Lucene search
K

6174 matches found

CVE
CVE
added 2026/07/01 9:24 a.m.17 views

CVE-2026-14258

CVE-2026-14258 affects dhcpcd’s IPv6 Neighbor Discovery Router Advertisement processing. A specially crafted IPv6 Router Advertisement with a zero-length ND option bypasses validation during packet storage and is reparsed with inadequate validation, causing the parser to enter a non-advancing loo...

6.5CVSS5.7AI score0.00248EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/30 6:3 p.m.7 views

libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c

A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the --htmlout command line option, causing an application...

7.5CVSS5.9AI score0.02298EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/06/30 5:13 p.m.4 views

libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c

A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the --htmlout command line option, causing an application...

7.5CVSS5.9AI score0.02298EPSS
Exploits1References5
NVD
NVD
added 2026/06/30 10:16 a.m.11 views

CVE-2026-13149

brace-expansion through 5.0.6 is vulnerable to denial of service. The expand function exhibits exponential-time complexity in the number of consecutive non-expanding '' brace groups. An attacker who passes a crafted string to expand, directly or transitively, can cause significant CPU consumption...

8.7CVSS0.00361EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 8:30 a.m.35 views

CVE-2026-13149

brace-expansion through 5.0.6 is vulnerable to denial of service. The expand function exhibits exponential-time complexity in the number of consecutive non-expanding '' brace groups. An attacker who passes a crafted string to expand, directly or transitively, can cause significant CPU consumption...

8.7CVSS0.00361EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 8:30 a.m.60 views

CVE-2026-13149

The CVE-2026-13149 entry concerns the library brace-expansion up to version 5.0.6. The vulnerability is in the expand() function, which exhibits exponential-time complexity proportional to the number of consecutive non-expanding '{}' brace groups. This allows an attacker to craft input that cause...

8.7CVSS5.7AI score0.00361EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/30 6:23 a.m.5 views

CVE-2026-13503

A flaw was found in antlr ANTLR4. A remote attacker can exploit a path traversal vulnerability by manipulating the getImportedVocabFile function within the tokenVocab Grammar Option Handler component. This could allow unauthorized access to sensitive files and directories on the system. Mitigatio...

6.9CVSS5.9AI score0.0055EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/30 12:13 a.m.5 views

ajv: ReDoS via $data reference

A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS Regular Expression Denial of...

7.5CVSS6.4AI score0.00492EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/06/29 6:44 p.m.6 views

CVE-2026-49839

A flaw was found in jq, a command-line JSON processor. This vulnerability allows an attacker to trigger a heap out-of-bounds write by providing a specially crafted, oversized file to the jq --rawfile option. This can lead to a denial of service DoS, making the affected system or application...

7.1CVSS5.7AI score0.00165EPSS
Exploits1References4
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-376 Langflow has Remote Code Execution in CSV Agent

Summary The CSV Agent node in Langflow hardcodes allowdangerouscode=True, which automatically exposes LangChain’s Python REPL tool pythonreplast. As a result, an attacker can execute arbitrary Python and OS commands on the server via prompt injection, leading to full Remote Code Execution RCE...

9.8CVSS7.7AI score0.33694EPSS
Exploits4References6
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-500 pymetasploit3 vulnerable to command injection in console.run_module_with_output()

Command injection vulnerability in console.runmodulewithoutput in pymetasploit3 through version 1.0.6 allows attackers to inject newline characters into module options such as RHOSTS. This breaks the intended command structure and causes the Metasploit console to execute additional unintended...

9.3CVSS6.1AI score0.01923EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/29 7:52 a.m.6 views

vim: arbitrary command execution via modeline sandbox bypass

A flaw was found in Vim. A modeline is used to set specific editor options directly from a text file. However, the complete, guitabtooltip, printheader options and the mapset function lack proper security checks, allowing an attacker to bypass restrictions and cause arbitrary OS command execution...

8.2CVSS6.8AI score0.0047EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-56114

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a one-byte stack out-of-bounds write vulnerability in dhcp6makemessage in src/dhcp6.c that allows...

6.5CVSS6.1AI score0.00175EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-53099

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: Switch CONFIGCFICLANG to CONFIGCFI This was renamed in commit 23ef9d439769 kcfi: Rename CONFIGCFICLANG to CONFIGCFI as it is now a compiler-agnostic option...

6AI score0.00156EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:8 a.m.5 views

netfilter: ip6t_hbh: reject oversized option lists

...

7.1CVSS5.8AI score0.00126EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/06/27 1:55 a.m.9 views

SUSE CVE-2026-49839

jq is a command-line JSON processor. Prior to 1.8.2, jq --rawfile can turn a handled oversized-string error into invalid-state reuse and a real heap out-of-bounds write in assertion-disabled builds. When jvloadfileraw=1 reads an attacker-controlled file, it repeatedly appends file chunks to the...

7.1CVSS5.8AI score0.00165EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/26 11:11 p.m.13 views

EUVD-2026-36191

ImageMagick: Memory Leak in wand option parser when providing invalid arguments...

4CVSS5.8AI score0.0011EPSS
Exploits0References3
OSV
OSV
added 2026/06/26 11:11 p.m.3 views

GHSA-J989-F892-2335 ImageMagick: Memory Leak in wand option parser when providing invalid arguments

When providing invalid options to the wand option parser a small memory leak will occur...

4CVSS5.8AI score0.0011EPSS
Exploits0References4
OSV
OSV
added 2026/06/26 10:11 p.m.3 views

GHSA-X8G9-H984-PC36 PhpWeasyPrint vulnerable to SSRF and local file disclosure via the attachment option

Summary pontedilana/php-weasyprint fetches the content of option values server-side via filegetcontents when the value looks like a URL, without restricting the URL scheme. The attachment option of Pdf is the reachable sink: any value that passes isOptionUrl filtervar..., FILTERVALIDATEURL is...

6.5CVSS6AI score0.00242EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/26 9:31 p.m.9 views

CVE-2026-57234

A flaw was found in Nokogiri, an XML and HTML library for Ruby. The NONET parse option, intended to prevent external resource fetching, was not correctly enforced in the JRuby implementation of Nokogiri::XML::Schema. This oversight could allow a specially crafted XML schema to fetch external...

4.8CVSS5.6AI score0.00166EPSS
Exploits0References4
Rows per page
Query Builder