Lucene search
+L

293 matches found

Veracode
Veracode
added 4 days ago9 views

Prototype Pollution

@feathersjs/commons is vulnerable to Prototype Pollution. The vulnerability is due to unsafe recursive merging of attacker-controlled objects containing proto, constructor, or prototype properties, which allows an attacker to pollute the global object prototype when untrusted JSON input is passed...

3.7CVSS6.1AI score0.00389EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:21 p.m.8 views

CVE-2026-52806

Gogs is an open source self-hosted Git service. Prior to 0.14.3, Gogs allows authenticated users to achieve Remote Code Execution RCE on the server by creating a pull request with a specially crafted branch name that injects the --exec flag into the git rebase command during the "Rebase before...

9.9CVSS6AI score0.01029EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-54651

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to 6.13.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loo...

6.9CVSS5.9AI score0.00111EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.15 views

PT-2026-51624

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description Authenticated users can achieve Remote Code Execution RCE on the server during the "Rebase before merging" operation in pull requests. The issue stems from improper argument handling where the base...

9.9CVSS6.2AI score0.01029EPSS
Exploits0References14
ATTACKERKB
ATTACKERKB
added 2026/06/22 8:28 p.m.3 views

CVE-2026-54651

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with threads/articles into a writer. This vulnerability is fixed in 6.13.1...

6.9CVSS5.8AI score0.00111EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/22 8:28 p.m.4 views

CVE-2026-54651 pypdf: Possible infinite loop when processing threads/articles in writer

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with threads/articles into a writer. This vulnerability is fixed in 6.13.1...

6.9CVSS5.9AI score0.00111EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/22 8:26 p.m.6 views

CVE-2026-54531

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with outlines into a writer. This vulnerability is fixed in 6.13.0...

6.9CVSS5.8AI score0.00123EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/06/22 8:26 p.m.29 views

CVE-2026-54531 pypdf: Possible infinite loop when processing outlines/bookmarks in writer

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with outlines into a writer. This vulnerability is fixed in 6.13.0...

6.9CVSS0.00123EPSS
Exploits0References3
SUSE Linux
SUSE Linux
added 2026/06/22 8:5 p.m.5 views

Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.31 fixes various security issues The following security issues were fixed: CVE-2026-23278: netfilter: nftables: always walk all pending catchall elements bsc1260907. CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cac...

8.8CVSS6.4AI score0.0049EPSS
Exploits8References26
Snyk
Snyk
added 2026/06/16 2:5 p.m.11 views

Infinite loop

Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Infinite loop via the processing outlines or bookmarks in writer. An attacker can cause the application to enter an infinite loop ...

6.9CVSS5.9AI score0.00123EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.15 views

PT-2026-49743

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.13.0 Description A flaw in the pure-python PDF library allows an attacker to craft a PDF that triggers an infinite loop. This occurs when merging a file containing outlines into a writer. Recommendations Update to...

6.9CVSS5.8AI score0.00123EPSS
Exploits0References16
GithubExploit
GithubExploit
added 2026/06/13 4:5 a.m.133 views

Exploit for Memory Allocation with Excessive Size Value in Apache Http_Server

http2-bomb-detector HTTP/2 Bomb CVE-2026-49975 Non-destru...

7.5CVSS5.6AI score0.11471EPSS
Exploits8
Rapid7 Blog
Rapid7 Blog
added 2026/05/28 12:0 p.m.142 views

CVE-2026-52806: Authenticated RCE via Argument Injection in Gogs (FIXED as of June 7, 2026)

Overview Rapid7 Labs discovered a critical argument injection CWE-88 vulnerability in Gogs, a popular open-source self-hosted Git service, tracked as CVE-2026-52806. The vulnerability, scored as CVSSv3.1 9.9 Critical, allows any authenticated user to achieve remote code execution RCE on the serve...

9.9CVSS7.4AI score0.01029EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.37 views

PT-2026-44238

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description The biovec phys mergeable function, used in request merge, DMA mapping, and integrity merge paths, fails to verify if physically contiguous bvec segments belong to different dev pagemaps...

9.8CVSS5.9AI score0.00491EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: tls: Stop the recv operation if the initial processrxlist contains a record that is not of the DATA type. If there is a record on rxlist that is not of the DATA type, and there is another record of the same type still in the queu...

5.5CVSS5.9AI score0.00175EPSS
Exploits2References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm/vma: Fixed an anonymous VMA UAF issue related to mremap, where faulty VMA was merged with unfaulted VMA. The patch series “mm/vma: Fix anonymous VMA UAF in mremap faulty/uncorrected merges”, version 2, addresses this issue...

7.8CVSS5.7AI score0.00134EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

In the Linux kernel, the following vulnerability has been resolved: udf: Do not bother merging very long extents. When merging very long extents, we try to assign as much length as possible to the first extent. However, this is unnecessarily complicated and not really worth the effort. Moreover,...

7.8CVSS5.9AI score0.00153EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ksm: The range-walk function is used to skip over unmapped regions during the scangetnextrmapitem operation. Currently, scangetnextrmapitem traverses every page address in a VMA to locate mergeable pages. This approach becomes...

5.5CVSS6AI score0.00128EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: md/raid10: fixed the null-ptr-deref issue in mreplace in raid10syncrequest. There are two checks for ‘mreplace’ in raid10syncrequest. In the first check, ‘needreplace’ is set, and ‘mreplace’ is used later if there is no faulty...

5.5CVSS6.1AI score0.00137EPSS
Exploits0References2
Fedora
Fedora
added 2026/05/19 4:1 p.m.17 views

[SECURITY] Fedora 43 Update: perl-Net-CIDR-Lite-0.24-1.fc43

Faster alternative to Net::CIDR when merging a large number of CIDR address ranges. Works for IPv4 and IPv6 addresses...

6.5CVSS5.8AI score0.00311EPSS
Exploits0
Rows per page
Query Builder