Lucene search
K

3070 matches found

Cvelist
Cvelist
added 2026/06/05 3:48 p.m.41 views

CVE-2026-48103 GHSL-2026-119 7-Zip WIM SecurityId OOB read

7-Zip is a file archiver with a high compression ratio. Versions 9.34 through 26.00 contain an off-by-one heap out-of-bounds read in the WIM Windows Imaging archive handler's security descriptor lookup. In CHandler::GetSecurity CPP/7zip/Archive/Wim/WimHandler.cpp, the per-image SecurOffsets table...

4.3CVSS0.00225EPSS
Exploits1References1
PyPA
PyPA
added 2026/06/01 5:17 p.m.64 views

PYSEC-2026-196

pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...

5.5CVSS5.4AI score0.0032EPSS
Exploits0References3Affected Software1
PyPA
PyPA
added 2026/06/01 5:17 p.m.12 views

PYSEC-0000-CVE-2026-8643

pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...

5.5CVSS5.5AI score0.0032EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/01 5:17 p.m.13 views

PYSEC-2026-196

pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...

5.5CVSS5.4AI score0.0032EPSS
Exploits0References3
NVD
NVD
added 2026/06/01 5:17 p.m.13 views

CVE-2026-8643

pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...

8CVSS0.0032EPSS
Exploits0References30
Cvelist
Cvelist
added 2026/06/01 3:1 p.m.35 views

CVE-2026-8643 pip can extract console_scripts and gui_scripts outside installation directory

pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...

4.1CVSS0.0032EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/01 3:1 p.m.11 views

CVE-2026-8643 pip can extract console_scripts and gui_scripts outside installation directory

pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...

4.1CVSS5.8AI score0.0032EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 3:1 p.m.11 views

CVE-2026-8643

pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...

8CVSS5.8AI score0.0032EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/01 3:1 p.m.13 views

EUVD-2026-33682

pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...

4.1CVSS5.8AI score0.0032EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/01 3:1 p.m.13 views

CVE-2026-8643

pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...

8CVSS5.8AI score0.0032EPSS
Exploits0
CVE
CVE
added 2026/06/01 3:1 p.m.83 views

CVE-2026-8643

CVE-2026-8643 affects pip: a flaw in how entry-point names in wheel files are handled can cause path traversal and arbitrary file overwrite during wheel installation. Exploitation can overwrite files outside the installation directory. Reports from SUSE, AWS Amazon Linux advisories, and Red Hat r...

8CVSS5.8AI score0.0032EPSS
Exploits0References30Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.24 views

PT-2026-44372

Name of the Vulnerable Software and Affected Versions qSnapper versions prior to 1.3.3 Description A time-to-check-time-of-use TOCTOU issue in the polkit authentication of qSnapper allows a local attacker to bypass the authentication mechanism. This can enable the attacker to perform operations...

8.1CVSS5.9AI score0.00136EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.12 views

PT-2026-45480

Name of the Vulnerable Software and Affected Versions pip affected versions not specified Description pip fails to sanitize the resolved absolute path to the installation directory when treating console scripts and gui scripts as paths rather than file names. This allows entry points to be...

8CVSS5.8AI score0.0032EPSS
Exploits0References65
GithubExploit
GithubExploit
added 2026/05/27 12:16 a.m.131 views

Exploit for Missing Authentication for Critical Function in Cpanel

CVE-2026-41940 — WHM/cPanel Exploit Tool Linux ⚠️ DISCL...

9.8CVSS6AI score0.981EPSS
Exploits64
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/26 6:34 p.m.19 views

Security Bulletin: Vulnerability in JUnit4 shipped with Tivoli Netcool/OMNIbus (CVE-2020-15250)

Summary A vulnerability in JUnit4 that is used by the Mib Manager GUI component, in Netcool/OMNIbus, has been addressed. Vulnerability Details CVEID:CVE-2020-15250 DESCRIPTION: In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure...

5.5CVSS7.1AI score0.01695EPSS
Exploits1Affected Software1
GithubExploit
GithubExploit
added 2026/05/21 6:52 p.m.69 views

rgui-3.4.4-seh-bof-exploit

Exploração de Buffer Overflow SEH Overwrite no RGui 3.4.4...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/20 3:35 p.m.8 views

org.glassfish.main.admingui:admingui (>=7.0.0 <=9.0.0-M1), org.glassfish.main.admingui:console-cluster-plugin (>=7.0.0 <=9.0.0-M1) +19 more potentially affected by CVE-2026-2587 via org.glassfish.jsftemplating:jsftemplating (>=4.0.0 <=4.1.0)

org.glassfish.jsftemplating:jsftemplating MAVEN version =4.0.0, =7.0.0, =7.0.0, =7.0.16, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =9.0.0-M1 and more Source cves: CVE-2026-2587 Source advisory: SNYK:JAVA-ORGGLASSFISHJSFTEMPLATING-167906...

9.6CVSS5.4AI score0.00628EPSS
Exploits2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Zabbix

A authenticated user with API access e.g., a user with the default User role can be added to any group e.g., Zabbix Administrators. Specifically, a user with access to the user.update API endpoint can be added to any group, except for groups that are disabled or have restricted GUI access...

8.8CVSS7.2AI score0.0073EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2026/05/19 3:31 p.m.8 views

org.glassfish.main.admingui:console-cluster-plugin (>=3.1.2 <=8.0.1), org.glassfish.main.admingui:console-commandrecorder-plugin (>=7.0.16 <=8.0.1) +15 more potentially affected by CVE-2026-2586 via org.glassfish.main.admingui:console-common (>=3.1.2 <=8.0.1)

org.glassfish.main.admingui:console-common MAVEN version =3.1.2, =3.1.2, =7.0.16, =3.1.2, =3.1.2, =3.1.2, =3.1.2, =3.1.2, =4.0, =3.1.2, =4.0, =3.1.2, =4.0, =4.0, =6.2.5, =4.1, =8.0.1 and more Source cves: CVE-2026-2586 Source advisory: OSV:GHSA-96V6-HQ43-X9H4...

9.1CVSS5.4AI score0.00819EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/05/19 3:31 p.m.6 views

org.glassfish.main.admingui:admingui (>=6.0.0 <=9.0.0-M1), org.glassfish.main.admingui:console-cluster-plugin (>=6.0.0 <=9.0.0-M1) +19 more potentially affected by CVE-2026-2587 via org.glassfish.jsftemplating:jsftemplating (>=3.0.0 <=4.1.0)

org.glassfish.jsftemplating:jsftemplating MAVEN version =3.0.0, =6.0.0, =6.0.0, =7.0.16, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =9.0.0-M1 and more Source cves: CVE-2026-2587 Source advisory: OSV:GHSA-29WV-CV7P-XJC2https://vulners.c...

9.6CVSS5.4AI score0.00628EPSS
Exploits2
Rows per page
Query Builder