Lucene search
K

268 matches found

NVD
NVD
added 2026/04/21 6:16 p.m.11 views

CVE-2026-40602

The Home Assistant Command-line interface hass-cli is a command-line tool for Home Assistant. Up to 1.0.0 of home-assitant-cli an unrestricted environment was used to handle Jninja2 templates instead of a sandboxed one. The user-supplied input within Jinja2 templates was rendered locally with no...

5.6CVSS0.00103EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/21 5:40 p.m.3 views

CVE-2026-40602 hass-cli: Handling of user-supplied Jinja2 templates

The Home Assistant Command-line interface hass-cli is a command-line tool for Home Assistant. Up to 1.0.0 of home-assitant-cli an unrestricted environment was used to handle Jninja2 templates instead of a sandboxed one. The user-supplied input within Jinja2 templates was rendered locally with no...

5.6CVSS5.8AI score0.00103EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/21 5:40 p.m.39 views

CVE-2026-40602 hass-cli: Handling of user-supplied Jinja2 templates

The Home Assistant Command-line interface hass-cli is a command-line tool for Home Assistant. Up to 1.0.0 of home-assitant-cli an unrestricted environment was used to handle Jninja2 templates instead of a sandboxed one. The user-supplied input within Jinja2 templates was rendered locally with no...

5.6CVSS0.00103EPSS
Exploits0References2
OSV
OSV
added 2026/04/01 9:10 p.m.2 views

GHSA-538C-55JV-C5G9 ONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings.

Summary The ExternalDataInfo class in ONNX was using Python’s setattr function to load metadata like file paths or data lengths directly from an ONNX model file. The problem? It didn’t check if the "keys" in the file were valid. Because it blindly trusted the file, an attacker could craft a...

8.6CVSS5.9AI score0.00288EPSS
Exploits0References5
Snyk
Snyk
added 2026/03/13 8:51 p.m.7 views

Prototype Pollution

Overview @apollo/federation-internals is an Apollo Federation internal utilities Affected versions of this package are vulnerable to Prototype Pollution through incomplete sanitization of input in the query plan execution. An attacker can manipulate the Object.prototype in the gateway by crafting...

9.9CVSS6.6AI score0.00512EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/06 11:25 p.m.6 views

EUVD-2026-10061

parse-server: Malformed $regex query leaks database error details in API response...

6.9CVSS5.8AI score0.00336EPSS
Exploits0References4
CVE
CVE
added 2026/03/06 8:28 p.m.12 views

CVE-2026-30835

Parse Server vulnerability CVE-2026-30835 affects Parse Server before versions 8.6.7 and 9.5.0-alpha.6, where a malformed $regex query parameter can cause the database to return a structured error object unsanitized through the API response. This leaks internal database details such as error mess...

6.9CVSS5.8AI score0.00336EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/06 8:28 p.m.4 views

CVE-2026-30835

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.7 and 9.5.0-alpha.6, malformed $regex query parameter e.g. abc causes the database to return a structured error object that is passed unsanitized through the API response...

6.9CVSS5.8AI score0.00336EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.6 views

PT-2026-23754

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.7 Parse Server versions prior to 9.5.0-alpha.6 Description Parse Server is an open-source backend deployable on Node.js infrastructures. A malformed $regex query parameter, such as abc, can cause the database...

6.9CVSS5.9AI score0.00336EPSS
Exploits0References12
Fedora
Fedora
added 2026/02/11 1:0 a.m.10 views

[SECURITY] Fedora 42 Update: rust-time-core-0.1.8-1.fc42

Internal implementation details of the 'time' crate...

7.5CVSS5.5AI score0.00443EPSS
Exploits1
OSV
OSV
added 2026/01/28 8:16 p.m.4 views

CVE-2023-37525

A sensitive information disclosure in HCL BigFix Compliance allows a remote attacker to access files under the WEB-INF directory, which may contain Java class files and configuration information, leading to unauthorized access to application internals...

5.3CVSS5.8AI score0.00293EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/28 7:58 p.m.8 views

EUVD-2023-41412

A sensitive information disclosure in HCL BigFix Compliance allows a remote attacker to access files under the WEB-INF directory, which may contain Java class files and configuration information, leading to unauthorized access to application internals...

5.3CVSS5.9AI score0.00293EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/28 7:58 p.m.3 views

CVE-2023-37525 HCL BigFix Compliance is vulnerable to a sensitive information disclosure

A sensitive information disclosure in HCL BigFix Compliance allows a remote attacker to access files under the WEB-INF directory, which may contain Java class files and configuration information, leading to unauthorized access to application internals...

5.3CVSS5.9AI score0.00293EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.6 views

Azure Linux 3.0 Security Update: nodejs (CVE-2025-23083)

The version of nodejs installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-23083 advisory. - With the aid of the diagnosticschannel utility, an event can be hooked into whenever a worker thread is...

7.7CVSS5.6AI score0.00413EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/21 9:45 p.m.22 views

CVE-2026-23517 Fleet has an Access Control vulnerability in debug/pprof endpoints

Fleet is open source device management software. A broken access control issue in versions prior to 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3 allowed authenticated users to access debug and profiling endpoints regardless of role. As a result, low-privilege users could view internal server...

8.7CVSS0.00246EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/21 9:45 p.m.5 views

CVE-2026-23517 Fleet has an Access Control vulnerability in debug/pprof endpoints

Fleet is open source device management software. A broken access control issue in versions prior to 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3 allowed authenticated users to access debug and profiling endpoints regardless of role. As a result, low-privilege users could view internal server...

8.7CVSS5.5AI score0.00246EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2025/12/18 12:0 a.m.172 views

📄 js2py 0.74 Automated Sandbox Escape / Code Execution

js2py version 0.74 automated sandbox escape and remote code execution exploit with a reverse shell. ============================================================================================================================================= | Title : js2py v0.74 Automated Sandbox Escape & Revers...

5.3CVSS8.3AI score0.04548EPSS
Exploits22
RedhatCVE
RedhatCVE
added 2025/12/13 3:58 p.m.5 views

CVE-2025-36743

SolarEdge SE3680H has an exposed debug/test interface accessible to unauthenticated actors, allowing disclosure of system internals and execution of debug commands...

8.6CVSS7AI score0.00193EPSS
Exploits0References1
Veracode
Veracode
added 2025/12/13 7:20 a.m.5 views

Template Injection

langchain-core is vulnerable to Template Injection. The vulnerability is due to the lack of validation in template strings, where attackers can access Python object internals through template syntax. This allows attackers to extract sensitive information from object internals and potentially...

8.3CVSS6.9AI score0.00476EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2025/12/12 3:30 p.m.6 views

EUVD-2025-203086

SolarEdge SE3680H has an exposed debug/test interface accessible to unauthenticated actors, allowing disclosure of system internals and execution of debug commands...

8.6CVSS6.5AI score0.00193EPSS
Exploits0References4
Rows per page
Query Builder