0.00261EPSS
Exploits0References4
CVE
CVE
added 2026/06/24 10:33 p.m.16 views

CVE-2026-39899

Cacti (versions ≤ 1.2.30) is vulnerable to a path traversal flaw via the filename parameter in package_import.php. The issue has been fixed in 1.2.31 . Exploitation details, impact metrics, and confirmed exploit code are not provided beyond this description in the linked sources. If affected, upg...

6.9CVSS5.7AI score0.00261EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/24 10:16 p.m.6 views

DEBIAN-CVE-2026-39894

Cacti is an open source performance and fault management framework. In versions 1.2.30 and below, the locale-dependent decimal formatting in rrdtoolfunctionupdate can corrupt RRDtool metric values. The rrdtoolfunctionupdate function checks metric values with isnumeric and concatenates them into t...

2.5CVSS5.8AI score0.00104EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 9:21 p.m.10 views

CVE-2026-54759

SiYuan’s Lute HTML sanitizer (prior to version 3.7.0) fails to remove elements. When combined with the SiYuan Electron client’s permissive security configuration, a malicious in a Bazaar package README can trigger arbitrary command execution on the victim’s machine when package details are view...

8.7CVSS6.1AI score0.00262EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 8:16 p.m.6 views

CVE-2026-23879

py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Versions 1.1.2 and below contain an an arbitrary file write vulnerability, which allows symbolic links to be recreated outside the destination directory via crafted malicious...

8CVSS0.00404EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 6:23 p.m.10 views

CVE-2026-49220

CVE-2026-49220 affects Jellyfin up to version 10.11.8, where a vulnerability in the AuthenticateByName flow allows a non-privileged user to inject HTML/JavaScript in the Client header that executes in an Administrative user session when accessing a user’s detail from the dashboard. This is a user...

5.7CVSS6.1AI score0.00194EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 6:21 p.m.29 views

CVE-2026-49246 Jellyfin: Potential MKV attachment filename path traversal to RCE

Jellyfin is an open source self hosted media server. Prior to 10.11.10, a specifically crafted MKV file containing forged filename tags can be leveraged to exploit missing path sanitization during playback. Jellyfin treats the MKV file name tag on MKV attachments as trusted and passes it...

6.3CVSS0.00258EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 6:17 p.m.10 views

CVE-2026-44020

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.13.0 until 2.74.0, the USPTO patent XML parser used the standard xml.sax.parseString without protection against XML External Entity XXE attacks. An attacker could...

9.4CVSS0.00334EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 6:17 p.m.9 views

CVE-2026-44016

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. FIn versions = 2.82.0, 2.91.0, if the HTML backend was explicitly configured for rendering rendering option by default deactivated, then the Playwright-based rendering...

8.2CVSS0.00384EPSS
Exploits0References5
CVE
CVE
added 2026/06/24 6:9 p.m.17 views

CVE-2026-53945

CVE-2026-53945 affects Ghost CMS: from 6.0.9 up to 6.21.1, the private-IP check for outbound HTTP requests could be bypassed via DNS rebinding, allowing the Ghost server to reach internal hosts through features that issue external fetches. Remediation: upgrade to Ghost 6.21.1 or later. Impact per...

4CVSS5.9AI score0.0014EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/24 5:42 p.m.4 views

CVE-2026-44016 Docling: Unsafe Playwright-based HTML Rendering

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. FIn versions = 2.82.0, 2.91.0, if the HTML backend was explicitly configured for rendering rendering option by default deactivated, then the Playwright-based rendering...

8.2CVSS6.7AI score0.00384EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 5:35 p.m.5 views

CVE-2026-48704

Warp is an agentic development environment. From 0.2023.10.24.08.03.stable00 until 0.2026.05.06.15.42.stable01, Warp may open executable local files through the operating system default file handler. A malicious Markdown document or project can contain a local-file link that appears as normal...

8.8CVSS5.9AI score0.00255EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 5:33 p.m.31 views

CVE-2026-48719 Warp branch selector command injection via Git branch names

Warp is an agentic development environment. From 0.2025.08.06.08.12.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command injection in the prompt branch selector. A user who can publish a branch to a Git repository opened in Warp can cause a crafted branch name to be interpreted by...

8CVSS0.00948EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 5:22 p.m.19 views

CVE-2026-48725

Warp exposes a vulnerability where terminal output can request access to the local clipboard via OSC 52. From build 0.2021.04.25.23.05.stable_00 up to 0.2026.05.06.15.42.stable_01, a malicious remote host or attacker-controlled terminal output source could trigger reads or writes to the user’s cl...

8.1CVSS5.9AI score0.00213EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 5:17 p.m.7 views

CVE-2026-54906

concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::ReadWriteLockreleasewritelock does not verify that the calling thread acquired the write lock. Any thread with access to the lock object can release an active write lock held by another thread. A second writer can...

9.8CVSS0.0016EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.9 views

Astra Linux – Vulnerability in imagemagick

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, there was a heap buffer over-read vulnerability when processing images with small dimensions using the -wavelet-denoise operator. Versions 7.1.2-15 and 6.9.13-4...

7.1CVSS7.2AI score0.00137EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in cups

OpenPrinting CUPS is an open-source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.17, a network-attached attacker could send a crafted SNMP response to the CUPS SNMP backend, causing an out-of-bounds read of up to 176 bytes beyond the stack buffer. The leak...

5.4CVSS5.7AI score0.00409EPSS
Exploits1References2
Rows per page
Query Builder