Lucene search
+L

170 matches found

euvd
euvd
added last week8 views

EUVD-2026-42985

Snipe-IT is an IT asset/license management system. Prior to 8.6.0, UsersController::update passes a missing permission request field through NormalizePermissionsPayloadAction and PreserveUnauthorizedPrivilegedPermissionsAction in a way that can overwrite a target user’s permissions with a sparse...

7CVSS6.1AI score0.00298EPSS
Exploits0References3
snyk
snyk
added 2026/06/29 2:23 p.m.10 views

Interpretation Conflict

Overview fast-uri is a Dependency-free RFC 3986 URI toolbox Affected versions of this package are vulnerable to Interpretation Conflict in its parse, normalize, and equal functions, which call the nonexistent URL.domainToASCII static method and silently swallow the resulting TypeError into...

8.7CVSS5.8AI score0.00312EPSS
Exploits0References2
osv
osv
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-464 PraisonAI Has Path Traversal in FileTools

Executive Summary: The path validation has a critical logic bug: it checks for .. AFTER normpath has already collapsed all .. sequences. This makes the check completely useless and allows trivial path traversal to any file on the system. The path validation function also does not resolve the...

9.2CVSS6AI score0.00416EPSS
Exploits1References6
osv
osv
added 2026/06/24 3:31 p.m.22 views

MAL-2026-6399 Malicious code in normalize-plus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8d9638f9c3f81ac15972cf2ff227b2d426a72c5e37035e54402648fe8120675 On import, normalize-plus's top-level initPlugin performs an HTTP GET against https://jsonkeeper.com/b/CI3HT, parses the JSON response, and evaluates...

6AI score
Exploits0References2
ossf
ossf
added 2026/06/24 3:31 p.m.7 views

Malicious code in normalize-plus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8d9638f9c3f81ac15972cf2ff227b2d426a72c5e37035e54402648fe8120675 On import, normalize-plus's top-level initPlugin performs an HTTP GET against https://jsonkeeper.com/b/CI3HT, parses the JSON response, and evaluates...

6AI score
Exploits0References2
osv
osv
added 2026/06/17 4:18 a.m.20 views

MAL-2026-5989 Malicious code in pathfix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2527fa3618f01b694722f2a50297c248053dcdabf1b471ee9bdbdc6522bb838 pathfix presents itself as a Stylus port of normalize.css but ships a copy of the unrelated normalize-path module with an appended...

5.9AI score
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.23 views

PT-2026-50430

Name of the Vulnerable Software and Affected Versions 389 Directory Server affected versions not specified Description A flaw exists in the aclp normalize acltxt function within aclparse.c. A malformed Access Control Instruction ACI string can trigger heap-buffer-overflow writes and reads during...

5.4CVSS5.8AI score0.00226EPSS
Exploits0References12
redhatcve
redhatcve
added 2026/06/05 7:48 p.m.13 views

CVE-2026-10211

A vulnerability was determined in AstrBotDevs AstrBot 4.23.6. Affected by this issue is the function normalizerwpath of the file astrbot/core/tools/computertools/fs.py. This manipulation causes incorrect authorization. It is possible to initiate the attack remotely. The exploit has been publicly...

6.5CVSS6.2AI score0.00201EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/03 2:29 p.m.10 views

CVE-2026-3276 Potential DoS via quadratic complexity in unicodedata.normalize()

unicodedata.normalize can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms...

6.3CVSS5.8AI score0.00492EPSS
Exploits0References8
nessus
nessus
added 2026/06/03 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-3276

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - unicodedata.normalize can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating...

6.3CVSS6.1AI score0.00492EPSS
Exploits0References4
nvd
nvd
added 2026/06/01 2:16 a.m.14 views

CVE-2026-10211

A vulnerability was determined in AstrBotDevs AstrBot 4.23.6. Affected by this issue is the function normalizerwpath of the file astrbot/core/tools/computertools/fs.py. This manipulation causes incorrect authorization. It is possible to initiate the attack remotely. The exploit has been publicly...

6.5CVSS0.00201EPSS
Exploits0References5
attackerkb
attackerkb
added 2026/06/01 1:15 a.m.10 views

CVE-2026-10211

A vulnerability was determined in AstrBotDevs AstrBot 4.23.6. Affected by this issue is the function normalizerwpath of the file astrbot/core/tools/computertools/fs.py. This manipulation causes incorrect authorization. It is possible to initiate the attack remotely. The exploit has been publicly...

6.5CVSS6.3AI score0.00201EPSS
Exploits0References5Affected Software1
cvelist
cvelist
added 2026/06/01 1:15 a.m.48 views

CVE-2026-10211 AstrBotDevs AstrBot fs.py _normalize_rw_path authorization

A vulnerability was determined in AstrBotDevs AstrBot 4.23.6. Affected by this issue is the function normalizerwpath of the file astrbot/core/tools/computertools/fs.py. This manipulation causes incorrect authorization. It is possible to initiate the attack remotely. The exploit has been publicly...

6.5CVSS0.00201EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2026/06/01 1:15 a.m.13 views

CVE-2026-10211 AstrBotDevs AstrBot fs.py _normalize_rw_path authorization

A vulnerability was determined in AstrBotDevs AstrBot 4.23.6. Affected by this issue is the function normalizerwpath of the file astrbot/core/tools/computertools/fs.py. This manipulation causes incorrect authorization. It is possible to initiate the attack remotely. The exploit has been publicly...

6.5CVSS5.5AI score0.00201EPSS
Exploits0References5
cnnvd
cnnvd
added 2026/06/01 12:0 a.m.10 views

AstrBot 安全漏洞

AstrBot is an open-source multi-platform LLM chatbot and development framework created by AstrBot. Version 4.23.6 of AstrBot contains a security vulnerability. This vulnerability stems from the improper authorization in the normalizerwpath function found in the...

6.5CVSS6.4AI score0.00201EPSS
Exploits0References5
ossf
ossf
added 2026/05/25 5:50 p.m.11 views

Malicious code in normalize-path-seq (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 048493f47bc6a8b0a61c93d14a9bfbbe5edd77baff2d2423870e3cc8b7099b0a On require, index.js invokes initPlugin at the module top level, which performs an HTTPS GET to https://jsonkeeper.com/b/VL3WY, parses the response...

6.5AI score
Exploits0References2
osv
osv
added 2026/05/25 5:50 p.m.12 views

MAL-2026-4622 Malicious code in normalize-path-seq (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 048493f47bc6a8b0a61c93d14a9bfbbe5edd77baff2d2423870e3cc8b7099b0a On require, index.js invokes initPlugin at the module top level, which performs an HTTPS GET to https://jsonkeeper.com/b/VL3WY, parses the response...

6.5AI score
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in commons-io

In Apache Commons IO before version 2.7, when the FileNameUtils.normalize method was called with an improper input string, such as “//../foo” or “\..\foo”, the result would be the same value. This potentially allowed access to files in the parent directory, but not further up the path thus...

5.8CVSS6.6AI score0.10608EPSS
Exploits1References1
ubuntucve
ubuntucve
added 2026/05/05 11:16 a.m.9 views

CVE-2026-6322

fast-uri normalize decoded percent-encoded authority delimiters inside the host component and then re-emitted them as raw delimiters during serialization. A host that combined an allowed domain, an encoded at-sign, and a different domain was re-emitted with the at-sign as a raw userinfo separator...

7.5CVSS5.8AI score0.00475EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/05/05 12:0 a.m.18 views

PT-2026-36996

Name of the Vulnerable Software and Affected Versions fast-uri versions prior to 3.1.2 Description The normalize function decoded percent-encoded authority delimiters within the host component and re-emitted them as raw delimiters during serialization. This allows a host combining an allowed...

7.5CVSS5.8AI score0.00475EPSS
Exploits0References245
Rows per page
Query Builder