Lucene search
K

12176 matches found

RedhatCVE
RedhatCVE
added 2026/06/25 5:11 a.m.9 views

CVE-2026-12316

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...

9.1CVSS5.8AI score0.00245EPSS
Exploits0References5
Redos
Redos
added 2026/06/25 12:0 a.m.4 views

ROS-20260625-73-0019

The vulnerability of the DOM component in Firefox web browsers, Firefox ESR, and the Thunderbird email client is related to the use of memory after it is released. Exploiting this vulnerability can allow a malicious actor to compromise the confidentiality, integrity, and accessibility of protecte...

7.5CVSS5.8AI score0.00317EPSS
Exploits0
NVD
NVD
added 2026/06/24 6:17 p.m.7 views

CVE-2026-44017

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.91.0, the EasyOCR model download functionality extracted ZIP archives without validating member paths, enabling Zip Slip attacks. If an attacker could compromi...

8.3CVSS0.00478EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/24 5:48 p.m.29 views

CVE-2026-44017 Docling: Unsafe Zip Extraction in EasyOCR Model Download

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.91.0, the EasyOCR model download functionality extracted ZIP archives without validating member paths, enabling Zip Slip attacks. If an attacker could compromi...

7.5CVSS0.00478EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/24 5:48 p.m.6 views

CVE-2026-44017 Docling: Unsafe Zip Extraction in EasyOCR Model Download

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.91.0, the EasyOCR model download functionality extracted ZIP archives without validating member paths, enabling Zip Slip attacks. If an attacker could compromi...

7.5CVSS6.7AI score0.00478EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 5:48 p.m.46 views

CVE-2026-44017

CVE-2026-44017 concerns Docling’s EasyOCR model download: prior to 2.91.0, ZIP archives were extracted without validating member paths, enabling Zip Slip path traversal. An attacker who could supply or intercept the model source could overwrite files anywhere writable by the process, potentially ...

8.3CVSS6.7AI score0.00478EPSS
Exploits0References5Affected Software1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in Firefox and Thunderbird

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

9.8CVSS5.8AI score0.0043EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.10 views

Astra Linux – Vulnerability in Firefox and Thunderbird

Use-after-free in the DOM: Bindings WebIDL component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

9.8CVSS5.8AI score0.00469EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Clear XSTATEBVi in the guest XSAVE state whenever XFDi=1 When loading the guest XSAVE state via KVMSETXSAVE, and when updating XFD in response to a guest WRMSR, the disabled features in XSTATEBV are cleared to ensure tha...

5.5CVSS5.9AI score0.00198EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: iio: accel: adxl380: Avoid reading more entries than those present in the FIFO. The interrupt handler reads FIFO entries in batches of N samples, where N is the number of scan elements that have been enabled. However, the sensor...

7.8CVSS5.7AI score0.00129EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability in Firefox and Thunderbird

Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

10CVSS5.8AI score0.00483EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 9:36 a.m.3 views

MINI-384C-QXP5-2XCC

Bulletin has no description...

6.3CVSS5.8AI score0.00253EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/24 1:39 a.m.10 views

keylime: Keylime: Security bypass due to hardcoded TPM quote nonce

A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent runs, can exploit a vulnerability in the Keylime verifier. The verifier uses a hardcoded challenge nonce for Trusted Platform Module TPM quote attestation instead of a...

6.3CVSS5.8AI score0.00121EPSS
Exploits0References4
OSV
OSV
added 2026/06/23 11:17 p.m.2 views

MINI-F25X-5F6H-747V

Bulletin has no description...

8.8CVSS5.7AI score0.0022EPSS
Exploits1
OSV
OSV
added 2026/06/23 11:17 p.m.2 views

MINI-PV8X-WM8R-766P

Bulletin has no description...

7.5CVSS5.7AI score0.004EPSS
Exploits0
OSV
OSV
added 2026/06/23 11:17 p.m.2 views

MINI-RP4V-C4F3-PX8H

Bulletin has no description...

5.5CVSS5.7AI score0.00317EPSS
Exploits0
OSV
OSV
added 2026/06/23 11:17 p.m.2 views

MINI-93VF-874P-VJXW

Bulletin has no description...

7.5CVSS5.8AI score0.00781EPSS
Exploits0
NVD
NVD
added 2026/06/23 8:16 p.m.15 views

CVE-2026-45792

rtk filters and compresses command outputs before they reach your LLM context. Prior to 0.32.0, RTK Rust Token Killer improperly trusts project-local configuration files. RTK automatically loads .rtk/filters.toml from the working directory with highest priority and without user notification. An...

6.9CVSS0.00078EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/23 7:2 p.m.39 views

CVE-2026-45792 RTK improperly trusts project-local filter configuration, allowing silent tampering of command output shown to LLM

rtk filters and compresses command outputs before they reach your LLM context. Prior to 0.32.0, RTK Rust Token Killer improperly trusts project-local configuration files. RTK automatically loads .rtk/filters.toml from the working directory with highest priority and without user notification. An...

6.9CVSS0.00078EPSS
Exploits0References3
NVD
NVD
added 2026/06/23 6:18 p.m.7 views

CVE-2026-54012

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI lets a user who can create, update, or import workspace models store arbitrary meta.knowledge entries on their model without checking whether they own or can read the...

7.1CVSS0.00198EPSS
Exploits1References1
Rows per page
Query Builder