Lucene search
K

28 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/05/01 12:2 p.m.7 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses qs-6.14.1.tgz which is vulnerable to CVE-2026-2391.

Summary IBM Maximo Application Suite - Monitor Component uses qs-6.14.1.tgz which is vulnerable to CVE-2026-2391. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-2391 DESCRIPTION: Summary The arrayLimit option in qs does not enforce limits for...

7.5CVSS7.1AI score0.00478EPSS
Exploits1Affected Software1
GithubExploit
GithubExploit
added 2026/04/18 10:5 a.m.207 views

Exploit for Improper Input Validation in Python

CVE-2023-24329 — Parser Differential Lab Educational use...

7.5CVSS7AI score0.20459EPSS
Exploits3
EUVD
EUVD
added 2026/04/13 4:35 p.m.6 views

EUVD-2026-22026

simple-git Affected by Command Execution via Option-Parsing Bypass...

9.8CVSS5.8AI score0.02712EPSS
Exploits2References4
OSV
OSV
added 2026/04/13 4:35 p.m.9 views

GHSA-JCXM-M3JX-F287 simple-git Affected by Command Execution via Option-Parsing Bypass

Summary simple-git enables running native Git commands from JavaScript. Some commands accept options that allow executing another command; because this is very dangerous, execution is denied unless the user explicitly allows it. This vulnerability allows a malicious actor who can control the...

8.1CVSS6.2AI score0.02712EPSS
Exploits2References7
Github Security Blog
Github Security Blog
added 2026/04/10 7:28 p.m.10 views

PraisonAI: Cross-Origin Agent Execution via Hardcoded Wildcard CORS and Missing Authentication on AGUI Endpoint

Summary The AGUI endpoint POST /agui has no authentication and hardcodes Access-Control-Allow-Origin: on all responses. Combined with Starlette/FastAPI's Content-Type-agnostic JSON parsing, any website a victim visits can silently trigger arbitrary agent execution against a locally-running AGUI...

6.4AI score
Exploits0References3Affected Software1
CVE
CVE
added 2026/04/02 10:30 a.m.22 views

CVE-2026-32145

CVE-2026-32145 affects gleam-wisp wisp. The multipart_body and multipart_headers code paths can bypass configured max_body_size and max_files_size, allowing an unauthenticated attacker to exhaust server memory or disk by sending arbitrarily large multipart form submissions in a single HTTP reques...

8.7CVSS5.9AI score0.00622EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/27 8:39 p.m.7 views

CVE-2026-33885 Statamic has an Open Redirect on unauthenticated endpoints via URL parsing differential

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, the external URL detection used for redirect validation on unauthenticated endpoints could be bypassed, allowing users to be redirected to external URLs after actions like form submissions an...

6.1CVSS5.7AI score0.00177EPSS
Exploits0References3
OSV
OSV
added 2026/02/16 7:49 a.m.8 views

USN-8025-2 dotnet8, dotnet10 vulnerability

USN 8025-1 fixed a vulnerability in .NET. This update provides the corresponding fix for Ubuntu 24.04 LTS. Original advisory details: Kevin Jones discovered that the System.Security.Cryptography.Cose component in .NET did not properly handle certain missing special elements in input data. An...

7.5CVSS5.8AI score0.01015EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/12 4:39 a.m.7 views

CVE-2026-2391 qs's arrayLimit bypass in comma parsing allows denial of service

Summary The arrayLimit option in qs does not enforce limits for comma-separated values when comma: true is enabled, allowing attackers to cause denial-of-service via memory exhaustion. This is a bypass of the array limit enforcement, similar to the bracket notation bypass addressed in...

6.3CVSS5.5AI score0.00478EPSS
Exploits1References2
NVD
NVD
added 2026/01/27 10:15 p.m.10 views

CVE-2026-24779

vLLM is an inference and serving engine for large language models LLMs. Prior to version 0.14.1, a Server-Side Request Forgery SSRF vulnerability exists in the MediaConnector class within the vLLM project's multimodal feature set. The loadfromurl and loadfromurlasync methods obtain and process...

7.1CVSS0.00528EPSS
Exploits1References14
Cvelist
Cvelist
added 2026/01/27 10:1 p.m.27 views

CVE-2026-24779 vLLM vulnerable to Server-Side Request Forgery (SSRF) in `MediaConnector`

vLLM is an inference and serving engine for large language models LLMs. Prior to version 0.14.1, a Server-Side Request Forgery SSRF vulnerability exists in the MediaConnector class within the vLLM project's multimodal feature set. The loadfromurl and loadfromurlasync methods obtain and process...

7.1CVSS0.00528EPSS
Exploits1References3
CVE
CVE
added 2026/01/27 10:1 p.m.24 views

CVE-2026-24779

CVE-2026-24779 is an SSRF vulnerability in vLLM’s MediaConnector. Before version 0.14.1, load_from_url and load_from_url_async fetch media from user-supplied URLs and validate via Python urllib urlparse, while the request is issued with requests/urllib3, whose parsing follows a different standard...

7.1CVSS5.9AI score0.00528EPSS
Exploits1References14Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 9 : python3.11-3.11.2-2.el9.1 (AXSA:2023-6031:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6031:01 advisory. python: urllib.parse url blocklisting bypass CVE-2023-24329 Tenable has extracted the preceding description block directly from the MiracleLinux security...

7.5CVSS7.6AI score0.20459EPSS
Exploits3References2
RedhatCVE
RedhatCVE
added 2026/01/16 10:26 p.m.8 views

CVE-2026-1008

A stored cross-site scripting XSS vulnerability exists in the user profile text fields of Altium 365. Insufficient server-side input sanitization allows authenticated users to inject arbitrary HTML and JavaScript payloads using whitespace-based attribute parsing bypass techniques. The injected...

7.6CVSS5.6AI score0.00208EPSS
Exploits0References1
CVE
CVE
added 2026/01/15 10:24 p.m.26 views

CVE-2026-1008

CVE-2026-1008 describes a stored XSS in Altium 365 profile text fields due to insufficient server-side input sanitization. The vulnerability allows authenticated users to inject arbitrary HTML/JavaScript payloads using whitespace-based attribute parsing bypass techniques. The payload is persisted...

7.6CVSS5.2AI score0.00208EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/21 1:13 a.m.7 views

CVE-2025-64755 @anthropic-ai/claude-code has Sed Command Validation Bypass that Allows Arbitrary File Writes

Claude Code is an agentic coding tool. Prior to version 2.0.31, due to an error in sed command parsing, it was possible to bypass the Claude Code read-only validation and write to arbitrary files on the host system. This issue has been patched in version 2.0.31...

8.7CVSS6.9AI score0.00403EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.4 views

Siemens SIMATIC S7-1500 Server-Side Request Forgery (SSRF) (CVE-2022-27780)

The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a different URL usingthe wrong host name when it is later retrieved.For example, a URL like http://example.com%2F127.0.0.1/, would be allowed bythe parser and get...

7.5CVSS6.7AI score0.02187EPSS
Exploits1References4
Veracode
Veracode
added 2025/11/10 6:49 a.m.10 views

Parameter-parsing Bypass

Rack is vulnerable to a parameter-parsing Bypass. The vulnerability is due to Rack::QueryParser enforcing its paramslimit only for parameters separated by & while still splitting on both & and ;, which allows an attacker to bypass the parameter count limit by using ; separators to submit excessiv...

7.5CVSS6.4AI score0.00535EPSS
Exploits0References4Affected Software2
Amazon
Amazon
added 2025/07/10 12:0 a.m.5 views

Important: firefox

Issue Overview: A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability affects Firefox or tag, potentially making a website vulnerable to a cross-site scripting attack. CVE-2025-6430 Affected Packages: firefox Note: This advisory is applicable to Amazon...

9.8CVSS6.2AI score0.03057EPSS
Exploits0
OSV
OSV
added 2024/03/29 11:7 a.m.2 views

OESA-2024-1334 mod_security security update

This software is also called Modsec,it is an open-source web application firewall. It is designed for Apache HTTP Server.ModSecurity is commonly deployed to provide protections against generic classed of vulnerabilities.The install of this package is easy and you can read the README.TXT for more...

7.5CVSS7AI score0.01169EPSS
Exploits0References2
Rows per page
Query Builder