Lucene search
K

161065 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/19 4:59 p.m.12 views

CVE-2026-49260

PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.5.1, pontedilana/php-weasyprint builds the shell command for WeasyPrint by passing the binary path through escapeshellarg first and then checking the quoted result with isexecutable. On POSIX...

8.2CVSS5.9AI score0.00154EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/19 3:46 p.m.9 views

CVE-2026-41568

A flaw was found in the Moby container framework. A race condition during the docker cp mount setup allows a malicious container to create empty files or directories at arbitrary locations on the host filesystem. This vulnerability can lead to a denial of service by filling up disk space or...

6.1CVSS5.9AI score0.00108EPSS
Exploits0References4
OSV
OSV
added 2026/06/19 3:11 p.m.8 views

GHSA-VMHF-C436-HXJ4 JupyterLab: Stored XSS in extension manager through package metadata unsanitized URI protocol

A malicious PyPI package can place a javascript: URL in its project.urls metadata. JupyterLab's Extension Manager renders this as the extension's home-page link without validating the protocol, so a user who clicks the extension name executes attacker-controlled JavaScript in the JupyterLab origi...

5.1CVSS5.9AI score
Exploits0References5
OSV
OSV
added 2026/06/19 3:0 p.m.5 views

GHSA-2H46-9X5W-4WF7 Entire CLI: Path traversal in checkpoint session metadata allows arbitrary file write during resume/rewind

Impact A path traversal vulnerability in Entire CLI allows an attacker with push access to the checkpoints repository to craft malicious checkpoint metadata that causes entire session resume or entire checkpoint rewind to write attacker-controlled transcript data outside of the expected session...

6.2CVSS6.1AI score
Exploits0References4
OSV
OSV
added 2026/06/19 2:35 p.m.6 views

GHSA-VM85-HXW5-5432 guzzlehttp/psr7: CRLF Injection in HTTP Start-Line Serialization

Impact guzzlehttp/psr7 did not reject CR/LF characters in certain first-party HTTP start-line fields: the request method, protocol version, and response reason phrase. If an application placed attacker-controlled data into one of those fields and later serialized the PSR-7 message as raw HTTP/1.x...

4.8CVSS5.8AI score0.00158EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/19 2:34 p.m.9 views

EUVD-2026-37758

undici vulnerable to Set-Cookie SameSite attribute downgrade via permissive substring matching...

3.7CVSS5.8AI score0.00248EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/19 2:20 p.m.9 views

undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse

Impact When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, regardless of the intended destination. This cause...

8.8CVSS6.4AI score0.00277EPSS
Exploits0References5Affected Software1
Microsoft CVE
Microsoft CVE
added 2026/06/19 2:0 p.m.8 views

Chromium: CVE-2026-12464 Use after free in Browser

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.3CVSS5.8AI score0.00222EPSS
Exploits0
OSV
OSV
added 2026/06/19 1:11 p.m.5 views

ROOT-OS-DEBIAN-11-CVE-2023-34152 CVE-2023-34152 in rootio-imagemagick - Patched by Root

Root has patched CVE-2023-34152 in the rootio-imagemagick package for Root:Debian:11. Multiple fixed versions available...

9.8CVSS5.4AI score0.08011EPSS
Exploits3
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.22 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net/sched: flower: fix filter idr initialization The referenced commit moved the idr initialization too early in flchange, which allows concurrent users to access the filter that is still being initialized and is in an inconsiste...

5.2AI score0.00155EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Git

Git is an open-source distributed revision control system. In affected versions of Git, a specially crafted repository containing symbolic links and files processed by clean/smudge filters like Git LFS may cause a just-checked-out script to be executed when cloning to a case-insensitive file syst...

8CVSS7AI score0.88644EPSS
Exploits5References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.0 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: net: sched: Disallow replacing of child qdisc from one parent to another. Lion Ackermann was able to create a Use-after-Allocation UAF that can be exploited for privilege escalation using the following scripts: Step 1: Create ...

7.8CVSS6.5AI score0.00218EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.1 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fixed handling of PTE markers in hugetlbchangeprotection The patch series “mm/hugetlb: uffd-wp fixes for hugetlbchangeprotection”. While testing virtio-mem and background snapshots using uffd-wp on hugetlb in QEMU, I...

5.5CVSS6AI score0.0015EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Audit: Added fchmodat2 to the “change attributes” class. fchmodat2, introduced in version 6.6, is currently not included in the “change attributes” class of audit. Calling fchmodat2 to change a file’s attributes in the same way a...

5.5CVSS5.3AI score0.00124EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in jqueryui

jQuery UI is a collection of user interface interactions, effects, widgets, and themes built upon jQuery. Versions prior to 1.13.2 may be vulnerable to cross-site scripting attacks. Initializing a checkboxradio widget within an input enclosed within a label can cause the content of that parent...

6.1CVSS6.3AI score0.01933EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Networks: Ethernet; mtkethsoc: fixed the issue of PPE hanging. A patch to resolve this issue was found in MediaTek’s GPL-licensed SDK. In the mtkppestop function, the PPE scan mode is not disabled before disabling the PPE. This...

5.5CVSS5.6AI score0.00223EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol. Clients that rely on FreeRDP before version 3.5.1 are vulnerable to out-of-bounds read attacks if nWidth == 0 and nHeight == 0. Version 3.5.1 includes a patch for this issue. There are no known workarounds available...

9.8CVSS7.2AI score0.01193EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Ruby 2.5

REXML is an XML toolkit for Ruby. The REXML gem before version 3.2.6 has a denial-of-service vulnerability when it parses an XML document with many tags in an attribute value. Users who need to parse untrusted XMLs may be affected by this vulnerability. The REXML gem version 3.2.7 or later includ...

5.3CVSS6.5AI score0.02064EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Ruby 2.5

REXML is an XML toolkit for Ruby. The REXML gem version 3.3.2 has a DoS vulnerability when it parses an XML document that contains many entity expansions using SAX2 or the pull parser API. The REXML gem versions 3.3.3 and later include a patch to fix this vulnerability...

7.5CVSS6.5AI score0.01192EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, deleting offscreen bitmaps caused gdi-drawing to point to freed memory, leading to UAF when related update packets arrived. A malicious server could trigger client-side use after the objects were freed,...

9.8CVSS5.9AI score0.00402EPSS
Exploits1References2
Rows per page
Query Builder