Lucene search
K

1059 matches found

OSV
OSV
added 10 hours ago22 views

ROOT-APP-PYPI-CVE-2026-34518 CVE-2026-34518 in rootio-aiohttp - Patched by Root

Root has patched CVE-2026-34518 in the rootio-aiohttp package for Root:PyPI. Multiple fixed versions available...

5.3CVSS5.8AI score0.00337EPSS
Exploits0
CVE
CVE
added 13 hours ago14 views

CVE-2026-59674

CVE-2026-59674 affects openSUSE Tumbleweed surfacing a local privilege escalation in suricata packaging due to a symlink follow vulnerability in the post-install script. Connected details indicate the issue involves the libsuricata8 package (version 8.0.5-2.1 and earlier) and is fixed in 8.0.5-2....

8.5CVSS6.1AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 6 days ago7 views

Important: Red Hat Security Advisory: tomcat9 security, bug fix, and enhancement update

An update for tomcat9 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

7.5CVSS6.2AI score0.21691EPSS
Exploits6References4
Fedora
Fedora
added 6 days ago6 views

[SECURITY] Fedora 44 Update: helm-4.2.2-1.fc44

Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. Use Helm to: - Find and use popular software packaged as Helm Charts to run in Kubernetes - Share your own applications as Helm Charts - Create reproducible builds of your Kubernetes applications -...

8.6CVSS7.1AI score0.00178EPSS
Exploits3
OSV
OSV
added 2026/07/01 6:9 p.m.4 views

SUSE-SU-2026:2723-1 Security update for python311

This update for python311 fixes the following issues: Security issues fixed: - CVE-2026-3446: base64 decoding stops at first padded quad by default and ignores other information that could be processed bsc1261970. Other updates and bugfixes: - Rewrite structure of Python interpreter packages...

6CVSS5.9AI score0.00188EPSS
Exploits0References4
OSV
OSV
added 2026/06/24 11:4 p.m.8 views

MAL-2026-6424 Malicious code in leo-connector-mongo (npm)

The leo-connector-mongo npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the...

6.1AI score
Exploits0References3
OSV
OSV
added 2026/06/15 2:28 p.m.4 views

SUSE-SU-2026:22128-1 Security update for google-guest-agent

This update for google-guest-agent fixes the following issues: Changes in google-guest-agent: Update to version 20260430.00 Update OWNERS 609 Update THIRDPARTYLICENSES to be package specific location. 608 Update dependencies and go version to 1.26.2 607 bsc1265762, CVE-2026-33814 Bump...

9.1CVSS6.4AI score0.01557EPSS
Exploits1References18
OSV
OSV
added 2026/06/12 8:44 a.m.3 views

SUSE-SU-2026:22133-1 Security update for google-guest-agent

This update for google-guest-agent fixes the following issues: Update to version 20260430.00: Update dependencies and go version to 1.26.2 607 bsc1265762, CVE-2026-33814 Bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 604 bsc1260264, CVE-2026-33186 Backport oslogin changes for sles16 to...

9.1CVSS6.5AI score0.01557EPSS
Exploits1References18
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.18 views

AWS Cloud Development Kit 操作系统命令注入漏洞

AWS Cloud Development Kit is an open-source software development framework developed by Amazon Web Services. It is used to define cloud infrastructure in code and configure it using AWS CloudFormation. Versions of the AWS Cloud Development Kit prior to 2.245.0 contained a vulnerability related to...

7.3CVSS5.8AI score0.00936EPSS
Exploits1References1
OSV
OSV
added 2026/06/04 11:43 a.m.18 views

ROOT-APP-PYPI-CVE-2026-41481 CVE-2026-41481 in rootio-langchain-text-splitters - Patched by Root

Root has patched CVE-2026-41481 in the rootio-langchain-text-splitters package for Root:PyPI. Multiple fixed versions available...

6.5CVSS5.8AI score0.0026EPSS
Exploits0
OSV
OSV
added 2026/06/03 7:5 p.m.7 views

ROOT-APP-PYPI-CVE-2026-32874 CVE-2026-32874 in rootio-ujson - Patched by Root

Root has patched CVE-2026-32874 in the rootio-ujson package for Root:PyPI. Multiple fixed versions available...

7.5CVSS5.9AI score0.00479EPSS
Exploits0
SUSE Linux
SUSE Linux
added 2026/06/03 1:58 p.m.8 views

Security update 5.0.8 for Multi-Linux Manager Client Tools

This update fixes the following issues: prometheus-postgresexporter: Security Fixes: CVE-2022-21698: Fixed denial of service using InstrumentHandlerCounter bsc1248699 golang-github-QubitProducts-exporterexporter: Security Fixes: CVE-2022-21698: Fixed denial of service using InstrumentHandlerCount...

7.5CVSS7.2AI score0.05994EPSS
Exploits0References20
OSV
OSV
added 2026/06/03 1:58 p.m.8 views

SUSE-SU-2026:2241-1 Security update 5.0.8 for Multi-Linux Manager Client Tools

This update fixes the following issues: prometheus-postgresexporter: - Security Fixes: - CVE-2022-21698: Fixed denial of service using InstrumentHandlerCounter bsc1248699 golang-github-QubitProducts-exporterexporter: - Security Fixes: - CVE-2022-21698: Fixed denial of service using...

7.5CVSS5.8AI score0.05994EPSS
Exploits0References10
BDU FSTEC
BDU FSTEC
added 2026/06/03 12:0 a.m.6 views

The vulnerability of the gf_odf_ac4_cfg_dsi_v1() function in the MP4Box packaging tool of the GPAC multimedia platform allows a hacker to cause a service failure.

The vulnerability of the gfodfac4cfgdsiv1 function, implemented by the MP4Box component of the GPAC multimedia platform, is related to pointer manipulation. Exploiting this vulnerability could allow an attacker to cause a service failure...

5.5CVSS5.9AI score0.00143EPSS
Exploits0References7Affected Software2
BDU FSTEC
BDU FSTEC
added 2026/06/03 12:0 a.m.2 views

The vulnerability of the dasher_process() function in the MP4Box packaging tool of the GPAC multimedia platform allows a hacker to trigger a service failure.

The vulnerability of the dasherprocess function in the MP4Box packaging tool of the GPAC multimedia platform relates to the possibility of exploiting memory after it is freed. Exploiting this vulnerability could allow an attacker to cause a service failure...

5.5CVSS5.8AI score0.0013EPSS
Exploits0References6Affected Software2
BDU FSTEC
BDU FSTEC
added 2026/06/03 12:0 a.m.4 views

The vulnerability of the m2tsdmx_send_packet() function in the MP4Box packaging tool of the GPAC platform allows a hacker to cause a service failure.

The vulnerability of the m2tsdmxsendpacket function in the MP4Box packaging tool of the GPAC multimedia platform is related to a buffer overflow in the dynamic memory. Exploiting this vulnerability could allow an attacker to cause a service failure...

5.5CVSS6.2AI score0.00158EPSS
Exploits0References7Affected Software2
BDU FSTEC
BDU FSTEC
added 2026/06/03 12:0 a.m.6 views

The vulnerability of the gf_isom_apple_set_tag_ex() function in the MP4Box packaging tool of the GPAC multimedia platform allows a hacker to trigger a service failure.

The vulnerability of the gfisomapplesettagex function in the MP4Box packaging tool of the GPAC multimedia platform is related to pointer manipulation. Exploiting this vulnerability could allow an attacker to cause a service failure...

5.5CVSS5.9AI score0.00143EPSS
Exploits0References7Affected Software2
CVE
CVE
added 2026/06/02 1:41 p.m.38 views

CVE-2026-42795

Gleam: Symlink following in Hex package export vulnerability (CVE-2026-42795) allows embedding files outside the project root into the generated Hex package. Root cause: file collection in compiler-cli/src/fs.rs uses follow_links(true) for publishable directories (e.g., src/, priv/) and add_path_...

5.1CVSS5.9AI score0.00132EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.15 views

PT-2026-45756

Name of the Vulnerable Software and Affected Versions Gleam versions 0.10.0-rc1 through 1.17.0 Description A symlink following issue in the Hex package export allows files outside the project root to be embedded in the generated package tarball. The file collection helpers gleam files, native...

5.1CVSS5.6AI score0.00132EPSS
Exploits0References15
Packet Storm News
Packet Storm News
added 2026/06/01 12:0 a.m.75 views

PyFEX: Uncovering Evasive Python-Based Threats Via Resilient and Exhaustive Path Exploration

The rapid expansion of the Python ecosystem has fueled two distinct but converging threats: adversaries increasingly target the software supply chain via the Python Package Index PyPI, while also building evasive, cross-platform malicious binaries compiled from source code written in Python...

6AI score
Exploits0
Rows per page
Query Builder