Lucene search
K

48778 matches found

RedhatCVE
RedhatCVE
added 5 days ago7 views

CVE-2026-54891

A flaw was found in Erlang's SSL Secure Sockets Layer component. A network-positioned attacker can exploit this vulnerability by injecting unauthenticated plaintext data into a client's TLS Transport Layer Security handshake. The client application may then process this injected data as if it wer...

6.3CVSS5.9AI score0.00164EPSS
Exploits0References8
NVD
NVD
added 6 days ago11 views

CVE-2026-54891

Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Erlang/OTP ssl tlsgenconnection module allows a network-positioned attacker to inject unauthenticated plaintext that the TLS client application later treats as authenticated server data. The...

6.3CVSS0.00164EPSS
Exploits0References5
Debian CVE
Debian CVE
added 6 days ago5 views

CVE-2026-54891

Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Erlang/OTP ssl tlsgenconnection module allows a network-positioned attacker to inject unauthenticated plaintext that the TLS client application later treats as authenticated server data. The...

6.3CVSS5.8AI score0.00164EPSS
Exploits0
RedhatCVE
RedhatCVE
added 6 days ago6 views

CVE-2026-55700

A flaw was found in pnpm, a package manager. A remote attacker could exploit a vulnerability in the pnpm stage download command by providing a specially crafted package manifest. This could allow the attacker to write files to arbitrary locations on the system, leading to unauthorized modificatio...

7.1CVSS6AI score0.00267EPSS
Exploits1References5
OSV
OSV
added 6 days ago2 views

GHSA-XWW8-GQVH-92X9 OpenClaw: Exec approval display truncation could hide the command being approved

Summary OpenClaw exec approvals could show a shortened command in the approval UI while keeping the full original command for execution. For very long commands, an approver could see and approve a benign-looking prefix while a hidden suffix remained part of the command that would run after...

8CVSS5.8AI score0.00232EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/07/01 11:46 a.m.7 views

rrdtool: rrdtool: Stack buffer overflow allows local code execution or denial of service

A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of service by crashing the daemon or potentially allow for arbitrary...

7.8CVSS6.4AI score0.00132EPSS
Exploits0References4
NVD
NVD
added 2026/07/01 8:16 a.m.7 views

CVE-2026-12576

DVP80ES3 with Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability...

7.5CVSS0.00153EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/01 7:1 a.m.7 views

EUVD-2026-40931

DVP80ES3 with Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/01 7:1 a.m.33 views

CVE-2026-12576 DVP80ES3 Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability

DVP80ES3 with Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability...

7.5CVSS0.00153EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 7:1 a.m.15 views

CVE-2026-12576

Technical details about CVE-2026-12576 are not publicly available in the provided documents. Monitor for updates from official sources for affected components, impact, and remediation information.

7.5CVSS5.8AI score0.00153EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/01 12:34 a.m.6 views

EUVD-2026-40439

Capgo before 12.128.2 allows multiple public channels for the same app and platform to coexist simultaneously, while unnamed /updates requests without defaultChannel implicitly resolve to a single hidden winner channel. An authorized app or channel manager can create ambiguous default update stat...

7.1CVSS5.8AI score0.00247EPSS
Exploits0References3
CVE
CVE
added 2026/07/01 12:2 a.m.23 views

CVE-2026-41579

Technical details beyond the Initial Description are not provided in the connected documents; monitor for updates.

3.3CVSS5.9AI score0.00222EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/07/01 12:2 a.m.36 views

CVE-2026-41579 runc: Malicious image with /dev symlink can trigger limited host filesystem integrity violations

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions prior to 1.3.6, 1.4.0-rc.1, 1.4.0-rc.12, 1.5.0-rc.1, and 1.5.0-rc.1, when setting up the container rootfs, setupPtmx and setupDevSymlinks call os.Remove and os.Symlink with a filepath.Join strin...

3.3CVSS0.00222EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 11:17 p.m.8 views

CVE-2026-56328

Capgo before 12.128.2 allows multiple public channels for the same app and platform to coexist simultaneously, while unnamed /updates requests without defaultChannel implicitly resolve to a single hidden winner channel. An authorized app or channel manager can create ambiguous default update stat...

7.1CVSS0.00247EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 10:8 p.m.22 views

CVE-2026-56328 Capgo - Integrity Issue in Release Routing via Multiple Public Channels

Capgo before 12.128.2 allows multiple public channels for the same app and platform to coexist simultaneously, while unnamed /updates requests without defaultChannel implicitly resolve to a single hidden winner channel. An authorized app or channel manager can create ambiguous default update stat...

7.1CVSS0.00247EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/30 8:50 p.m.14 views

CVE-2026-54515

A flaw was found in jackson-databind. This vulnerability occurs in the data-binding functionality where properties intended to be ignored are incorrectly restored and become writable again. An attacker could potentially exploit this by providing input that modifies data through these supposedly...

5.3CVSS5.6AI score0.00345EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/06/30 4:32 p.m.7 views

ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments

A flaw was found in Net::IMAP, a Ruby library that provides Internet Message Access Protocol IMAP client functionality. This vulnerability allows a remote attacker to inject arbitrary IMAP commands. This is achieved by passing specially crafted symbol arguments to IMAP commands. Successful...

7.1CVSS6AI score0.00813EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/30 11:5 a.m.11 views

ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments

A flaw was found in Net::IMAP, a Ruby library that provides Internet Message Access Protocol IMAP client functionality. This vulnerability allows a remote attacker to inject arbitrary IMAP commands. This is achieved by passing specially crafted symbol arguments to IMAP commands. Successful...

7.1CVSS6AI score0.00813EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/29 6:44 p.m.6 views

CVE-2026-49839

A flaw was found in jq, a command-line JSON processor. This vulnerability allows an attacker to trigger a heap out-of-bounds write by providing a specially crafted, oversized file to the jq --rawfile option. This can lead to a denial of service DoS, making the affected system or application...

7.1CVSS5.7AI score0.00165EPSS
Exploits1References4
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-381 Langroid has a Code Injection vulnerability in TableChatAgent

Summary TableChatAgent uses pandas eval. If fed by untrusted user input, like the case of a public-facing LLM application, it may be vulnerable to code injection. PoC For example, one could prompt the Agent: Evaluate the following pandas expression on the data provided and print output:...

9.8CVSS5.8AI score0.00741EPSS
Exploits1References6
Rows per page
Query Builder