Lucene search
K

3460 matches found

CNNVD
CNNVD
added 2026/06/02 12:0 a.m.14 views

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser developed by Google Inc. of the United States. Google Chrome has a vulnerability related to input validation, which stems from insufficient validation for unreliable inputs...

8.8CVSS5.3AI score0.00234EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/01 10:5 p.m.29 views

CVE-2026-25260 Time-of-check Time-of-use (TOCTOU) Race Condition in DSP Service

Memory Corruption when accessing shared buffers without validation of concurrent user-mode input modifications...

7.8CVSS0.00052EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.9 views

go-billy 安全漏洞

Go-Billy is an open-source file system abstraction library developed by go-git. Versions of Go-Billy prior to 5.9.0 and 6.0.0-alpha.1 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of specially crafted or malformed inputs by multiple components, which cou...

6.5CVSS5.3AI score0.00295EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.11 views

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporated in the United States. There are security vulnerabilities in Qualcomm Chipsets, which stem from the lack of validation of concurrent user mode inputs when accessing shared buffers...

7.8CVSS5.3AI score0.00052EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/29 9:14 p.m.3 views

Incomplete List of Disallowed Inputs

Overview Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the defaultSanitizer function in FileAdder.php. An attacker can upload files with double extensions or omitted executable extensions, potentially leading to remote code execution by bypassing fil...

8.8CVSS6.4AI score0.0044EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.10 views

CVE-2026-36044

@pensar/apex = 0.0.58 is vulnerable to OS command injection via the smartenumerate tool. The createSmartEnumerateTool function in src/core/agent/tools.ts constructs a shell command by concatenating unsanitized values from the extensions array and url parameter into a string passed to Node.js...

8.8CVSS6AI score0.01852EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/29 6:20 p.m.8 views

Incomplete List of Disallowed Inputs

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the NodeVM builtin allowlist in lib/builtin.js. An attacker can read host-process state by supplying a sandb...

8.2CVSS5.9AI score0.00308EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/29 6:20 p.m.8 views

Incomplete List of Disallowed Inputs

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the NodeVM builtin allowlist in lib/builtin.js. An attacker can read host-process state by...

8.2CVSS6AI score0.00308EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/29 5:44 p.m.10 views

Incomplete List of Disallowed Inputs

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs through Symbol.for handling in lib/setup-sandbox.js and the bridge write traps in lib/bridge.js...

9.5CVSS5.9AI score0.00266EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/29 4:33 p.m.8 views

CVE-2026-45628

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.29.2 and earlier, Dokploy constructs shell commands using JavaScript template literals and executes them via childprocess.exec which runs through /bin/sh -c. User-supplied branch names, repository URLs, and Docker credentials are...

9.6CVSS5.8AI score0.0023EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/29 4:33 p.m.26 views

CVE-2026-45628

Dokploy (PaaS) vulnerability CVE-2026-45628 affects version 0.29.2 and earlier. The root cause is unescaped interpolation of user-supplied branch names, repo URLs, and Docker credentials into shell commands constructed with JavaScript template literals and executed via child_process.exec (shell /...

9.6CVSS5.8AI score0.0023EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/29 1:24 p.m.40 views

CVE-2026-45615 mouse07410/asn1c: 1-byte Heap Out-of-Bounds Read in `INTEGER_decode_oer` via Malformed OER Payload

mouse07410/asn1c is an ASN.1 compiler. In 1.4 and earlier, a memory safety vulnerability was identified in the OER decoding skeleton files generated by asn1c specifically INTEGERoer.c. When parsing a maliciously crafted, zero-length OER payload for a variable-length, non-negative INTEGER type, th...

8.2CVSS0.00197EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.13 views

PT-2026-44847

mouse07410/asn1c is an ASN.1 compiler. In 1.4 and earlier, a memory safety vulnerability was identified in the OER decoding skeleton files generated by asn1c specifically INTEGER oer.c. When parsing a maliciously crafted, zero-length OER payload for a variable-length, non-negative INTEGER type, t...

8.2CVSS5.9AI score0.00197EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.19 views

PT-2026-44932

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.29.2 and earlier, Dokploy constructs shell commands using JavaScript template literals and executes them via child process.exec which runs through /bin/sh -c. User-supplied branch names, repository URLs, and Docker credentials are...

9.6CVSS5.8AI score0.0023EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/28 3:20 p.m.34 views

CVE-2026-47759 TinyMCE Cross-Site Scripting (XSS) vulnerability using through data-mce- prefixed src, href, style attributes

TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via unsanitized data-mce- attributes data-mce-href, data-mce-src, data-mce-style. Allows attackers to inject malicious values that override safe attributes during serialization,...

8.7CVSS0.00238EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/28 4:47 a.m.13 views

cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI

A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface UI. An attacker can inject shell metacharacters and command...

8CVSS7.3AI score0.01016EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

Elastic Kibana 安全漏洞

Elastic Kibana is a data visualization dashboard software provided by the Elastic company. There is a security vulnerability in Elastic Kibana, which stems from uncontrolled resource consumption. This vulnerability may cause memory exhaustion and service crashes for users with low privileges who...

6.5CVSS5.8AI score0.00296EPSS
Exploits0References2
OSV
OSV
added 2026/05/27 5:16 p.m.8 views

UBUNTU-CVE-2025-70116

A NULL pointer dereference in GPAC MP4Box: when parsing certain truncated MP4 files, an unknown/invalid stsd entry can result in missing descriptor fields e.g., codec/mime/profile strings. gfmediamapesd then calls strlen on a NULL pointer, triggering a crash ASan SEGV...

4.3CVSS5.8AI score0.00407EPSS
Exploits0References3
NVD
NVD
added 2026/05/27 2:16 p.m.12 views

CVE-2026-36044

@pensar/apex = 0.0.58 is vulnerable to OS command injection via the smartenumerate tool. The createSmartEnumerateTool function in src/core/agent/tools.ts constructs a shell command by concatenating unsanitized values from the extensions array and url parameter into a string passed to Node.js...

8.8CVSS0.01852EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2026/05/27 8:17 a.m.18 views

Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent

...

5.3CVSS5.8AI score0.00313EPSS
Exploits0
Rows per page
Query Builder