Lucene search
K

651 matches found

Github Security Blog
Github Security Blog
added 2026/04/29 6:33 a.m.13 views

CyberChef has a Cross-site Scripting issue

GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /recipe=ShowBase64offsets'%3Cscript substring...

7.2CVSS5.8AI score0.00294EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/04/29 4:16 a.m.4 views

CVE-2026-42615

GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /recipe=ShowBase64offsets'%3Cscript substring...

7.2CVSS0.00294EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/29 2:55 a.m.4 views

EUVD-2026-26191

GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /recipe=ShowBase64offsets'%3Cscript substring...

7.2CVSS5.1AI score0.00294EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/29 2:55 a.m.3 views

CVE-2026-42615

GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /recipe=ShowBase64offsets'%3Cscript substring...

7.2CVSS5AI score0.00294EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/29 2:55 a.m.4 views

CVE-2026-42615

GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /recipe=ShowBase64offsets'%3Cscript substring...

7.2CVSS5AI score0.00294EPSS
Exploits0References5
CVE
CVE
added 2026/04/29 2:55 a.m.11 views

CVE-2026-42615

CyberChef up to version 11.0.0 is affected by an XSS in the Show Base64 offsets path, allowing script injection via the URL/fragment (e.g., /#recipe=Show_Base64_offsets...). Root cause: improper handling of Base64 offset input in the recipe viewer. Impact: potential script execution in the victim...

7.2CVSS5.1AI score0.00294EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/29 2:55 a.m.34 views

CVE-2026-42615

GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /recipe=ShowBase64offsets'%3Cscript substring...

7.2CVSS0.00294EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.11 views

CyberChef 跨站脚本漏洞

CyberChef is an open-source network application developed by GCHQ, featuring functions such as encryption, encoding, compression, and data analysis. Versions of CyberChef prior to 11.0.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the Show Base64 Offsets...

7.2CVSS5.6AI score0.00294EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.6 views

PT-2026-35866

Name of the Vulnerable Software and Affected Versions GCHQ CyberChef versions prior to 11.0.0 Description Cross-Site Scripting XSS is possible via the Show Base64 offsets feature. This occurs through the endpoint '/recipe=Show Base64 offsets', where an attacker can inject malicious scripts...

7.2CVSS5.8AI score0.00294EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/04/29 12:0 a.m.7 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: python3 (UTSA-2026-015069)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-015069 advisory. There is a defect in the CPython tarfile module affecting the TarFile extraction and entry enumeration APIs. The tar implementation would process tar archives with...

7.5CVSS6.8AI score0.00611EPSS
Exploits0References3
Slackware Linux
Slackware Linux
added 2026/04/27 11:13 p.m.7 views

[slackware-security] mpg123

New mpg123 packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mpg123-1.33.5-i586-1.txz: Upgraded. mpg123: Fix generic control mode for largefile-sensitive builds, where 32 bit offt was used with...

5.4AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/04/22 8:19 a.m.7 views

kernel: net/sched: cls_u32: use skb_header_pointer_careful()

In the Linux kernel, the following vulnerability has been resolved: net/sched: clsu32: use skbheaderpointercareful skbheaderpointer does not fully validate negative @offset values. Use skbheaderpointercareful instead. GangMin Kim provided a report and a repro fooling u32classify: BUG: KASAN:...

7.1CVSS5.6AI score0.00117EPSS
Exploits0References5
NVD
NVD
added 2026/04/22 7:16 a.m.6 views

CVE-2026-6839

Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constant tensor import in Samsung Open Source ONE Affected version is prior to commit 1.30.0...

6.6CVSS0.00102EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/22 6:7 a.m.30 views

CVE-2026-6839

Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constant tensor import in Samsung Open Source ONE Affected version is prior to commit 1.30.0...

6.6CVSS0.00102EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/22 6:7 a.m.3 views

CVE-2026-6839

Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constant tensor import in Samsung Open Source ONE Affected version is prior to commit 1.30.0...

6.6CVSS5.7AI score0.00102EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/22 6:7 a.m.4 views

CVE-2026-6839

Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constant tensor import in Samsung Open Source ONE Affected version is prior to commit 1.30.0...

6.6CVSS5.7AI score0.00102EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.11 views

ONE 安全漏洞

ONE is a high-performance edge-side neural network inference framework developed by Samsung. Versions of ONE prior to 1.30.0 contained a security vulnerability. This vulnerability stemmed from improper verification of STRING tensor offsets, which could lead to out-of-bound access during the impor...

6.6CVSS5.8AI score0.00102EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.7 views

PT-2026-34262

Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constant tensor import in Samsung Open Source ONE Affected version is prior to commit 1.30.0...

6.6CVSS5.7AI score0.00102EPSS
Exploits0References4
Oracle linux
Oracle linux
added 2026/04/16 12:0 a.m.14 views

python3 security update

3.6.8-21.0.9 - Security update CVE-2025-15366, CVE-2025-15367, CVE-2026-1299 Orabug: 39159999 3.6.8-21.0.7 - Security update CVE-2025-12084 Orabug: 38971895 3.6.8-21.0.5 - tarfile now validates archives to ensure member offsets are non-negative Orabug: 38442771CVE-2025-8194 3.6.8-21.0.3 - Fix DoS...

6CVSS5.7AI score0.02203EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2026/04/07 5:4 p.m.7 views

CVE-2025-47392

Memory corruption when decoding corrupted satellite data files with invalid signature offsets...

8.8CVSS5.9AI score0.00165EPSS
Exploits0References1
Rows per page
Query Builder