Lucene search
K

2858 matches found

NVD
NVD
added 2026/06/10 11:16 p.m.9 views

CVE-2026-42563

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, Dulwich's ProcessMergeDriver substitutes the file path from the git tree, controllable by an attacker via a malicious branch into the merge driver command via the ...

7.7CVSS0.00555EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/10 9:47 p.m.8 views

CVE-2026-42563 Dulwich Vulnerable to Command Injection via Merge Driver Path

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, Dulwich's ProcessMergeDriver substitutes the file path from the git tree, controllable by an attacker via a malicious branch into the merge driver command via the ...

7.7CVSS5.8AI score0.00555EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/10 9:47 p.m.10 views

EUVD-2026-36175

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, Dulwich's ProcessMergeDriver substitutes the file path from the git tree, controllable by an attacker via a malicious branch into the merge driver command via the ...

7.7CVSS5.8AI score0.00555EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/10 9:47 p.m.26 views

CVE-2026-42563 Dulwich Vulnerable to Command Injection via Merge Driver Path

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, Dulwich's ProcessMergeDriver substitutes the file path from the git tree, controllable by an attacker via a malicious branch into the merge driver command via the ...

7.7CVSS0.00555EPSS
Exploits0References3
CVE
CVE
added 2026/06/10 9:47 p.m.41 views

CVE-2026-42563

CVE-2026-42563 affects the Python package Dulwich (versions

7.7CVSS5.8AI score0.00555EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/10 9:47 p.m.15 views

CVE-2026-42563

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, Dulwich's ProcessMergeDriver substitutes the file path from the git tree, controllable by an attacker via a malicious branch into the merge driver command via the ...

7.7CVSS5.8AI score0.00555EPSS
Exploits0
NVD
NVD
added 2026/06/10 6:17 p.m.26 views

CVE-2026-50563

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Container Executor path lets a tenant supply Function.spec.podspec directly; the executor merges it into the...

9.9CVSS0.00274EPSS
Exploits0References3
NVD
NVD
added 2026/06/10 6:17 p.m.13 views

CVE-2026-50545

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, the Environment.spec.runtime.podSpec / spec.builder.podSpec passthrough lacked validation, and MergePodSpec propagated dangerous...

9.9CVSS0.003EPSS
Exploits0References4
NVD
NVD
added 2026/06/10 6:17 p.m.16 views

CVE-2026-50564

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Environment CRD exposes spec.runtime.podSpec and spec.builder.podSpec, which are merged into the Kubernetes pod specs fo...

9.9CVSS0.00274EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/10 12:42 p.m.41 views

CVE-2026-52757 Ghidra < 12.1 - Heap-use-after-free in HighVariable::merge() during decompilation

Ghidra before 12.1 contains a heap-use-after-free vulnerability in the decompiler's HighVariable::merge function during the variable merging pass. Attackers can trigger this vulnerability by crafting a binary that causes stale pointers in the HighIntersectTest::highedgemap cache to be dereference...

4.6CVSS0.00144EPSS
Exploits1References2
CVE
CVE
added 2026/06/10 12:42 p.m.50 views

CVE-2026-52757

Ghidra before 12.1 is affected by a heap-use-after-free in the decompiler’s HighVariable::merge() during the variable merging pass. The issue can be triggered by a crafted binary that causes stale pointers in the HighIntersectTest::highedgemap cache to be dereferenced, leading to reads/writes of ...

4.6CVSS5.4AI score0.00144EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/06/10 12:42 p.m.10 views

EUVD-2026-36016

Ghidra before 12.1 contains a heap-use-after-free vulnerability in the decompiler's HighVariable::merge function during the variable merging pass. Attackers can trigger this vulnerability by crafting a binary that causes stale pointers in the HighIntersectTest::highedgemap cache to be dereference...

4.6CVSS5.4AI score0.00144EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/10 12:42 p.m.9 views

CVE-2026-52757 Ghidra < 12.1 - Heap-use-after-free in HighVariable::merge() during decompilation

Ghidra before 12.1 contains a heap-use-after-free vulnerability in the decompiler's HighVariable::merge function during the variable merging pass. Attackers can trigger this vulnerability by crafting a binary that causes stale pointers in the HighIntersectTest::highedgemap cache to be dereference...

4.6CVSS5.4AI score0.00144EPSS
Exploits1References2
OSV
OSV
added 2026/06/10 8:39 a.m.8 views

BIT-APACHE-2026-43951 Apache HTTP Server: OOB Read in `merge_response_headers` can cause crash

Out-of-bounds Read vulnerability in Apache HTTP Server with modheaders and modmime and multiple response languages. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67...

6.5CVSS5.4AI score0.00525EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2026/06/10 8:6 a.m.3 views

net: gro: don't merge zcopy skbs

...

7.8CVSS5.8AI score0.00129EPSS
Exploits0
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.18 views

Fission 安全漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.24.0 contained a security vulnerability. This vulnerability stemmed from the lack of validation in the Environment.spec.runtime.podSpec/spec.builder.podSpec field. When using MergePodSpec,...

9.9CVSS5.3AI score0.003EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

National Security Agency Ghidra 资源管理错误漏洞

National Security Agency Ghidra is a software reverse-engineering framework developed by the National Security Agency NSA. Versions of National Security Agency Ghidra prior to version 12.1 contained a resource management vulnerability. This vulnerability stemmed from the use of the...

4.6CVSS5.4AI score0.00144EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.30 views

PT-2026-48509

Name of the Vulnerable Software and Affected Versions Fission versions prior to 1.24.0 Description Fission is a Kubernetes-native serverless framework. The Environment CRD exposes spec.runtime.podSpec and spec.builder.podSpec, which are merged into the Kubernetes pod specs for runtime and builder...

9.9CVSS5.8AI score0.00274EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.16 views

PT-2026-48508

Name of the Vulnerable Software and Affected Versions Fission versions prior to 1.24.0 Description Fission is an open-source, Kubernetes-native serverless framework used for deploying functions and applications on Kubernetes. The Container Executor path allows a tenant to directly supply...

9.9CVSS5.8AI score0.00274EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.21 views

PT-2026-48507

Name of the Vulnerable Software and Affected Versions Fission versions prior to 1.24.0 Description An issue exists in the Kubernetes-native serverless framework where the Environment.spec.runtime.podSpec and spec.builder.podSpec passthrough lacks validation. This allows the MergePodSpec function ...

9.9CVSS5.8AI score0.003EPSS
Exploits0References12
Rows per page
Query Builder