Lucene search
K

3917 matches found

Amazon
Amazon
added 2026/04/30 12:0 a.m.7 views

Important: maven3.9

Issue Overview: Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code CVE-2025-67030 Affected Packages: maven3.9 Issue Correction: Run dnf...

8.8CVSS5.9AI score0.00663EPSS
Exploits0
Amazon
Amazon
added 2026/04/30 12:0 a.m.6 views

Medium: nodejs24

Issue Overview: @isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service DoS issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric...

9.2CVSS5.3AI score0.00481EPSS
Exploits3
NVD
NVD
added 2026/04/23 8:16 p.m.9 views

CVE-2026-25874

LeRobot through 0.5.1 contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components. An unauthenticated network-reachable...

9.8CVSS0.15547EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/04/23 7:45 p.m.4 views

CVE-2026-25874

LeRobot through 0.5.1 contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components. An unauthenticated network-reachable...

9.3CVSS6.4AI score0.15547EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/04/23 7:45 p.m.137 views

CVE-2026-25874 LeRobot Unsafe Deserialization Remote Code Execution via gRPC

LeRobot through 0.5.1 contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components. An unauthenticated network-reachable...

9.3CVSS0.15547EPSS
Exploits1References5
SUSE Linux
SUSE Linux
added 2026/04/22 7:22 a.m.10 views

Security update for podman

This update for podman rebuilds it against the current go 1.25 security release. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product: SUSE Linux...

5.7AI score
Exploits0
Snyk
Snyk
added 2026/04/21 6:51 p.m.5 views

UNIX Symbolic Link (Symlink) Following

Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink...

10CVSS6.4AI score0.00518EPSS
Exploits0References3
NVD
NVD
added 2026/04/20 8:16 p.m.9 views

CVE-2026-29645

NEMU OpenXiangShan/NEMU before v2025.12.r2 contains an improper instruction-validation flaw in its RISC-V Vector RVV decoder. The decoder does not correctly validate the funct3 field when decoding vsetvli/vsetivli/vsetvl, allowing certain invalid OP-V instruction encodings to be misinterpreted an...

7.5CVSS0.00543EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2026/04/20 4:0 p.m.10 views

Security update for containerd

This update for containerd rebuilds it against the current go 1.25 security release. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product: SUSE Linux...

5.7AI score
Exploits0
SUSE Linux
SUSE Linux
added 2026/04/20 3:58 p.m.9 views

Security update for rootlesskit

This update for rootlesskit rebuilds it against the current go 1.25 security release. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product: openSUSE Lea...

5.7AI score
Exploits0
SUSE Linux
SUSE Linux
added 2026/04/20 3:58 p.m.5 views

Security update for rootlesskit

This update for rootlesskit rebuilds it against the current go 1.25 security release. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product: SUSE Linux...

5.7AI score
Exploits0
SUSE Linux
SUSE Linux
added 2026/04/20 3:55 p.m.6 views

Security update for buildah

This update for buildah rebuilds it against the current go 1.25 security release. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product: openSUSE Leap 15...

5.7AI score
Exploits0
SUSE Linux
SUSE Linux
added 2026/04/20 3:54 p.m.4 views

Security update for kubernetes-old

This update for kubernetes-old rebuilds it against the current go 1.25 security release. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product: openSUSE...

5.7AI score
Exploits0
SUSE Linux
SUSE Linux
added 2026/04/20 3:53 p.m.5 views

Security update for runc

This update for runc rebuilds it against the current go 1.25 security release. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product: SUSE Linux Enterpri...

5.7AI score
Exploits0
SUSE Linux
SUSE Linux
added 2026/04/20 10:9 a.m.5 views

Security update for buildah

This update for buildah rebuilds it against the current go 1.25 security release. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product: openSUSE Leap 15...

5.7AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/04/20 12:0 a.m.3 views

CVE-2026-29645

NEMU OpenXiangShan/NEMU before v2025.12.r2 contains an improper instruction-validation flaw in its RISC-V Vector RVV decoder. The decoder does not correctly validate the funct3 field when decoding vsetvli/vsetivli/vsetvl, allowing certain invalid OP-V instruction encodings to be misinterpreted an...

5.9AI score0.00543EPSS
Exploits0References4
Fedora
Fedora
added 2026/04/17 12:54 a.m.8 views

[SECURITY] Fedora 43 Update: nix-2.31.4-1.fc43

Nix is a purely functional package manager. It allows multiple versions of a package to be installed side-by-side, ensures that dependency specifications are complete, supports atomic upgrades and rollbacks, allows non-root users to install software, and has many other features. It is the basis o...

9CVSS5.8AI score0.00193EPSS
Exploits0
Fedora
Fedora
added 2026/04/16 11:41 p.m.8 views

[SECURITY] Fedora 44 Update: nix-2.34.5-1.fc44

Nix is a purely functional package manager. It allows multiple versions of a package to be installed side-by-side, ensures that dependency specifications are complete, supports atomic upgrades and rollbacks, allows non-root users to install software, and has many other features. It is the basis o...

9CVSS5.8AI score0.00193EPSS
Exploits0
OSV
OSV
added 2026/04/16 10:47 p.m.8 views

GHSA-XFQJ-R5QW-8G4J Paperclip: Unauthenticated Access to Multiple API Endpoints in Authenticated Mode

Summary Several API endpoints in authenticated mode have no authentication at all. They respond to completely unauthenticated requests with sensitive data or allow state-changing operations. No account, no session, no API key needed. Verified against the latest version. Discord: sagi03581 Steps t...

8.3CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/04/16 10:45 p.m.7 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the adapterConfig.instructionsFilePath configuration field, which is processed by the server during agent execution. An attacker can access sensitive files on the host filesystem by supplying...

6CVSS6AI score
Exploits0References2
Rows per page
Query Builder