Lucene search
+L

291 matches found

NVD
NVD
added 2026/05/09 3:16 a.m.24 views

CVE-2026-7652

The LatePoint plugin for WordPress is vulnerable to Account Takeover via Weak Password Recovery Mechanism in the unauthenticated guest booking flow in versions up to, and including, 5.5.0 This is due to the saveconnectedwordpressuser function propagating a LatePoint customer's email address to it...

5.3CVSS0.00719EPSS
Exploits0References15
ATTACKERKB
ATTACKERKB
added 2026/05/04 4:50 p.m.8 views

CVE-2026-42077

Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a prototype pollution vulnerability in the mailbox store module allows attackers to modify the behavior of all JavaScript objects by injecting malicious properties into Object.prototype. The vulnerability exists...

5.2CVSS5.7AI score0.00109EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.18 views

PT-2026-36855

Name of the Vulnerable Software and Affected Versions Evolver versions prior to 1.69.3 Description A prototype pollution issue in the mailbox store module allows attackers to modify the behavior of all JavaScript objects by injecting malicious properties into Object.prototype. The flaw occurs...

5.2CVSS5.8AI score0.00109EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/04/29 5:59 a.m.17 views

lodash: lodash: Arbitrary code execution via untrusted input in template imports

A flaw was found in lodash. The fix for CVE-2021-23337 added validation for the variable option in .template but did not apply the same validation to options.imports key names. Both paths flow into the same Function constructor sink. Additionally, .template uses assignInWith to merge imports, whi...

9.8CVSS5.2AI score0.01735EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.4 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-006929)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006929 advisory. In the Linux kernel, the following vulnerability has been resolved: udf: Do not bother merging very long extents When merging very long extents we try to push as muc...

7.8CVSS5.6AI score0.00153EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.8 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011195)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011195 advisory. In the Linux kernel, the following vulnerability has been resolved: udf: Do not bother merging very long extents When merging very long extents we try to push as muc...

7.8CVSS6.2AI score0.00153EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/08 9:50 p.m.10 views

Pretext: Algorithmic Complexity (DoS) in the text analysis phase

isRepeatedSingleCharRun in src/analysis.ts line 285 re-scans the entire accumulated segment on every merge iteration during text analysis, producing On² total work for input consisting of repeated identical punctuation characters. An attacker who controls text passed to prepare can block the main...

5.9AI score
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.12 views

PT-2026-30898

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.212, FreeScout does not take the limit user customer visibility parameter into account when merging customers. This vulnerability is fixed in 1.8.212...

7.6CVSS5.9AI score0.00235EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.11 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from mm mseal failing to correctly update the end address during the merging of VMA sections,...

5.5CVSS6AI score0.00218EPSS
Exploits1References3
Packet Storm News
Packet Storm News
added 2026/04/01 12:0 a.m.13 views

When Safe Models Merge into Danger: Exploiting Latent Vulnerabilities in LLM Fusion

Model merging has emerged as a powerful technique for combining specialized capabilities from multiple fine-tuned LLMs without additional training costs. However, the security implications of this widely-adopted practice remain critically underexplored. In this work, we reveal that model merging...

5.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/29 12:0 a.m.5 views

PT-2026-28612

Name of the Vulnerable Software and Affected Versions MikroORM versions prior to 6.6.10 MikroORM versions prior to 7.0.6 Description A flaw exists in the Utils.merge helper within MikroORM that does not prevent the use of special keys like proto , constructor, and prototype during object merging...

9.1CVSS6AI score0.00377EPSS
Exploits0References7
Fedora
Fedora
added 2026/03/28 1:7 a.m.7 views

[SECURITY] Fedora 42 Update: samtools-1.23.1-1.fc42

SAM Sequence Alignment/Map is a flexible generic format for storing nucleotide sequence alignment. SAM Tools provide various utilities for manipulating alignments in the SAM format, including sorting, merging, indexing and generating alignments in a per-position format...

8.8CVSS5.9AI score0.00373EPSS
Exploits0
Fedora
Fedora
added 2026/03/28 12:19 a.m.6 views

[SECURITY] Fedora 44 Update: samtools-1.23.1-1.fc44

SAM Sequence Alignment/Map is a flexible generic format for storing nucleotide sequence alignment. SAM Tools provide various utilities for manipulating alignments in the SAM format, including sorting, merging, indexing and generating alignments in a per-position format...

9.8CVSS5.9AI score0.00523EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/27 2:25 p.m.17 views

CVE-2021-27452

The software contains a hard-coded password that could allow an attacker to take control of the merging unit using these hard-coded credentials on the MU320E all firmware versions prior to v04A00.1...

7.8CVSS7.2AI score0.00263EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/11 7:29 p.m.13 views

Argo Workflows: WorkflowTemplate Security Bypass via podSpecPatch in Strict/Secure Reference Mode

Summary A user who can submit Workflows can completely bypass all security settings defined in a WorkflowTemplate by including a podSpecPatch field in their Workflow submission. This works even when the controller is configured with templateReferencing: Strict, which is specifically documented as...

9.9CVSS5.8AI score0.00413EPSS
Exploits1References3Affected Software3
Tenable Nessus
Tenable Nessus
added 2026/03/05 12:0 a.m.4 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005622)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005622 advisory. In the Linux kernel, the following vulnerability has been resolved: udf: Do not bother merging very long extents When merging very long extents we try to push as muc...

7.8CVSS5.8AI score0.00153EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/19 7:21 p.m.4 views

CVE-2025-33239

NVIDIA Megatron Bridge contains a vulnerability in a data merging tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...

7.8CVSS5.7AI score0.00197EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/18 3:5 p.m.3 views

Arbitrary Code Injection

Overview megatron-bridge is a Megatron Bridge: Training Recipes for Megatron-based LLM and VLM models Affected versions of this package are vulnerable to Arbitrary Code Injection via the data merging tutorial process. An attacker can execute arbitrary code, escalate privileges, disclose sensitive...

8.5CVSS6.1AI score0.00197EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/18 1:57 p.m.4 views

CVE-2025-33239

NVIDIA Megatron Bridge contains a vulnerability in a data merging tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...

7.8CVSS5.7AI score0.00197EPSS
Exploits0References3
OSV
OSV
added 2026/02/18 1:57 p.m.7 views

CVE-2025-33239

NVIDIA Megatron Bridge contains a vulnerability in a data merging tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...

7.8CVSS5.9AI score0.00197EPSS
Exploits0References4
Rows per page
Query Builder