Lucene search
K

1128 matches found

Cvelist
Cvelist
added 2026/06/11 6:28 p.m.72 views

CVE-2026-47172 Quest Bot: Untrusted pull request code can be built and deployed by privileged `workflow_run` deployment.

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, the repository has a privileged deploy workflow that runs after the unprivileged build workflow completes. The build workflow runs on pull requests, and the deploy workflow checks ou...

9.5CVSS0.00324EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/06/11 12:0 a.m.19 views

ViPER: Vision-Based Packing-Aware Encoder for Robust Malware Detection

Visualization-based malware detection maps raw binary bytes to grayscale images and applies learned visual classifiers, providing an evasion-resistant and disassembly-free alternative to conventional analysis pipelines. However, executable packing remains a critical failure mode: packed binaries...

5.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.16 views

PT-2026-48731

Summarize before 0.17.0 contains a resource exhaustion vulnerability that allows remote attackers to cause disk exhaustion by serving media responses that bypass the enforced size limit through missing or misreported Content-Length headers, chunked transfer encoding, or failed HEAD requests...

5.3CVSS5.5AI score0.00329EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/10 12:9 p.m.12 views

netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion

A flaw was found in Netty, an asynchronous, event-driven network application framework. A remote attacker could exploit this vulnerability by sending a specific sequence of HTTP responses 103, followed by a 200 with a GET body, then another 200 for a HEAD request when the client pipelines GET the...

9.1CVSS6.8AI score0.0075EPSS
Exploits1References5
NVD
NVD
added 2026/06/10 12:16 a.m.15 views

CVE-2026-45782

Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. From version 21.0 to before version 51.2, a guest can cause a use-after-free in the cloud-hypervisor process by submitting two virtio-block descriptor chains that reuse the same headindex while asynchronous block I/O is enabled e....

8.9CVSS0.00138EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.19 views

Cloud hypervisor 资源管理错误漏洞

Cloud Hypervisor is a virtual machine monitor developed by Cloud Hypervisor Company, designed for modern cloud workloads. Versions of Cloud Hypervisor from 21.0 to 51.2 contained a resource management vulnerability. This vulnerability stemmed from submitting two virtio-block descriptors with the...

8.9CVSS5.3AI score0.00138EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 11:45 p.m.21 views

CVE-2026-46540

Nimiq light-blockchain (Rust, Albatross) had a bug in LightBlockchain::rebranch() before v1.4.0: when forking to a macro-block tip (checkpoint or election), it updated only head and did not refresh macro_head, election_head, current_validators, or store the election header. This mismatch with the...

6.5CVSS5.3AI score0.00259EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/09 10:53 p.m.47 views

CVE-2026-45782 Cloud Hypervisor: Use-after-free in virtio-block Async I/O Completion

Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. From version 21.0 to before version 51.2, a guest can cause a use-after-free in the cloud-hypervisor process by submitting two virtio-block descriptor chains that reuse the same headindex while asynchronous block I/O is enabled e....

8.9CVSS0.00138EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/09 10:53 p.m.10 views

EUVD-2026-35870

Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. From version 21.0 to before version 51.2, a guest can cause a use-after-free in the cloud-hypervisor process by submitting two virtio-block descriptor chains that reuse the same headindex while asynchronous block I/O is enabled e....

8.9CVSS5.6AI score0.00138EPSS
Exploits0References5
CVE
CVE
added 2026/06/09 10:53 p.m.39 views

CVE-2026-45782

Cloud Hypervisor (virtio-block) is affected from 21.0 up to before 51.2. The issue arises in asynchronous virtio-block I/O completion when two descriptor chains reuse the same head_index, allowing a use-after-free that corrupts a bounce buffer if the duplicate operation completes before the origi...

8.9CVSS5.6AI score0.00138EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.17 views

PT-2026-48331

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, when LightBlockchain::rebranch adopts a fork chain whose tip is a macro block checkpoint or election, it only updates self.head but fails to update self.macro...

6.5CVSS5.3AI score0.00259EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/08 12:30 a.m.11 views

EUVD-2026-34998

A security vulnerability has been detected in jishenghua jshERP up to 3.6. This vulnerability affects the function addAccountHeadAndDetail of the file jshERP-boot/src/main/java/com/jsh/erp/service/AccountHeadService.java of the component addAccountHeadAndDetail Endpoint. Such manipulation of the...

5.5CVSS5.2AI score0.00323EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/07 12:0 a.m.21 views

PT-2026-47198

A security vulnerability has been detected in jishenghua jshERP up to 3.6. This vulnerability affects the function addAccountHeadAndDetail of the file jshERP-boot/src/main/java/com/jsh/erp/service/AccountHeadService.java of the component addAccountHeadAndDetail Endpoint. Such manipulation of the...

5.5CVSS5.5AI score0.00323EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.9 views

CVE-2026-9813

FlowIntel up to version 3.3.0 contains a server-side request forgery SSRF vulnerability in the external reference URL probe functionality in app/case/task.py. An attacker who can submit an external reference URL can cause the application server to issue an HTTP HEAD request to an attacker-specifi...

9.9CVSS5.5AI score0.00232EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.12 views

CVE-2026-44798

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, a user with access to add/change a GitRepository record could use the REST API to directly set the currenthead field on the record, which was not intended to be user-editable. Doing so could cause...

7.1CVSS5.4AI score0.00277EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 8:16 p.m.11 views

CVE-2026-41249

CoreShop is a Pimcore enhanced eCommerce solution. In versions 5.0.1 through 5.1.0-beta.1,, the GitHub Actions workflow .github/workflows/static.yml uses the pullrequesttarget trigger but dangerously checks out the unverified code from the pull request head ref: $ github.event.pullrequest.head.re...

8.2CVSS0.00433EPSS
Exploits0References3
OSV
OSV
added 2026/06/04 7:36 p.m.11 views

GHSA-GQ96-5PFX-F4VC Shopware: SSRF in Media External-Link Endpoint Bypasses IP Validation

Summary The /api/action/media/external-link endpoint allows authenticated admin users to make server-side HTTP HEAD requests to arbitrary internal IP addresses. While the parallel uploadFromURL flow validates target IPs against private/reserved ranges via FileUrlValidator, the linkURL flow only...

4.1CVSS5.9AI score0.00051EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/04 7:26 p.m.7 views

CVE-2026-41249

CoreShop is a Pimcore enhanced eCommerce solution. In versions 5.0.1 through 5.1.0-beta.1,, the GitHub Actions workflow .github/workflows/static.yml uses the pullrequesttarget trigger but dangerously checks out the unverified code from the pull request head ref: $ github.event.pullrequest.head.re...

8.2CVSS6AI score0.00433EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.20 views

PT-2026-46863

Summary The /api/ action/media/external-link endpoint allows authenticated admin users to make server-side HTTP HEAD requests to arbitrary internal IP addresses. While the parallel uploadFromURL flow validates target IPs against private/reserved ranges via FileUrlValidator, the linkURL flow only...

4.1CVSS5.9AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.15 views

PT-2026-46889

Summary The /api/ action/media/external-link endpoint allows authenticated admin users to make server-side HTTP HEAD requests to arbitrary internal IP addresses. While the parallel uploadFromURL flow validates target IPs against private/reserved ranges via FileUrlValidator, the linkURL flow only...

4.1CVSS5.9AI score0.00051EPSS
Exploits0References4
Rows per page
Query Builder