Lucene search
K

695 matches found

Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.4 views

PT-2026-34557

Name of the Vulnerable Software and Affected Versions Frappe version 16.10.0 Description An authenticated attacker can persist crafted values in multiple field types to trigger client-side script execution when another user opens the affected document in Desk. This occurs because vulnerable...

5.4CVSS5.9AI score0.00193EPSS
Exploits1References7
OSV
OSV
added 2026/04/16 12:44 a.m.10 views

MAL-2026-2911 Malicious code in terminal-formatter (npm)

terminal-formatter is a malicious npm package that when installed postinstall-hook or imported sends local env variables, files and bash history to https://ghostraper.top and registers a new ssh key in .ssh/authorizedkeys. --- -= Per source details. Do not edit below this line.=- Source:...

5.7AI score
Exploits0
EUVD
EUVD
added 2026/04/03 9:31 p.m.6 views

EUVD-2026-18819

A weakness has been identified in BookStackApp BookStack up to 26.03. Affected is the function chapterToMarkdown of the file app/Exports/ExportFormatter.php of the component Chapter Export Handler. Executing a manipulation of the argument pages can lead to improper access controls. It is possible...

6.9CVSS5.5AI score0.00322EPSS
Exploits0References9
CVE
CVE
added 2026/04/03 7:45 p.m.9 views

CVE-2026-5484

Summary (CVE-2026-5484) : BookStackApp BookStack (up to 26.03) contains a vulnerability in the function chapterToMarkdown within app/Exports/ExportFormatter.php of the Chapter Export Handler . Manipulating the argument pages can bypass access controls, enabling a remote attack. The exploit is pub...

6.9CVSS5.7AI score0.00322EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.7 views

PT-2026-30222

A weakness has been identified in BookStackApp BookStack up to 26.03. Affected is the function chapterToMarkdown of the file app/Exports/ExportFormatter.php of the component Chapter Export Handler. Executing a manipulation of the argument pages can lead to improper access controls. It is possible...

6.9CVSS5.5AI score0.00322EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2026/03/13 1:15 p.m.7 views

SUSE CVE-2026-32274

Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker who controls the...

5.5CVSS5.9AI score0.00572EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/03/13 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-32274

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is computed from various formatting options. Th...

8.7CVSS7.3AI score0.00572EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/12 11:13 p.m.3 views

CVE-2026-32274

A user input sanitization flaw has been discovered in the Black python code formatter. Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker...

8.7CVSS5.7AI score0.00572EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2026/03/12 8:16 p.m.8 views

CVE-2026-32274

Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker who controls the...

8.7CVSS6AI score0.00572EPSS
Exploits0References3
OSV
OSV
added 2026/03/12 8:16 p.m.4 views

UBUNTU-CVE-2026-32274

Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker who controls the...

8.7CVSS5.9AI score0.00572EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/12 7:47 p.m.8 views

CVE-2026-32274 Black: Arbitrary file writes from unsanitized user input in cache file name

Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker who controls the...

8.7CVSS5.9AI score0.00572EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/12 7:47 p.m.3 views

CVE-2026-32274

Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker who controls the...

8.7CVSS5.9AI score0.00572EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/12 7:47 p.m.6 views

CVE-2026-32274 Black: Arbitrary file writes from unsanitized user input in cache file name

Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics option was placed in the filename without sanitization, which allowed an attacker who controls the...

8.7CVSS5.9AI score0.00572EPSS
Exploits0References12
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.14 views

Black 路径遍历漏洞

Black is a Python code formatting tool open-sourced by the Python Software Foundation. Versions of Black prior to 26.3.1 had a path traversal vulnerability. This vulnerability stemmed from the value of the “python-cell-magics” option, which did not clean up cache file names. As a result, it was...

8.7CVSS7.3AI score0.00572EPSS
Exploits0References5
NVD
NVD
added 2026/03/11 8:16 p.m.8 views

CVE-2026-31900

Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action supports an option, usepyproject: true, for reading the version of Black to use from the repository pyproject.toml. A malicious pull request could edit pyproject.toml to use a direct...

9.8CVSS0.0046EPSS
Exploits0References2
OSV
OSV
added 2026/03/11 8:16 p.m.3 views

UBUNTU-CVE-2026-31900

Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action supports an option, usepyproject: true, for reading the version of Black to use from the repository pyproject.toml. A malicious pull request could edit pyproject.toml to use a direct...

9.8CVSS6.4AI score0.0046EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/03/11 8:16 p.m.4 views

CVE-2026-31900

Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action supports an option, usepyproject: true, for reading the version of Black to use from the repository pyproject.toml. A malicious pull request could edit pyproject.toml to use a direct...

9.8CVSS6.3AI score0.0046EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/11 7:15 p.m.30 views

CVE-2026-31900 Black's vulnerable version parsing leads to RCE in GitHub Action

Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action supports an option, usepyproject: true, for reading the version of Black to use from the repository pyproject.toml. A malicious pull request could edit pyproject.toml to use a direct...

8.7CVSS0.0046EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/11 7:15 p.m.1 views

CVE-2026-31900 Black's vulnerable version parsing leads to RCE in GitHub Action

Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action supports an option, usepyproject: true, for reading the version of Black to use from the repository pyproject.toml. A malicious pull request could edit pyproject.toml to use a direct...

8.7CVSS6.3AI score0.0046EPSS
Exploits0References2
CVE
CVE
added 2026/03/11 7:15 p.m.31 views

CVE-2026-31900

CVE-2026-31900 concerns the Black Python code formatter used in a GitHub Action. The vulnerability arises when the action reads the Black version from a repository’s pyproject.toml (use_pyproject: true). A malicious pull request could alter pyproject.toml to reference a direct URL to a malicious ...

9.8CVSS6.3AI score0.0046EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder