Lucene search
K

2354 matches found

CVE
CVE
added yesterday9 views

CVE-2026-60082

DBI for Perl versions before 1.651 does not enforce statement handle consistency with the row during prepare. If a statement handle has no fields but the source row is non-empty, the internal row-buffer reads from a negative array index, due to a mismatch between provided metadata and rows. The i...

6.1AI score
Exploits0References4
EUVD
EUVD
added yesterday4 views

EUVD-2026-43604

EIPStackGroup OpENer 2.3.0 commit 76b95cf suffers from an Incorrect Access Control vulnerability in its handling of encapsulation sessions. When the server processes critical encapsulation commands, it verifies whether the provided sessionhandle exists in the global session list, but it fails to...

9.1CVSS6.1AI score0.00198EPSS
Exploits0References3
NVD
NVD
added 2 days ago6 views

CVE-2026-51538

EIPStackGroup OpENer 2.3.0 commit 76b95cf suffers from an Incorrect Access Control vulnerability in its handling of encapsulation sessions. When the server processes critical encapsulation commands, it verifies whether the provided sessionhandle exists in the global session list, but it fails to...

9.1CVSS0.00198EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago4 views

EUVD-2026-43298

A flaw has been found in will-moss Isaiah up to 1.36.9. The impacted element is the function Server.Handle of the file app/server/server/server.go of the component Master Websocket Handler. Executing a manipulation of the argument Agent can lead to missing authorization. It is possible to launch...

7.5CVSS6.6AI score0.00316EPSS
Exploits0References8
NVD
NVD
added 2 days ago7 views

CVE-2026-15541

A flaw has been found in will-moss Isaiah up to 1.36.9. The impacted element is the function Server.Handle of the file app/server/server/server.go of the component Master Websocket Handler. Executing a manipulation of the argument Agent can lead to missing authorization. It is possible to launch...

7.5CVSS0.00316EPSS
Exploits0References7
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-15541 will-moss Isaiah Master Websocket server.go Server.Handle authorization

A flaw has been found in will-moss Isaiah up to 1.36.9. The impacted element is the function Server.Handle of the file app/server/server/server.go of the component Master Websocket Handler. Executing a manipulation of the argument Agent can lead to missing authorization. It is possible to launch...

7.5CVSS0.00316EPSS
Exploits0References7
CVE
CVE
added 2 days ago8 views

CVE-2026-15541

CVE-2026-15541 affects will-moss Isaiah up to version 1.36.9. The flaw resides in the Master Websocket Handler’s Server.Handle function (file app/server/server/server.go). A manipulation of the Agent argument can lead to missing authorization, enabling a remote attack. The issue is awaiting a pul...

7.5CVSS6.6AI score0.00316EPSS
Exploits0References7
CVE
CVE
added 2 days ago17 views

CVE-2026-51538

CVE-2026-51538 (OpENer 2.3.0) describes an Incorrect Access Control in encapsulation session handling. The server validates that a session_handle exists in the global list but does not verify that the handle belongs to the TCP connection issuing the request. With no strong binding between a sessi...

9.1CVSS6.1AI score0.00198EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-51538

EIPStackGroup OpENer 2.3.0 commit 76b95cf suffers from an Incorrect Access Control vulnerability in its handling of encapsulation sessions. When the server processes critical encapsulation commands, it verifies whether the provided sessionhandle exists in the global session list, but it fails to...

0.00198EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added last week5 views

CVE-2026-11856

A flaw was found in curl. When libcurl performs a transfer to an HTTP origin using Digest authentication and then reuses the same connection handle for a subsequent transfer to a different origin, it may incorrectly send the authentication header intended for the first origin to the second. This...

9.8CVSS5.8AI score0.01064EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/07/07 9:8 p.m.26 views

CVE-2026-55490 OpenWrt: EAD Integer Underflow → Pre-Auth Denial of Service

OpenWrt is a Linux operating system targeting embedded devices. Before v25.12.5, an integer underflow in handlesenda of the Emergency Access Daemon allows any unauthenticated attacker on the local network to crash the daemon by sending a single crafted UDP packet. The message length underflows...

6.5CVSS0.00684EPSS
Exploits1References3
OSV
OSV
added 2026/07/07 2:34 p.m.4 views

PYSEC-2026-1268 Composio Command Execution vulnerability

composio =0.5.40 is vulnerable to Command Execution in composioopenai, composioclaude, and composiojulep via the handletoolcalls function...

6.4CVSS6AI score0.00584EPSS
Exploits1References10
Snyk
Snyk
added 2026/07/06 8:42 p.m.5 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview langroid is a Harness LLMs with Multi-Agent Programming Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the handlemessage process. An attacker can execute arbitrary tool handlers by...

8.6CVSS6.1AI score0.00392EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/07/06 2:31 p.m.5 views

kernel: libceph: prevent potential out-of-bounds reads in handle_auth_done()

In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds reads in handleauthdone Perform an explicit bounds check on payloadlen to avoid a possible out-of-bounds access in the callout. idryomov: changelog...

9.8CVSS6.6AI score0.00351EPSS
Exploits0References5
OSV
OSV
added 2026/07/06 2:4 a.m.2 views

SUSE-SU-2026:2759-1 Security update for apache2

This update for apache2 fixes the following issues - CVE-2026-29167: modldap per-dir use-after-free bsc1267976. - CVE-2026-29170: modproxyftp XSS bsc1267977. - CVE-2026-34355: modproxyhtml buffer overflow bsc1267978. - CVE-2026-34356: malicious backend servers can lead to a heap-based buffer...

9.8CVSS7.2AI score0.11471EPSS
Exploits8References27
BDU FSTEC
BDU FSTEC
added 2026/07/06 12:0 a.m.4 views

The vulnerability of the drm_gem_change_handle_ioctl() function in the Direct Rendering Manager (DRM) subsystem of Linux kernels allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the changehandle function in the Direct Rendering Manager DRM subsystem of Linux kernels relates to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of protected...

7.8CVSS6AI score0.00134EPSS
Exploits1References8Affected Software2
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.16 views

PT-2026-56064

Name of the Vulnerable Software and Affected Versions Langroid versions prior to 0.65.3 Description An application using this framework that exposes a chat interface to untrusted users may allow direct tool invocation via raw JSON payloads. This occurs even when tools are registered with use=Fals...

8.1CVSS6AI score0.00392EPSS
Exploits0References4
Rockylinux
Rockylinux
added 2026/07/05 12:3 p.m.7 views

rrdtool security update

An update is available for rrdtool. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The round robin database RRD system stores and displays time-series data, suc...

7.8CVSS6.2AI score0.00132EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/07/05 5:45 a.m.9 views

CVE-2026-14716

A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.13.0-beta.2. Impacted is the function MethodRouter.Handle of the file internal/gateway/router.go of the component WebSocket RPC Handler. Such manipulation leads to incorrect authorization. The attack may be launched...

6.5CVSS6.1AI score0.00228EPSS
Exploits0References6
OSV
OSV
added 2026/07/05 5:45 a.m.2 views

CVE-2026-14716 nextlevelbuilder GoClaw WebSocket RPC router.go MethodRouter.Handle authorization

A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.13.0-beta.2. Impacted is the function MethodRouter.Handle of the file internal/gateway/router.go of the component WebSocket RPC Handler. Such manipulation leads to incorrect authorization. The attack may be launched...

5.3CVSS6AI score0.00228EPSS
Exploits0References8
Rows per page
Query Builder