Lucene search
+L

1190 matches found

OSV
OSV
added 2026/06/02 11:45 p.m.4 views

CVE-2026-10692 johnhuang316 code-index-mcp search_code_advanced is_safe_regex_pattern redos

A weakness has been identified in johnhuang316 code-index-mcp up to 2.14.0. Affected is the function issaferegexpattern of the component searchcodeadvanced. Executing a manipulation of the argument regex can lead to inefficient regular expression complexity. It is possible to launch the attack...

5.3CVSS5.5AI score0.0031EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/06/02 10:3 p.m.16 views

CVE-2026-40961

A bug in the login redirect route in Apache Airflow allowed authenticated users to craft URLs that bypassed the issafeurl check, enabling redirection from a trusted Airflow domain to an attacker-controlled origin. Users are advised to upgrade to apache-airflow 3.2.2 or later. As a defense-in-dept...

7.2CVSS5.8AI score0.00649EPSS
Exploits0References1
CVE
CVE
added 2026/06/01 3:15 p.m.39 views

CVE-2026-10269

Summary (CVE-2026-10269) : A vulnerability in decolua 9router

6.5CVSS6.2AI score0.00276EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/06/01 2:9 p.m.20 views

When Vitest UI server is listening, arbitrary file can be read and executed

Summary Arbitrary file can be read on Windows when Vitest UI server is listening, especially when exposed to the network. Impact Only users that match either of the following conditions are affected: - explicitly exposes the Vitest UI server to the network using --api.host or api.host config opti...

9.8CVSS6.4AI score0.01024EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2026/06/01 7:55 a.m.46 views

CVE-2026-40961 Apache Airflow: Open Redirect Bypass Vulnerability

A bug in the login redirect route in Apache Airflow allowed authenticated users to craft URLs that bypassed the issafeurl check, enabling redirection from a trusted Airflow domain to an attacker-controlled origin. Users are advised to upgrade to apache-airflow 3.2.2 or later. As a defense-in-dept...

0.00649EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/01 7:55 a.m.15 views

EUVD-2026-33597

A bug in the login redirect route in Apache Airflow allowed authenticated users to craft URLs that bypassed the issafeurl check, enabling redirection from a trusted Airflow domain to an attacker-controlled origin. Users are advised to upgrade to apache-airflow 3.2.2 or later. As a defense-in-dept...

5.8AI score0.00649EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.26 views

PT-2026-45568

In isSameApp of NotificationManagerService.java, there is a possible persistent dos due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00068EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.12 views

Apache Airflow 安全漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. There is a security vulnerability in Apache Airflow, whic...

7.2CVSS5.3AI score0.00649EPSS
Exploits0References4
CVE
CVE
added 2026/05/28 5:47 p.m.33 views

CVE-2026-45307

Speakr prior to 0.8.20-alpha is vulnerable to an open redirect via the is_safe_url() helper. The validation used urljoin(request.host_url, target) before parsing, so a scheme-relative input like ////evil.com is resolved to a same-host URL during validation but is emitted verbatim in the Location ...

6.1CVSS5.8AI score0.00153EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/28 5:47 p.m.38 views

CVE-2026-45307 Speakr: Open redirect in is_safe_url via parser mismatch on next parameter

Speakr is a personal, self-hosted web application designed for transcribing audio recordings. Prior to 0.8.20-alpha, the issafeurl helper used to validate post-login redirect targets applied urljoinrequest.hosturl, target before parsing, while the controller passed the raw target to redirect. A...

6.1CVSS0.00153EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.13 views

Speakr 安全漏洞

Speakr is a self-hosted AI transcription and smart note platform developed by Murtaza Nasir. Versions of Speakr prior to 0.8.20-alpha contained a security vulnerability. This vulnerability stemmed from the use of urljoin before parsing in the issafeurl validation function. The controller directly...

6.1CVSS5.8AI score0.00153EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/27 9:12 p.m.15 views

Symfony's HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid]

Description Symfony's IsGranted'...', IsSignatureValid, and IsCsrfTokenValid... attributes allow you to define a methods: ... argument to only enforce these checks for the listed HTTP methods and skip them otherwise. E.g. an attribute defining methods: 'GET' would be ignored for a HEAD request. O...

8.3CVSS5.8AI score0.00382EPSS
Exploits0References7Affected Software3
OSV
OSV
added 2026/05/27 9:12 p.m.10 views

GHSA-6439-2F28-8P8Q Symfony's HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid]

Description Symfony's IsGranted'...', IsSignatureValid, and IsCsrfTokenValid... attributes allow you to define a methods: ... argument to only enforce these checks for the listed HTTP methods and skip them otherwise. E.g. an attribute defining methods: 'GET' would be ignored for a HEAD request. O...

8.6CVSS5.8AI score0.00382EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/27 2:29 p.m.12 views

EUVD-2026-32527

Tauri is a framework for building binaries for all major desktop platforms. From 2.0 to 2.11.0, a flaw in Tauri's islocalurl function causes it to incorrectly classify remote URLs as trusted local origins on Windows and Android. On these systems, Tauri maps custom URI scheme protocols to...

6.1CVSS5.8AI score0.00312EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/27 12:14 p.m.44 views

CVE-2025-71306 ima: Fix stack-out-of-bounds in is_bprm_creds_for_exec()

In the Linux kernel, the following vulnerability has been resolved: ima: Fix stack-out-of-bounds in isbprmcredsforexec KASAN reported a stack-out-of-bounds access in imaappraisemeasurement from isbprmcredsforexec: BUG: KASAN: stack-out-of-bounds in imaappraisemeasurement+0x12dc/0x16a0 Read of siz...

0.0015EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/26 5:7 p.m.16 views

EUVD-2026-31913

Chatwoot is a customer engagement suite. From 2.2.0 to before 4.11.2, a SQL injection vulnerability exists in the conversation and contact filter APIs. When filtering by a custom attribute of type date or number using the isgreaterthan or islessthan operators, user-supplied values in the values...

8.5CVSS6.1AI score0.00227EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.11 views

Hermes Agent 路径遍历漏洞

Hermes Agent is an AI agent tool developed by Nous Research, featuring self-learning capabilities. Versions of Hermes Agent prior to 2026.4.16 contained a path traversal vulnerability. This vulnerability originated from the isblockeddevice function in the tools/filetools.py file within the readfi...

6.9CVSS6.6AI score0.00676EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/21 9:27 p.m.18 views

Twig: HTML-output filters in twig/* extras incorrectly declared `is_safe => ['all']`

Description Several filters in the twig/ extras packages are registered with issafe = 'all', which tells Twig's autoescaper to treat their output as safe in every context html, js, css, url, .... The output of these filters is plain text or HTML markup, neither of which is safe in every escaping...

5.4CVSS5.8AI score0.00175EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2026/05/21 9:27 p.m.4 views

GHSA-JV8M-2544-3PG3 Twig: HTML-output filters in twig/* extras incorrectly declared `is_safe => ['all']`

Description Several filters in the twig/ extras packages are registered with issafe = 'all', which tells Twig's autoescaper to treat their output as safe in every context html, js, css, url, .... The output of these filters is plain text or HTML markup, neither of which is safe in every escaping...

5.3CVSS5.8AI score0.00175EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/21 8:22 p.m.13 views

Snappy: Binary path is never shell-escaped due to an inverted is_executable check

Impact On POSIX, escapeshellarg‘/usr/bin/wkhtmltopdf’ returns the literal string ‘/usr/bin/wkhtmltopdf’ with the single-quote characters included. isexecutable then looks for a file whose actual name contains those quote characters, which essentially never exists. The safe branch is dead code and...

7.5CVSS6AI score0.00152EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder