Lucene search
K

3481 matches found

NVD
NVD
added 19 hours ago6 views

CVE-2026-15618

A security flaw has been discovered in mosaxiv clawlet up to 0.2.10. The affected element is the function guardExecCommand of the file tools/toolexec.go of the component exec Safety Guard. The manipulation results in protection mechanism failure. It is possible to launch the attack remotely. The...

7.5CVSS
Exploits0References6
Cvelist
Cvelist
added yesterday12 views

CVE-2026-15618 mosaxiv clawlet exec Safety Guard tool_exec.go guardExecCommand protection mechanism

A security flaw has been discovered in mosaxiv clawlet up to 0.2.10. The affected element is the function guardExecCommand of the file tools/toolexec.go of the component exec Safety Guard. The manipulation results in protection mechanism failure. It is possible to launch the attack remotely. The...

7.5CVSS
Exploits0References6
NVD
NVD
added 4 days ago9 views

CVE-2026-53450

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, coturn rejects loopback peers by default unless allow-loopback-peers is enabled, but the default loopback guard can be bypassed by using the IPv4-mapped IPv6 peer address ::ffff:127.0.0.1 in a TURN...

7.4CVSS0.00287EPSS
Exploits0References2
CVE
CVE
added 4 days ago6 views

CVE-2026-21044

CVE-2026-21044 describes Improper authorization in KnoxGuardManager prior to SMR Jul-2026 Release 1, allowing local attackers to bypass the application’s persistence configuration. The vulnerability enables a local attacker with low privileges and no user interaction to access or modify persisten...

5.8CVSS5.9AI score0.00096EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago5 views

CVE-2026-15300

The GEO my WP plugin for WordPress was vulnerable to SQL Injection via the 'distance', 'lat', and 'lng' parameters in versions up to, and including, 4.5.4. The values were read from $SERVER'QUERYSTRING' via parsestr bypassing wpmagicquotes, which does not cover $SERVER, then passed through bare...

9.1CVSS6AI score0.00349EPSS
Exploits0References7
NVD
NVD
added 6 days ago7 views

CVE-2026-55830

RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Prior to 8.3, checkfunctionargumentnames rejected protected guard hook names for regular, variadic, and keyword-only arguments but omitted...

8.3CVSS0.00226EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-55830 RestrictedPython guard hooks can be shadowed via positional-only arguments

RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Prior to 8.3, checkfunctionargumentnames rejected protected guard hook names for regular, variadic, and keyword-only arguments but omitted...

8.3CVSS0.00226EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-55830

RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Prior to 8.3, checkfunctionargumentnames rejected protected guard hook names for regular, variadic, and keyword-only arguments but omitted...

8.3CVSS5.9AI score0.00226EPSS
Exploits0References3Affected Software1
CVE
CVE
added 6 days ago8 views

CVE-2026-55830

Vulnerability summary (CVE-2026-55830) : In RestrictedPython, prior to version 8.3, check_function_argument_names() failed to reject protected guard hook names for positional-only arguments, enabling a local parameter to shadow special names such as getattr , getitem , write , or print . This cou...

8.3CVSS5.9AI score0.00226EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42295

BBOT's unarchive module rejects archives containing symlink entries before extraction, but for zip and 7z archives it failed to detect symlinks whose listing carries a DOS-attribute prefix before the unix mode, as produced by legacy versions of p7zip. Such an archive, downloaded and extracted...

3.1CVSS5.9AI score0.00291EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-14966 Symlink guard bypass in unarchive module allows planting symlinks during extraction

BBOT's unarchive module rejects archives containing symlink entries before extraction, but for zip and 7z archives it failed to detect symlinks whose listing carries a DOS-attribute prefix before the unix mode, as produced by legacy versions of p7zip. Such an archive, downloaded and extracted...

3.1CVSS0.00291EPSS
Exploits0References1
CVE
CVE
added last week9 views

CVE-2026-54607

FastGPT exposed an SSRF issue in the HTTP-tool OpenAPI schema importer prior to 4.15.0-beta4. The importer validates only the top-level URL before handing refs to SwaggerParser.bundle, whose resolver can fetch and inline $ref URLs bypassing FastGPT’s internal-address guard, enabling an authentica...

7.7CVSS6AI score0.00238EPSS
Exploits0References4
Nuclei
Nuclei
added 2026/07/07 4:50 p.m.121 views

WordPress BackupGuard <1.6.0 - Authenticated Arbitrary File Upload

WordPress Backup Guard plugin before 1.6.0 is susceptible to authenticated arbitrary file upload. The plugin does not ensure that imported files are in SGBP format and extension, allowing high-privilege users to upload arbitrary files, including PHP, possibly leading to remote code execution. id:...

7.2CVSS7.5AI score0.84112EPSS
Exploits9References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/07 3:29 p.m.10 views

Malicious code in tx-guard-snap (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fce7ebfc771355b732949df26e92e2ec8a80c0de7cda46bcb865687c33d572ff tx-guard-snap advertises itself as a real-time transaction security analysis MetaMask Snap but performs no analysis. Its onTransaction handler...

6AI score
Exploits0References2
OSV
OSV
added 2026/07/07 3:29 p.m.4 views

MAL-2026-6943 Malicious code in tx-guard-snap (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fce7ebfc771355b732949df26e92e2ec8a80c0de7cda46bcb865687c33d572ff tx-guard-snap advertises itself as a real-time transaction security analysis MetaMask Snap but performs no analysis. Its onTransaction handler...

6.1AI score
Exploits0References2
NVD
NVD
added 2026/07/06 10:16 p.m.8 views

CVE-2026-38976

mrubyc through 3.4.1 was found to contain a NULL pointer dereference in src/vm.c in opsuper / OPSUPER due to a missing runtime guard for top-level super...

7.5CVSS0.00339EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 6:53 p.m.5 views

Malicious code in chai-guard (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9e0814b168c19eced65c482efd2ccec185224474b7fbc0e47a2a3ab8fb3a5100 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/07/06 6:53 p.m.3 views

MAL-2026-6827 Malicious code in chai-guard (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9e0814b168c19eced65c482efd2ccec185224474b7fbc0e47a2a3ab8fb3a5100 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/07/06 6:28 a.m.5 views

OESA-2026-2860 gnupg2 security update

GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 also known as PGP. GnuPG enables encryption and signing of data and communication, and features a versatile key management system as well as access modules for public key directories. Security Fixes: CMS...

2.9CVSS5.9AI score0.0011EPSS
Exploits0References2
OSV
OSV
added 2026/07/06 6:28 a.m.4 views

OESA-2026-2859 gnupg2 security update

GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 also known as PGP. GnuPG enables encryption and signing of data and communication, and features a versatile key management system as well as access modules for public key directories. Security Fixes: CMS...

2.9CVSS5.9AI score0.0011EPSS
Exploits0References2
Rows per page
Query Builder