Lucene search
K

113 matches found

SUSE CVE
SUSE CVE
added 2026/06/24 2:35 a.m.9 views

SUSE CVE-2026-53550

js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0 and 3.15.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing by repeating the same alias many times in a merge sequence. This causes quadratic parse-time behavior relative to input size an...

5.3CVSS5.8AI score0.00259EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/06/22 2:59 p.m.5 views

CVE-2026-53550 js-yaml: Quadratic-complexity DoS in merge key handling via repeated aliases

js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0 and 3.15.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing by repeating the same alias many times in a merge sequence. This causes quadratic parse-time behavior relative to input size an...

5.3CVSS5.8AI score0.00259EPSS
Exploits1References1
CVE
CVE
added 2026/06/22 2:59 p.m.112 views

CVE-2026-53550

js-yaml vulnerability CVE-2026-53550 stems from the merge-key handling (<<) in lib/loader.js, causing quadratic parse-time DoS when processing crafted YAML with repeated aliases prior to version 4.2.0. Affected: js-yaml

5.3CVSS5.8AI score0.00259EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/06/15 5:15 p.m.6 views

NPM: JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases

NPM: JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases vulnerability discovered by ? in WordPress Npm js-yaml versions = 4.1.1...

5.3CVSS5.8AI score0.00259EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.9 views

CVE-2026-45254

In the case of the capnet service, when a key present in the old limit was omitted from the new limit, the missing key was treated as "allow any" instead of being rejected. In certain scenarios, an application that had previously restricted a subset of network operations could ask for a new limit...

6.5CVSS5.5AI score0.00194EPSS
Exploits0References1
Slackware Linux
Slackware Linux
added 2026/06/02 3:8 a.m.19 views

[slackware-security] kernel

New kernel packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/linux-5.15.209/kernel-generic-5.15.209-i586-1.txz: Upgraded. This update fixes security issues: rxrpc: Fix missing validation of ticke...

9.8CVSS5.8AI score0.00514EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/01 4:22 p.m.12 views

CVE-2026-46243 smb: client: reject userspace cifs.spnego descriptions

In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority-bearing fields such as pid, uid, creduid, and upcalltarget that cifs.upcall treats as kernel-originating inputs. However,...

7.1CVSS5.8AI score0.00353EPSS
Exploits4References8
ATTACKERKB
ATTACKERKB
added 2026/06/01 4:22 p.m.12 views

CVE-2026-46243

In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority-bearing fields such as pid, uid, creduid, and upcalltarget that cifs.upcall treats as kernel-originating inputs. However,...

5.8AI score0.00353EPSS
Exploits4References9Affected Software1
Cvelist
Cvelist
added 2026/05/29 3:58 p.m.35 views

CVE-2026-10099 XX-Net V5.16.6 WebSocket Frame Parsing Data Corruption via simple_http_server.py

XX-Net V5.16.6 contains a WebSocket frame parsing vulnerability in the WebSocketreceiveworker routine of simplehttpserver.py that allows attackers to cause corrupted application data by sending unmasked WebSocket frames. The server unconditionally reads 4 bytes as a masking key regardless of...

5.1CVSS0.00125EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/28 12:0 a.m.13 views

RockyLinux 9 : bind (RLSA-2026:18786)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:18786 advisory. bind: Resource exhaustion via malformed DNSKEY handling CVE-2025-8677 Tenable has extracted the preceding description block directly from the RockyLinux security...

7.5CVSS5.8AI score0.1096EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.9 views

Devolutions Server 安全漏洞

Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. There were security vulnerabilities in the Devolutions Server version 2026.1.6.0 to 2026.1.16.0. These vulnerabilities...

7.6CVSS5.8AI score0.00215EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.12 views

PT-2026-41777

JWT.decodetoken, '', true, algorithm: 'HS256' accepts an attacker-forged token. OpenSSL::HMAC.digest'SHA256', '', payload returns a valid digest under an empty key, and no raise InvalidKeyError if key.empty? precondition exists in the HMAC algorithm. JWT.decodetoken, "", true, algorithm: 'HS256' ...

7.4CVSS5.7AI score0.00018EPSS
Exploits0References5
Veracode
Veracode
added 2026/05/09 5:42 a.m.19 views

SQL Injection

LiteLLM is vulnerable to SQL Injection. The vulnerability is due to unsafe inclusion of caller-supplied API key values directly into database queries during proxy API key checks, which allows an attacker to read or modify database contents through crafted Authorization headers...

9.8CVSS6.1AI score0.86607EPSS
Exploits7References7Affected Software1
Snyk
Snyk
added 2026/05/06 1:21 a.m.11 views

Use of a Broken or Risky Cryptographic Algorithm

Overview paramiko is a library for making SSH2 connections client or server. Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm in the RSA key handling by allowing the use of the SHA-1 algorithm. An attacker can compromise the integrity of...

4.8CVSS5.8AI score0.00114EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.8 views

RHCOS 4 / 9 : OpenShift Container Platform 4.12.64 (RHSA-2024:5810)

The remote Red Hat Enterprise Linux CoreOS 4 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:5810 advisory. - golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm CVE-2023-4529...

7.5CVSS7AI score0.03397EPSS
Exploits0References7
Oracle linux
Oracle linux
added 2026/04/22 12:0 a.m.12 views

bind security update

9.18.33-10.0.2.el101.3 - Hard require needed openssl-libs Orabug: 38742109 - Fix warning when changing device file permissions Orabug: 36518580 32:9.18.33-10.3 - Prevent Denial of Service via maliciously crafted DNSSEC-validated zone CVE-2026-1519 32:9.18.33-10.2 - Fix upstream reported regressio...

7.5CVSS7.5AI score0.1096EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2026/03/27 2:52 p.m.4 views

CVE-2026-4957 OpenBMB XAgent API Key function_handler.py FunctionHandler.handle_tool_call log file

A flaw has been found in OpenBMB XAgent 1.0.0. The impacted element is the function FunctionHandler.handletoolcall of the file XAgent/functionhandler.py of the component API Key Handler. This manipulation of the argument apikey causes sensitive information in log files. The attack may be initiate...

5.1CVSS5.5AI score0.0028EPSS
Exploits1References4
OSV
OSV
added 2026/03/16 10:15 p.m.8 views

USN-8101-1 vim vulnerabilities

Rahul Hoysala discovered that Vim did not correctly handle certain tag resolutions. An attacker could possibly use this issue to cause a denial of service. CVE-2026-25749 It was discovered that Vim did not correctly handle processing certain specialKey commands. An attacker could possibly use thi...

7.8CVSS6.3AI score0.01162EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2026/02/19 12:0 a.m.9 views

Amazon Linux 2023 : runc (ALAS2023-2026-1419)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1419 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processe...

10CVSS5.7AI score0.01945EPSS
Exploits2References10
Packet Storm
Packet Storm
added 2026/02/17 12:0 a.m.169 views

📄 Extensis Portfolio Manager 4.0.1 Shell Upload

This Metasploit module exploits multiple vulnerabilities in Extensis Portfolio Server to achieve remote code execution. It leverages CVE-2022-24251 and related issues to upload a JSP webshell and execute arbitrary commands. Version 4.0.1 is affected...

8.8CVSS6.4AI score0.01608EPSS
Exploits2
Rows per page
Query Builder