Lucene search
K

7908 matches found

Chainguard
Chainguard
added 2026/06/23 8:16 a.m.6 views

GHSA-RJFV-PJVX-MJGV vulnerabilities

Vulnerabilities for packages: aws-load-balancer-controller, aws-load-balancer-controller-fips...

6.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/23 8:0 a.m.7 views

CVE-2026-12798

A flaw was found in BerriAI litellm. This vulnerability allows a remote attacker to perform a Server-Side Request Forgery SSRF by manipulating a specific argument, specpath, in the loadopenapispecasync function. This manipulation can force the server to make unauthorized requests to internal or...

6.5CVSS6.4AI score0.00262EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-49241

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. Prior to 21.2.4, the client-side Angular Language Servi...

8.8CVSS6AI score0.00154EPSS
Exploits0References2
NVD
NVD
added 2026/06/22 10:16 p.m.10 views

CVE-2025-71358

picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.autocomplete.AutoComplete.getentity function in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims using pickle.load...

8.1CVSS0.00248EPSS
Exploits0References2
NVD
NVD
added 2026/06/22 9:16 p.m.12 views

CVE-2026-45034

PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to 1.30.5, CVE-2026-34084 was patched by the helper File::prohibitWrappers. The helper calls parseurl$filename, PHPURLSCHEME and then checks isstring$scheme && strlen$scheme 1 to reject stream wrappers such as...

9.2CVSS0.00351EPSS
Exploits2References1
Cvelist
Cvelist
added 2026/06/22 9:4 p.m.19 views

CVE-2025-71358 picklescan - Remote Code Execution via idlelib.autocomplete.AutoComplete.get_entity

picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.autocomplete.AutoComplete.getentity function in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims using pickle.load...

8.1CVSS0.00248EPSS
Exploits0References2
NVD
NVD
added 2026/06/22 6:16 p.m.13 views

CVE-2026-54287

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda, the ALB single-header response and the VPC Lattice v2 response join multiple Set-Cookie headers into one comma-separated value. Because commas also appear inside cookie attribute...

5.3CVSS0.00186EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 6:16 p.m.9 views

CVE-2026-54279

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, host-only cookies that are saved with CookieJar.save and then restored later with CookieJar.load lose their host-only status. This vulnerability is fixed in 3.14.1...

7.5CVSS0.00279EPSS
Exploits0References2
NVD
NVD
added 2026/06/22 6:16 p.m.11 views

CVE-2026-53540

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.31, parseform did not validate the Content-Length header before using it to bound its chunked read of the request body. A negative Content-Length turned the bounded read into a read-until-EOF, so the entire body was loaded...

3.7CVSS0.00217EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/22 5:25 p.m.5 views

CVE-2026-54293 NLTK: URL-Encoded Path Traversal in nltk.data.load() Allows Arbitrary Local File Read

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Prior to 3.10.0-rc1, nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments...

7.5CVSS6AI score0.00378EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/22 5:25 p.m.7 views

EUVD-2026-38333

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Prior to 3.10.0-rc1, nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments...

7.5CVSS6AI score0.00378EPSS
Exploits1References2
CVE
CVE
added 2026/06/22 5:13 p.m.21 views

CVE-2026-54287

Summary: Hono’s AWS Lambda adapter, in the ALB single-header mode and VPC Lattice v2, concatenates multiple Set-Cookie headers into a single comma-separated value, causing cookie attributes that include commas (e.g., Expires) to be misparsed or dropped. Affected components: Hono web framework; AW...

5.3CVSS5.9AI score0.00186EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 5:13 p.m.33 views

CVE-2026-54287 Hono: AWS Lambda adapter merges multiple `Set-Cookie` headers into one value, dropping cookies on ALB single-header and Lattice

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda, the ALB single-header response and the VPC Lattice v2 response join multiple Set-Cookie headers into one comma-separated value. Because commas also appear inside cookie attribute...

5.3CVSS0.00186EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 4:58 p.m.36 views

CVE-2026-53540

Python-Multipart vulnerability CVE-2026-53540 affects the parse_form function in versions prior to 0.0.31. A negative Content-Length could cause a bounded read to become unbounded, loading the entire request body into memory and potentially exhausting memory. The issue is fixed in 0.0.31; remedia...

3.7CVSS5.8AI score0.00217EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/22 4:32 p.m.4 views

CVE-2026-54279

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, host-only cookies that are saved with CookieJar.save and then restored later with CookieJar.load lose their host-only status. This vulnerability is fixed in 3.14.1...

5.3CVSS5.8AI score0.00279EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/22 4:32 p.m.49 views

CVE-2026-54279

CVE-2026-54279 affects the aiohttp library (Python asyncio framework). Prior to version 3.14.1, host-only cookies saved with CookieJar.save() and later restored with CookieJar.load() may lose their host-only status, effectively becoming domain cookies. The issue is fixed in aiohttp 3.14.1. Affect...

7.5CVSS5.8AI score0.00279EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/22 12:39 p.m.3 views

CVE-2026-56447

MISP allowed an authenticated site administrator to set the Kafkardkafkaconfig setting to an arbitrary filesystem path. MISP subsequently parsed the referenced INI file and passed its options to rdkafka. A crafted attacker-controlled configuration file could use rdkafka options such as...

9.3CVSS6.4AI score0.00342EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/22 9:26 a.m.6 views

CVE-2026-12580

EasyFlow .NET developed by Digiwin has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript code executed in users' browsers upon page load...

5.4CVSS6AI score0.00168EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/22 9:26 a.m.10 views

EUVD-2026-38222

EasyFlow .NET developed by Digiwin has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript code executed in users' browsers upon page load...

5.4CVSS6AI score0.00168EPSS
Exploits0References2
CVE
CVE
added 2026/06/22 9:26 a.m.13 views

CVE-2026-12580

CVE-2026-12580 affects Digiwin EasyFlow .NET. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw that permits authenticated remote attackers to inject persistent JavaScript code which executes in users’ browsers when a page loads. Impact is described as allowing the attacker to cause u...

5.4CVSS6AI score0.00168EPSS
Exploits0References2
Rows per page
Query Builder