Lucene search
K

19537 matches found

RedhatCVE
RedhatCVE
added 2026/04/14 9:25 p.m.7 views

CVE-2026-5713

A flaw was found in Python. A malicious Python process could exploit the "profiling.sampling" module and "asyncio introspection capabilities" to read and write memory addresses within a privileged process. This vulnerability occurs when the privileged process connects to the malicious process via...

6CVSS6AI score0.00132EPSS
Exploits0References6
Snyk
Snyk
added 2026/04/14 8:1 p.m.3 views

Open Redirect

Overview @adonisjs/http-server is an AdonisJS HTTP server with support packed with Routing and Cookies Affected versions of this package are vulnerable to Open Redirect via the response.redirect.back function. An attacker can redirect users to malicious external sites by manipulating the Referer...

6.1CVSS5.7AI score0.00248EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/14 6:40 p.m.6 views

CVE-2026-32226

A flaw was found in .NET Framework. This vulnerability, a race condition, allows an unauthorized attacker to exploit improper synchronization when shared resources are concurrently executed. This can lead to a Denial of Service DoS over a network, making the affected system or application...

5.9CVSS5.7AI score0.00542EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/14 6:19 p.m.6 views

CVE-2025-69993

A flaw was found in Leaflet. This Cross-Site Scripting XSS vulnerability exists in the bindPopup method, which fails to sanitize user-supplied input. A remote attacker can exploit this by injecting malicious JavaScript code into map popups. When a victim views an affected map, the injected script...

6.1CVSS5.8AI score0.00191EPSS
Exploits2References5
RedhatCVE
RedhatCVE
added 2026/04/14 6:9 p.m.2 views

CVE-2026-33948

A flaw was found in jq, a command-line JSON processor. This vulnerability allows a remote attacker to bypass input validation by crafting malicious JSON input containing embedded null NUL bytes. Due to incorrect handling of input buffer lengths, jq truncates the input at the first NUL byte,...

6.3CVSS5.9AI score0.00256EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/04/14 5:44 p.m.3 views

CVE-2026-4786

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

7.1CVSS5.9AI score0.0029EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/14 1:49 a.m.5 views

CVE-2026-6264

A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the JMX monitoring port. The attack vector is the JMX monitoring port of the Talend JobServer. The vulnerability can be mitigated for the Talend JobServer by requiring TLS client...

9.8CVSS6.4AI score0.00739EPSS
Exploits0References2Affected Software2
EUVD
EUVD
added 2026/04/14 12:31 a.m.3 views

EUVD-2026-22134

Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...

7CVSS5.8AI score0.00308EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/14 12:31 a.m.5 views

EUVD-2026-22092

A series of Improper Input Validation vulnerabilities could allow a Command Injection by a malicious actor with access to the UniFi Play network. Affected Products: UniFi Play PowerAmp Version 1.0.35 and earlier UniFi Play Audio Port Version 1.0.24 and earlier Mitigation: Update UniFi Play...

9.8CVSS5.8AI score0.01051EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.5 views

PT-2026-32611

Name of the Vulnerable Software and Affected Versions Sigstore Timestamp Authority versions prior to 2.0.6 Description An authorization bypass exists in the timestamp-authority/v2/pkg/verification package. The VerifyTimestampResponse function correctly verifies the certificate chain signature, bu...

5.5CVSS5.2AI score0.00099EPSS
Exploits0References246
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.5 views

PT-2026-33235

Name of the Vulnerable Software and Affected Versions @vendure/core versions prior to 2.3.4 @vendure/core versions 3.0.0 through 3.5.6 @vendure/core versions 3.6.0 through 3.6.1 Description An unauthenticated SQL injection exists in the Shop API and an authenticated SQL injection exists in the...

9.1CVSS6.1AI score0.01762EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/04/14 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-4786

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mitgation of CVE-2026-4519 was incomplete. If the URL contained %action the mitigation could be bypassed for certain browser types the webbrowser.open API could...

7.1CVSS6.3AI score0.00308EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/13 10:27 p.m.4 views

CVE-2026-40310

A flaw was found in ImageMagick. This vulnerability, a heap out-of-bounds write, occurs within the JPEG 2000 JP2 encoder when processing an image with an invalid sampling index. A remote attacker could exploit this by providing a specially crafted image, which may lead to a denial of service DoS ...

6.5CVSS5.8AI score0.00189EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/04/13 10:27 p.m.6 views

CVE-2026-40169

A flaw was found in ImageMagick. A remote attacker could exploit this vulnerability by providing a specially crafted image file. When ImageMagick processes this image to generate a YAML or JSON output, it can lead to an out-of-bounds heap write, causing the application to crash. This results in a...

6.5CVSS5.7AI score0.0018EPSS
Exploits0References7
OSV
OSV
added 2026/04/13 10:16 p.m.5 views

DEBIAN-CVE-2026-4786

Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...

7CVSS5.3AI score0.0029EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/04/13 10:16 p.m.8 views

CVE-2026-4786

Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...

7CVSS5.8AI score0.00308EPSS
Exploits0References7
OSV
OSV
added 2026/04/13 10:16 p.m.4 views

UBUNTU-CVE-2026-4786

Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...

7.1CVSS5.8AI score0.0029EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/13 10:8 p.m.3 views

CVE-2026-33899

A flaw was found in ImageMagick. When processing a specially crafted XML file, a remote attacker could exploit an out-of-bounds write vulnerability. This could lead to a denial of service, making the affected program unavailable. Mitigation Mitigation for this issue is either not available or the...

5.3CVSS5.7AI score0.00428EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/04/13 10:8 p.m.7 views

CVE-2026-33900

A flaw was found in ImageMagick, a software suite for editing and manipulating digital images. This vulnerability, an integer truncation/wraparound issue within the viff encoder on 32-bit builds, could lead to an out-of-bounds heap write. An attacker could exploit this by providing a specially...

7.5CVSS5.7AI score0.00434EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/04/13 10:8 p.m.6 views

CVE-2026-33901

A flaw was found in ImageMagick. A remote attacker could exploit a heap buffer overflow vulnerability in the MVG decoder by processing a specially crafted image file. This vulnerability allows for an out-of-bounds write, which could lead to a Denial of Service DoS for the affected system...

7.5CVSS5.9AI score0.00566EPSS
Exploits0References6
Rows per page
Query Builder