Lucene search
K

1240 matches found

Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-55830 RestrictedPython guard hooks can be shadowed via positional-only arguments

RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Prior to 8.3, checkfunctionargumentnames rejected protected guard hook names for regular, variadic, and keyword-only arguments but omitted...

8.3CVSS0.00226EPSS
Exploits0References2
CVE
CVE
added 6 days ago8 views

CVE-2026-55830

Vulnerability summary (CVE-2026-55830) : In RestrictedPython, prior to version 8.3, check_function_argument_names() failed to reject protected guard hook names for positional-only arguments, enabling a local parameter to shadow special names such as getattr , getitem , write , or print . This cou...

8.3CVSS5.9AI score0.00226EPSS
Exploits0References2
OSV
OSV
added 2026/07/06 6:1 p.m.7 views

MAL-2026-6797 Malicious code in mongoose-lean-hooks (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 540ace1cb8bc936ea953554a9ffc28203370f82cb5e5a7dfbf1454bf0e834b9a On require'mongoose-lean-hooks', the package's main entry index.js runs a top-level async IIFE that issues an HTTP GET to...

6.5AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 6:1 p.m.6 views

Malicious code in mongoose-lean-hooks (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 540ace1cb8bc936ea953554a9ffc28203370f82cb5e5a7dfbf1454bf0e834b9a On require'mongoose-lean-hooks', the package's main entry index.js runs a top-level async IIFE that issues an HTTP GET to...

6.5AI score
Exploits0References5
EUVD
EUVD
added 2026/07/02 5:50 p.m.12 views

EUVD-2026-36195

Dulwich's submodule path traversal in porcelain.submoduleupdate / porcelain.clonerecursesubmodules=True yields RCE via attacker-dropped .git/hooks payload...

7.5CVSS5.8AI score0.00448EPSS
Exploits0References3
OSV
OSV
added 2026/07/02 5:50 p.m.7 views

GHSA-GFHV-VQV2-4544 Dulwich's submodule path traversal in porcelain.submodule_update / porcelain.clone(recurse_submodules=True) yields RCE via attacker-dropped .git/hooks payload

Summary dulwich.porcelain.submoduleupdate, and by extension porcelain.clone..., recursesubmodules=True, materializes attacker-controlled submodule paths from a crafted upstream repository without path validation. A malicious .gitmodules plus a matching tree gitlink whose path is .git/hooks or any...

7.5CVSS6.4AI score0.00448EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/02 5:11 p.m.14 views

EUVD-2026-36324

OpenClaw: MCP loopback could skip owner-only tool policy for non-owner callers...

6.9CVSS5.8AI score0.00096EPSS
Exploits0References3
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-487 PraisonAIAgents has an OS Command Injection via shell=True in Memory Hooks Executor (memory/hooks.py)

Summary The memory hooks executor in praisonaiagents passes a user-controlled command string directly to subprocess.run with shell=True at src/praisonai-agents/praisonaiagents/memory/hooks.py lines 303 to 305. No sanitization, no shlex.quote, no character filter, and no allowlist check exists...

9.3CVSS6.3AI score0.00229EPSS
Exploits1References5
OSV
OSV
added 2026/06/26 6:33 p.m.2 views

GHSA-48Q5-W887-33WV Incus has a restricted project bypass leading to arbitrary command execution

Summary Instance snapshots ignore the restricted.containers.lowlevel=block setting; allowing for arbitrary command execution on the Incus server by abusing lowlevel hooks such as raw.lxc and raw.qemu. Details Instance snapshots ignore the restricted.containers.lowlevel=block setting; allowing for...

9.9CVSS6.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.17 views

PT-2026-53012

Name of the Vulnerable Software and Affected Versions Incus affected versions not specified Description Instance snapshots ignore the restricted.containers.lowlevel=block setting, which allows for arbitrary command execution on the Incus server. This occurs by abusing lowlevel hooks such as raw.l...

9.9CVSS6.3AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-53000

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: nat: use kfreercu to release ops Florian Westphal says: Historically this is not an issue, even for normal base hooks: the data path doesn't use the...

7.8CVSS6.1AI score0.00123EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52364

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the netfilter synproxy infrastructure. This occurs because netfilter hooks are registered on-demand when a user adds the first iptables target or nftables...

5.5CVSS6.1AI score0.00119EPSS
Exploits0References22
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:33 p.m.5 views

CVE-2026-52813

Gogs is an open source self-hosted Git service. Prior to 0.14.3, organization names containing path traversal sequences ../ are accepted by Gogs, and repositories under them are written to paths following these path traversals. This allows storing/retrieving data for repositories at arbitrary...

10CVSS6.1AI score0.01107EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/06/24 8:33 p.m.24 views

CVE-2026-52813

CVE-2026-52813 (Gogs) involves a path traversal flaw in organization names that contain ../ sequences, causing writes to arbitrary filesystem paths. The root cause is insufficient sanitization in internal/database/org.go (and related repo path logic), enabling an attacker to nest Git repositories...

10CVSS6.1AI score0.01107EPSS
In wildExploits0References4
Cvelist
Cvelist
added 2026/06/24 8:31 p.m.31 views

CVE-2026-52811 Gogs: UploadRepoFiles writes outside repo working tree via committed parent sym

Gogs is an open source self-hosted Git service. Prior to 0.14.3, Repository.UploadRepoFiles checks for symlinks only on the leaf of the upload target osx.IsSymlinktargetPath. The siblings UpdateRepoFile, DeleteRepoFile, and GetDiffPreview use hasSymlinkInPath, which lstats every component —...

9CVSS0.00474EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 6:17 p.m.8 views

CVE-2026-54686

Warp is an agentic development environment. From 0.2021.04.25.23.05.stable00 until 0.2026.05.06.15.42.stable01, Warp accepted certain state-mutating terminal lifecycle hooks from the PTY stream without verifying that the hooks were emitted by Warp's shell integration for the active session. An...

4.3CVSS0.00278EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/24 5:28 p.m.35 views

CVE-2026-54686 Warp: DCS lifecycle hook spoofing can alter terminal session metadata

Warp is an agentic development environment. From 0.2021.04.25.23.05.stable00 until 0.2026.05.06.15.42.stable01, Warp accepted certain state-mutating terminal lifecycle hooks from the PTY stream without verifying that the hooks were emitted by Warp's shell integration for the active session. An...

4.3CVSS0.00278EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/06/24 5:28 p.m.5 views

CVE-2026-54686

Warp is an agentic development environment. From 0.2021.04.25.23.05.stable00 until 0.2026.05.06.15.42.stable01, Warp accepted certain state-mutating terminal lifecycle hooks from the PTY stream without verifying that the hooks were emitted by Warp's shell integration for the active session. An...

4.3CVSS5.9AI score0.00278EPSS
Exploits1References4
NVD
NVD
added 2026/06/24 5:17 p.m.6 views

CVE-2026-53000

In the Linux kernel, the following vulnerability has been resolved: netfilter: nat: use kfreercu to release ops Florian Westphal says: "Historically this is not an issue, even for normal base hooks: the data path doesn't use the original nfhookops that are used to register the callbacks. However,...

7.8CVSS0.00123EPSS
Exploits0References6
NVD
NVD
added 2026/06/24 5:17 p.m.6 views

CVE-2026-52988

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: join hook list via splicelistrcu in commit phase Publish new hooks in the list into the basechain/flowtable using splicelistrcu to ensure netlink dump list traversal via rcu is safe while concurrent ruleset...

7.1CVSS0.00122EPSS
Exploits0References2
Rows per page
Query Builder