Lucene search
K

3400 matches found

CVE
CVE
added yesterday3 views

CVE-2025-71352

The CVE-2025-71352 entry affects the Python-based tool picklescan (pre-0.0.29). The issue: picklescan fails to detect the built-in Python function trace.Trace.runctx when it is used inside pickle file reduce methods, enabling remote attackers to craft malicious pickle files that bypass detection ...

8.1CVSS6.1AI score
Exploits0References2
RedHat Linux
RedHat Linux
added yesterday4 views

lodash: prototype pollution in _.unset and _.omit functions

A flaw was found in Lodash. A prototype pollution vulnerability in the .unset and .omit functions allows an attacker able to control property paths to delete methods from global prototypes. By removing essential functionalities, this can result in a denial of service...

8.2CVSS6.5AI score0.01535EPSS
Exploits0References5
NVD
NVD
added 2 days ago8 views

CVE-2026-55956

Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

6.5CVSS0.00165EPSS
Exploits0References2
CVE
CVE
added 2 days ago16 views

CVE-2026-55956

CVE-2026-55956 is an improper authorization vulnerability in Apache Tomcat. The issue causes the security constraints configured for the default servlet to ignore certain methods or method omissions, potentially bypassing intended access controls. Affected product ranges include Tomcat versions 1...

6.5CVSS5.7AI score0.00165EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago25 views

CVE-2026-55956 Apache Tomcat: Security constraints for default servlet ignored method

Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

0.00165EPSS
Exploits0References1
NVD
NVD
added 2 days ago7 views

CVE-2026-57341

Unauthenticated Insecure Direct Object References IDOR in Colissimo Officiel : Méthodes de livraison pour WooCommerce = 2.9.0 versions...

6.5CVSS0.00258EPSS
Exploits0References1
CVE
CVE
added 2 days ago8 views

CVE-2026-57341

The CVE-2026-57341 entry describes an Unauthenticated Insecure Direct Object References (IDOR) vulnerability in the Colissimo Officiel: Méthodes de livraison pour WooCommerce plugin for WordPress, affecting versions

6.5CVSS5.8AI score0.00258EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-40112

Unauthenticated Insecure Direct Object References IDOR in Colissimo Officiel : Méthodes de livraison pour WooCommerce = 2.9.0 versions...

6.5CVSS5.8AI score0.00258EPSS
Exploits0References1
Nuclei
Nuclei
added 3 days ago112 views

Github Enterprise Authenticated Remote Code Execution

An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the...

9.8CVSS7.8AI score0.71725EPSS
Exploits1References5
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-39602

Bypass to the fix for CVE-2026-34916. Variants of such vectors have been also reported by phucrio and offsetmd. The fix can be bypassed either by sending a disallowed but otherwise valid plugin identifier as type, or using the ox.setChannelTargeting XML-RPC API method...

8.8CVSS6.6AI score0.01975EPSS
Exploits1References2
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-39448

Vim is an open source, command line text editor. Prior to 9.2.0671, when Vim opens a file encrypted with the VimCrypt04! or VimCrypt05! method xchacha20poly1305, requires the +sodium feature whose body is shorter than a single libsodium secretstream header, an unsigned length calculation underflo...

5.5CVSS5.9AI score0.0012EPSS
Exploits0References3
Cvelist
Cvelist
added 6 days ago28 views

CVE-2026-13222 Insufficient validation of payment status in pretix-oppwa

Our payment integration with Oppwa-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one...

6.3CVSS0.00257EPSS
Exploits0References1
EUVD
EUVD
added last week8 views

EUVD-2025-210327

picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.debugobj.ObjectTreeItem.SetText function in reduce methods. Attackers can craft pickle files with embedded code that bypasses picklescan detection and executes arbitrary commands when pickle.load is called...

8.1CVSS6.1AI score0.00253EPSS
Exploits0References2
NVD
NVD
added 2026/06/23 5:16 p.m.7 views

CVE-2026-44957

A missing access control check when invoking various modify methods in the XML‑RPC API of Revive Adserver 6.0.6 and earlier. The API allowed entities to be reassigned to different parent entities, leading to inconsistent ownership relationships. This issue was exploitable only in combination with...

4.3CVSS0.00235EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 4:14 p.m.7 views

EUVD-2026-38502

A missing access control check when invoking various modify methods in the XML‑RPC API of Revive Adserver 6.0.6 and earlier. The API allowed entities to be reassigned to different parent entities, leading to inconsistent ownership relationships. This issue was exploitable only in combination with...

4.3CVSS5.8AI score0.0031EPSS
Exploits1References1
NVD
NVD
added 2026/06/23 1:16 p.m.10 views

CVE-2025-71376

picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.autocomplete.AutoComplete.fetchcompletions in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims...

8.1CVSS0.003EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 12:12 p.m.7 views

EUVD-2025-210308

picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.autocomplete.AutoComplete.fetchcompletions in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims...

8.1CVSS6.1AI score0.003EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/23 12:12 p.m.6 views

CVE-2025-71376

picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.autocomplete.AutoComplete.fetchcompletions in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims...

8.1CVSS6.1AI score0.003EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/22 4:23 p.m.4 views

CVE-2026-54269

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 8.6.0 and 7.6.3, protobufjs accepted certain schema-derived names that could collide with properties used by protobufjs runtime helpers. The known affected names are fields named hasOwnProperty, field or oneof names...

5.3CVSS5.9AI score0.00238EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/21 2:16 p.m.11 views

CVE-2025-71348

picklescan before 0.0.28 fails to detect malicious pickle files that invoke torch.utils.configmodule.loadconfig function within reduce methods. Attackers can craft pickle files embedding arbitrary code that evades detection but executes during pickle.load, enabling remote code execution in supply...

8.1CVSS0.00397EPSS
Exploits1References2
Rows per page
Query Builder