Lucene search
+L

180 matches found

Nuclei
Nuclei
added yesterday477 views

Moodle - Cross-Site Scripting/Remote Code Execution

The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system. Moodle versions 4.1.x before 4.1.3 and 4.2.x before...

6.5CVSS6.8AI score0.06583EPSS
Exploits3References5
EUVD
EUVD
added 2 days ago4 views

EUVD-2026-44669

Cornac before 2.6.0 contains a path traversal Tar Slip vulnerability that allows attackers to write arbitrary files outside the intended cache directory by supplying a crafted TAR archive containing ../ sequences, absolute paths, or symlink/hardlink entries to the extractarchive function in...

9.1CVSS6.2AI score0.00425EPSS
Exploits0References4
OSV
OSV
added 2 days ago4 views

CVE-2026-43637 Cornac < 2.6.0 Path Traversal via _extract_archive() in download.py

Cornac before 2.6.0 contains a path traversal Tar Slip vulnerability that allows attackers to write arbitrary files outside the intended cache directory by supplying a crafted TAR archive containing ../ sequences, absolute paths, or symlink/hardlink entries to the extractarchive function in...

8.8CVSS6.2AI score0.00425EPSS
Exploits0References7
NVD
NVD
added last week8 views

CVE-2026-59180

Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. Prior to 1.11.0, Apprise HTTP-based notification plugins and HTTP attachment and config loaders in apprise/attachment/http.py and apprise/config/http.py...

3.1CVSS0.00195EPSS
Exploits0References4
CVE
CVE
added 2026/07/08 10:23 p.m.31 views

CVE-2026-54499

CVE-2026-54499 affects Stanza prior to 1.12.2, where model loading uses torch.load(..., weights_only=True) and on an attacker-controllable pickle.UnpicklingError falls back to weights_only=False, enabling arbitrary pickle code execution when loading a malicious .pt pretrain/file. The vulnerabilit...

7.5CVSS6.3AI score0.00317EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/07/08 10:23 p.m.35 views

CVE-2026-54499 Stanza: Remote Code Execution via Unsafe Pickle Deserialization in Model Loaders

Stanza is a Stanford NLP Python library for tokenization, sentence segmentation, NER, and parsing of many human languages. Prior to 1.12.2, Stanza model loaders such as stanza.models.common.pretrain.Pretrain.load attempt torch.load..., weightsonly=True but fall back to torch.load...,...

7.5CVSS0.00317EPSS
Exploits1References4
OSV
OSV
added 2026/07/08 10:23 p.m.3 views

CVE-2026-54499 Stanza: Remote Code Execution via Unsafe Pickle Deserialization in Model Loaders

Stanza is a Stanford NLP Python library for tokenization, sentence segmentation, NER, and parsing of many human languages. Prior to 1.12.2, Stanza model loaders such as stanza.models.common.pretrain.Pretrain.load attempt torch.load..., weightsonly=True but fall back to torch.load...,...

7.5CVSS6.3AI score0.00317EPSS
Exploits1References6
OSV
OSV
added 2026/07/07 4:2 p.m.6 views

PYSEC-2026-1570 LlamaIndex has an XML Entity Expansion vulnerability in its sitemap parser

An XML Entity Expansion vulnerability, also known as a 'billion laughs' attack, exists in the sitemap parser of the run-llama/llamaindex repository, specifically affecting the Papers Loaders package before version 0.3.2 in llama-index v0.10.0 and above through v0.12.29. This vulnerability allows ...

7.5CVSS7.1AI score0.00415EPSS
Exploits1References6
OSV
OSV
added 2026/07/06 8:10 p.m.2 views

SUSE-SU-2026:22302-1 Security update for glycin-loaders

This update for glycin-loaders fixes the following issues - CVE-2025-55159: slab: incorrect bounds check in getdisjointmut function can lead to undefined behavior or potential crash due to out-of-bounds access bsc1248035. - CVE-2025-58160: tracing-subscriber: Tracing log pollution bsc1249010...

5.1CVSS5.8AI score0.00303EPSS
Exploits0References5
OPENSUSE Linux
OPENSUSE Linux
added 2026/06/30 12:0 a.m.4 views

Security update for glycin-loaders (moderate)

openSUSE security update: security update for glycin-loaders ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21134-1 Rating: moderate References: bsc1248035 bsc1249010 Cross-References: CVE-2025-55159 CVE-2025-58160 CVSS scores: CVE-2025-55159 SUSE ...

5.8CVSS6.1AI score0.00303EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 6:17 p.m.9 views

CVE-2026-54341

Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.0, a crafted RESTORE payload triggers an out-of-bounds read in DragonflyDB's listpack collection loaders, crashing the entire server process SIGSEGV. Because DragonflyDB requires no authentication by defaul...

7.5CVSS0.00399EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/26 4:42 p.m.85 views

CVE-2026-54341

Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.0, a crafted RESTORE payload triggers an out-of-bounds read in DragonflyDB's listpack collection loaders, crashing the entire server process SIGSEGV. Because DragonflyDB requires no authentication by defaul...

7.5CVSS5.9AI score0.00399EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/26 4:42 p.m.4 views

CVE-2026-54341 Dragonfly: RESTORE operations may crash the server

Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.0, a crafted RESTORE payload triggers an out-of-bounds read in DragonflyDB's listpack collection loaders, crashing the entire server process SIGSEGV. Because DragonflyDB requires no authentication by defaul...

7.5CVSS6AI score0.00399EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/26 4:42 p.m.38 views

CVE-2026-54341 Dragonfly: RESTORE operations may crash the server

Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.0, a crafted RESTORE payload triggers an out-of-bounds read in DragonflyDB's listpack collection loaders, crashing the entire server process SIGSEGV. Because DragonflyDB requires no authentication by defaul...

7.5CVSS0.00399EPSS
Exploits0References2
CVE
CVE
added 2026/06/26 4:42 p.m.17 views

CVE-2026-54341

Dragonfly (DragonflyDB) before version 1.39.0 is vulnerable: a crafted RESTORE payload triggers an out-of-bounds read in the listpack collection loaders, crashing the server (SIGSEGV). The issue is exploitable remotely without authentication via a single ~24-byte RESTORE command, enabling unauthe...

7.5CVSS5.9AI score0.00399EPSS
Exploits0References2
NVD
NVD
added 2026/06/22 7:17 p.m.15 views

CVE-2026-55443

LangChain is a framework for building agents and LLM-powered applications. Prior to 1.3.9, several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. Affected behaviors include: a file-search...

5.5CVSS0.00157EPSS
Exploits0References2
OSV
OSV
added 2026/06/22 5:21 p.m.3 views

CVE-2026-55443 LangChain: Path traversal and sandbox escape in LangChain file-search middleware and loaders

LangChain is a framework for building agents and LLM-powered applications. Prior to 1.3.9, several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. Affected behaviors include: a file-search...

5.1CVSS5.9AI score0.00157EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/22 5:21 p.m.47 views

CVE-2026-55443 LangChain: Path traversal and sandbox escape in LangChain file-search middleware and loaders

LangChain is a framework for building agents and LLM-powered applications. Prior to 1.3.9, several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. Affected behaviors include: a file-search...

5.1CVSS0.00157EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/22 5:21 p.m.4 views

CVE-2026-55443

LangChain is a framework for building agents and LLM-powered applications. Prior to 1.3.9, several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. Affected behaviors include: a file-search...

5.1CVSS5.9AI score0.00157EPSS
Exploits0References3Affected Software2
EUVD
EUVD
added 2026/06/22 5:21 p.m.9 views

EUVD-2026-38332

LangChain is a framework for building agents and LLM-powered applications. Prior to 1.3.9, several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. Affected behaviors include: a file-search...

5.1CVSS5.9AI score0.00157EPSS
Exploits0References2
Rows per page
Query Builder