Lucene search
K

771 matches found

OSV
OSV
added 2026/04/21 8:16 p.m.7 views

GHSA-JJ7C-X25R-R8R3 Brillig: Heap corruption in foreign call results with nested tuple arrays

Description Noir programs can invoke external functions through foreign calls. When compiling to Brillig bytecode, the SSA instructions are processed block-by-block in BrilligBlock::compileblock. When the compiler encounters an Instruction::Call with a Value::ForeignFunction target, it invokes...

9.3CVSS5.8AI score0.00395EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.4 views

PT-2026-34235

Description Noir programs can invoke external functions through foreign calls. When compiling to Brillig bytecode, the SSA instructions are processed block-by-block in BrilligBlock::compile block. When the compiler encounters an Instruction::Call with a Value::ForeignFunction target, it invokes...

9.3CVSS5.8AI score0.00395EPSS
Exploits0References7
The Hacker News
The Hacker News
added 2026/04/18 7:59 a.m.9 views

$13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence Claims

Grinex, a Kyrgyzstan-incorporated cryptocurrency exchange sanctioned by the U.K. and the U.S. last year, said it's suspending operations after it blamed Western intelligence agencies for a $13.74 million hack. The exchange said it fell victim to what it described as a large-scale cyber attack tha...

5.8AI score
Exploits0
OSV
OSV
added 2026/04/14 8:5 p.m.7 views

GHSA-4P64-V8F5-R2GX Multiple security fixes in justhtml

Summary justhtml 1.16.0 fixes multiple security issues in sanitization, serialization, and programmatic DOM handling. Most of these issues affected one of these advanced paths rather than ordinary parsed HTML with the default safe settings: - programmatic DOM input to sanitize or sanitizedom -...

5.3CVSS5.9AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/14 8:5 p.m.8 views

Multiple security fixes in justhtml

Summary justhtml 1.16.0 fixes multiple security issues in sanitization, serialization, and programmatic DOM handling. Most of these issues affected one of these advanced paths rather than ordinary parsed HTML with the default safe settings: - programmatic DOM input to sanitize or sanitizedom -...

5.9AI score
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/13 7:24 p.m.9 views

CVE-2026-40252

FastGPT is an AI Agent building platform. Prior to 4.14.10.4, Broken Access Control vulnerability IDOR/BOLA allows any authenticated team to access and execute applications belonging to other teams by supplying a foreign appId. While the API correctly validates the team token, it does not verify...

8.1CVSS6AI score0.00342EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/10 8:52 p.m.5 views

EUVD-2026-21605

FastGPT is an AI Agent building platform. Prior to 4.14.10.4, Broken Access Control vulnerability IDOR/BOLA allows any authenticated team to access and execute applications belonging to other teams by supplying a foreign appId. While the API correctly validates the team token, it does not verify...

5.3CVSS6AI score0.00342EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.6 views

PT-2026-32044

FastGPT is an AI Agent building platform. Prior to 4.14.10.4, Broken Access Control vulnerability IDOR/BOLA allows any authenticated team to access and execute applications belonging to other teams by supplying a foreign appId. While the API correctly validates the team token, it does not verify...

5.3CVSS6AI score0.00342EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/08 12:6 a.m.5 views

Cross-site Scripting (XSS)

Overview justhtml is an A pure Python HTML5 parser that just works. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the custom SanitizationPolicy if configured with dropforeignnamespaces=False or allowlisted foreign elements such as MathML or SVG or raw-text...

4.7CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/04/08 12:6 a.m.6 views

GHSA-R758-8HXW-4845 justhtml: Mutation XSS with custom foreign-namespace sanitization policies

Summary A parser-differential / mutation XSS issue was found in justhtml when using a custom sanitization policy that preserves foreign namespaces such as SVG or MathML. Under these custom settings, specially crafted input could sanitize into HTML that looked safe at first, but became unsafe when...

2.1CVSS5.7AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/08 12:6 a.m.9 views

justhtml: Mutation XSS with custom foreign-namespace sanitization policies

Summary A parser-differential / mutation XSS issue was found in justhtml when using a custom sanitization policy that preserves foreign namespaces such as SVG or MathML. Under these custom settings, specially crafted input could sanitize into HTML that looked safe at first, but became unsafe when...

5.8AI score
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/03 1:27 p.m.4 views

JLSEC-2026-52

Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting...

8.8CVSS7AI score0.01565EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/03 3:47 a.m.2 views

EUVD-2026-18336

OpenSTAManager: SQL Injection via Aggiornamenti Module...

8.8CVSS6AI score0.00668EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/04/03 3:47 a.m.14 views

OpenSTAManager: SQL Injection via Aggiornamenti Module

Description The Aggiornamenti Updates module in OpenSTAManager query'SET FOREIGNKEYCHECKS=0'; // Line 69: FK checks DISABLED $errors = ; $executed = 0; foreach $queries as $query try $dbo-query$query; // Line 76: DIRECT EXECUTION ++$executed; catch Exception $e $errors = $query.' - '.$e-getMessag...

8.8CVSS6.5AI score0.00668EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/04/03 3:47 a.m.2 views

GHSA-2FR7-CC4F-WH98 OpenSTAManager: SQL Injection via Aggiornamenti Module

Description The Aggiornamenti Updates module in OpenSTAManager query'SET FOREIGNKEYCHECKS=0'; // Line 69: FK checks DISABLED $errors = ; $executed = 0; foreach $queries as $query try $dbo-query$query; // Line 76: DIRECT EXECUTION ++$executed; catch Exception $e $errors = $query.' - '.$e-getMessag...

8.8CVSS6.4AI score0.00668EPSS
Exploits1References5
Schneier on Security
Schneier on Security
added 2026/04/02 5:28 p.m.4 views

US Bans All Foreign-Made Consumer Routers

This is for new routers; you don't have to throw away your existing ones: The Executive Branch determination noted that foreign-produced routers 1 introduce "a supply chain vulnerability that could disrupt the U.S. economy, critical infrastructure, and national defense" and 2 pose "a severe...

5.9AI score
Exploits0
NVD
NVD
added 2026/04/02 2:16 p.m.4 views

CVE-2026-35168

OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, the Aggiornamenti Updates module in OpenSTAManager contains a database conflict resolution feature op=risolvi-conflitti-database that accepts a JSON array of SQL statements via PO...

8.8CVSS0.00668EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/02 1:48 p.m.6 views

CVE-2026-35168

OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, the Aggiornamenti Updates module in OpenSTAManager contains a database conflict resolution feature op=risolvi-conflitti-database that accepts a JSON array of SQL statements via PO...

8.8CVSS6.3AI score0.00668EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/02 1:48 p.m.2 views

CVE-2026-35168 OpenSTAManager: SQL Injection via Aggiornamenti Module

OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, the Aggiornamenti Updates module in OpenSTAManager contains a database conflict resolution feature op=risolvi-conflitti-database that accepts a JSON array of SQL statements via PO...

8.8CVSS6.2AI score0.00668EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/02 1:48 p.m.16 views

CVE-2026-35168 OpenSTAManager: SQL Injection via Aggiornamenti Module

OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, the Aggiornamenti Updates module in OpenSTAManager contains a database conflict resolution feature op=risolvi-conflitti-database that accepts a JSON array of SQL statements via PO...

8.8CVSS0.00668EPSS
Exploits1References3
Rows per page
Query Builder