Lucene search
K

6177 matches found

EUVD
EUVD
added 2026/06/26 11:11 p.m.13 views

EUVD-2026-36191

ImageMagick: Memory Leak in wand option parser when providing invalid arguments...

4CVSS5.8AI score0.0011EPSS
Exploits0References3
OSV
OSV
added 2026/06/26 10:11 p.m.4 views

GHSA-X8G9-H984-PC36 PhpWeasyPrint vulnerable to SSRF and local file disclosure via the attachment option

Summary pontedilana/php-weasyprint fetches the content of option values server-side via filegetcontents when the value looks like a URL, without restricting the URL scheme. The attachment option of Pdf is the reachable sink: any value that passes isOptionUrl filtervar..., FILTERVALIDATEURL is...

6.5CVSS6AI score0.00242EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/26 9:31 p.m.9 views

CVE-2026-57234

A flaw was found in Nokogiri, an XML and HTML library for Ruby. The NONET parse option, intended to prevent external resource fetching, was not correctly enforced in the JRuby implementation of Nokogiri::XML::Schema. This oversight could allow a specially crafted XML schema to fetch external...

4.8CVSS5.6AI score0.00166EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/26 10:46 a.m.10 views

CVE-2026-53236

A flaw was found in the Linux kernel's handling of TCP sockets. An unprivileged application can exploit this vulnerability by attaching a Berkeley Packet Filter BPF using the SOATTACHFILTER option. This allows the application to conduct a side-channel attack, leading to the leakage of sensitive T...

7CVSS5.8AI score0.00128EPSS
Exploits0References4
OSV
OSV
added 2026/06/26 9:13 a.m.3 views

OPENSUSE-SU-2026:21071-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues Security issues: - CVE-2026-42050: Stack buffer overflow in XTileImage bsc1265048. - CVE-2026-42326: Information disclosure via malicious IPTC input file bsc1268092. - CVE-2026-45031: Denial of Service due to resource policy bypass in PSD...

9.1CVSS6.5AI score0.01849EPSS
Exploits4References64
NVD
NVD
added 2026/06/26 7:16 a.m.9 views

CVE-2026-8380

The Frontend File Manager Plugin WordPress plugin through 23.6 does not properly verify ownership of every targeted post before permanent deletion, allowing authenticated users with author-level access and above to permanently delete arbitrary posts and pages. When the Frontend File Manager Plugi...

6.5CVSS0.00342EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/25 11:8 p.m.6 views

CVE-2026-52999

A flaw was found in the Linux kernel's netfilter subsystem, specifically in the nfnetlinkosf module. When the NFOSFLOGLEVELALL option is configured, an out-of-bounds read vulnerability can occur during TCP option parsing. This issue can lead to incorrect data processing and logging failures,...

9.1CVSS5.8AI score0.00521EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/25 8:4 p.m.4 views

CVE-2026-55388

A flaw was found in piscina, a Node.js worker pool implementation. This vulnerability allows an attacker to achieve arbitrary code execution by exploiting a prototype pollution issue. By manipulating the filename option, an attacker can cause their malicious code to be executed within the worker,...

8.1CVSS6.4AI score0.00296EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/25 7:38 p.m.6 views

CVE-2026-11310

X.509 trust-chain bypass in the OpenSSL compatibility certificate verifier wolfSSLX509verifycert. This affects only builds with --enable-opensslextra OPENSSLEXTRA and whose application validates certificates by calling X509verifycert with caller-supplied untrusted intermediate certificates; for...

8.7CVSS5.9AI score0.00145EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/25 6:38 p.m.6 views

CVE-2026-49980

A flaw was found in Rclone, a command-line program for cloud storage synchronization. When the rcd --rc-serve option is enabled, an unauthenticated remote attacker can send specially crafted GET or HEAD requests to execute arbitrary commands as the Rclone process user. This vulnerability allows f...

9.8CVSS6.5AI score0.00701EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/25 4:42 p.m.23 views

CVE-2026-55697

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm can install configDependencies declared in pnpm-workspace.yaml before command dispatch. Before the patch, a repository could declare pacquet or @pnpm/pacquet as a config dependency and pnpm treated that repository-controlled dependency ...

7.5CVSS5.9AI score0.00127EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/06/25 2:30 p.m.30 views

CVE-2026-57234

Nokogiri (Ruby) prior to 1.19.4 has a vulnerability in the JRuby implementation of the NONET option for Nokogiri::XML::Schema, where default options could trigger network fetches for external resources, enabling SSRF or XXE. The issue is tied to the NONET behavior set by default for schema parsin...

2.6CVSS5.8AI score0.00166EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/25 2:30 p.m.34 views

CVE-2026-57234 Nokogiri: XML::Schema on JRuby allows network requests when NONET is set, bypassing CVE-2020-26247

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on by default for Nokogiri::XML::Schema see CVE-2020-26247, was not correctly enforced on the JRuby implementation. As a result, a schema parsed with...

2.6CVSS0.00166EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 1:16 p.m.10 views

CVE-2026-42004

An attacker can send a crafted EDNS OPT record that will be ignored by DNSdist’s filtering rules, but will be rewritten as a valid OPT record when EDNS Client Subnet is inserted, causing the backend to see the EDNS options that DNSdist did not filter...

3.7CVSS0.00162EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/25 12:24 p.m.7 views

CVE-2026-42004

An attacker can send a crafted EDNS OPT record that will be ignored by DNSdist’s filtering rules, but will be rewritten as a valid OPT record when EDNS Client Subnet is inserted, causing the backend to see the EDNS options that DNSdist did not filter...

3.7CVSS5.9AI score0.00162EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/06/25 12:24 p.m.6 views

CVE-2026-42004

An attacker can send a crafted EDNS OPT record that will be ignored by DNSdist’s filtering rules, but will be rewritten as a valid OPT record when EDNS Client Subnet is inserted, causing the backend to see the EDNS options that DNSdist did not filter...

3.7CVSS5.9AI score0.00162EPSS
Exploits0
EUVD
EUVD
added 2026/06/25 8:39 a.m.6 views

EUVD-2026-39225

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix sleep-inside-lock in smcsetsockopt causing local DoS A logic flaw in smcsetsockopt allows a local unprivileged user to cause a Denial of Service DoS by holding the socket lock indefinitely. The function smcsetsockopt...

5.9AI score0.00126EPSS
Exploits0References6
CVE
CVE
added 2026/06/25 8:39 a.m.27 views

CVE-2026-53274

CVE-2026-53274 affects the Linux kernel net/smc code. A logic flaw in __smc_setsockopt() allowed a local unprivileged user to cause a Denial of Service by keeping the socket lock held during a copy_from_sockptr() operation. The vulnerability occurs because the copy is performed while holding lock...

5.5CVSS5.9AI score0.00126EPSS
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-52999

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: nfnetlinkosf: fix out-of-bounds read on option matching In nfosfmatch, the nfosfhdrctx structure is initialized once and passed by reference to...

9.1CVSS6AI score0.00521EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.12 views

PT-2026-52513

Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.34.0 pnpm versions prior to 11.4.0 Description pnpm passes the git resolution.commit value from the lockfile to the git fetch command without using a -- separator or performing commit-format validation. When git...

6.4CVSS5.9AI score0.0018EPSS
Exploits1References5
Rows per page
Query Builder