Lucene search
K

54 matches found

Tenable Nessus
Tenable Nessus
added 4 days ago7 views

Linux Distros Unpatched Vulnerability : CVE-2026-54590

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AsyncSSH is a Python package which provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. Versi...

5.9CVSS6.2AI score0.00285EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 5 days ago5 views

Linux Distros Unpatched Vulnerability : CVE-2026-59924

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Include.parse joins and normalizes user-supplied include paths without verifying...

5.9CVSS6.1AI score0.0034EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.19 views

PT-2026-51123

Name of the Vulnerable Software and Affected Versions Symfony UX versions 2.32.0 through 2.36.0 Symfony UX versions 3.0.0 through 3.1.9 Description The ux:install console command installs files from a recipe kit by copying paths listed in a copy-files map. Due to improper validation in...

7.8CVSS6.1AI score0.00146EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/06/10 10:1 p.m.30 views

CVE-2026-47712 Dulwich doesn't sanitize commit subjects in `porcelain.format_patch`

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, dulwich.porcelain.formatpatchoutdir=... derives each patch filename from the commit's subject line. Prior to this fix, getsummary only replaced spaces with dashes ...

3.3CVSS0.00139EPSS
Exploits0References3
Exploit DB
Exploit DB
added 2026/05/29 12:0 a.m.74 views

MikroORM 7.0.13 - SQL Injection

Exploit Title: MikroORM 7.0.13 - SQL Injection Google Dork: N/A Date: 2026-05-27 Exploit Author: cardosource Vendor Homepage: https://mikro-orm.io/ Software Link: https://github.com/mikro-orm/mikro-orm Version: @mikro-orm/knex = 6.6.13 / @mikro-orm/sql = 7.0.13 Tested on: Docker / Debian Bookworm...

7.6CVSS5.8AI score0.01252EPSS
Exploits2
CVE
CVE
added 2026/05/28 2:24 p.m.36 views

CVE-2026-45017

CVE-2026-45017 affects the Python Liquid engine. Before 2.2.0, FileSystemLoader and CachingFileSystemLoader fail to guard against reading files outside the search path when given absolute paths, enabling a malicious template author to load and render arbitrary files via {% include %} and {% rende...

8.2CVSS5.9AI score0.00335EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2026/05/20 4:25 p.m.22 views

Important: Red Hat Security Advisory: rhc-worker-playbook security update

An update for rhc-worker-playbook is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.5CVSS7.3AI score0.00621EPSS
Exploits0References4
OSV
OSV
added 2026/05/19 3:38 p.m.10 views

GHSA-C656-JCX2-7PQJ zrok copy writes attacker-controlled WebDAV paths outside the destination root

Summary Alice runs zrok2 copy from a WebDAV or zrok drive controlled by Bob into a local filesystem target. Bob returns a DAV href such as /../outside.txt. The sync pipeline stores that path in the source inventory and passes it to FilesystemTarget.WriteStream, which joins it with the target root...

8.3CVSS5.8AI score0.00061EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/12 8:21 p.m.7 views

CVE-2026-42888

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the podcast creation endpoint at server/controllers/PodcastController.js accepts a user-controlled file path without sufficient boundary validation to ensure it remains within the intended library directory. This...

6.9CVSS5.8AI score0.00331EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/11 9:9 p.m.36 views

CVE-2026-43888 Outline: Zip Extraction Path Escape via PATH_MAX Truncation in Collection Import

Outline is a service that allows for collaborative documentation. Prior to 1.7.0, ZipHelper.extract computes the extraction path for each entry by passing a full filesystem path through trimFileAndExt, a filename helper that calls path.basename on its input when truncating. When a zip entry's...

8.7CVSS0.00368EPSS
Exploits0References1
CVE
CVE
added 2026/05/11 9:9 p.m.15 views

CVE-2026-43888

CVE-2026-43888 affects the Outline service prior to version 1.7.0. During ZIP extraction, ZipHelper.extract uses trimFileAndExt to compute the entry path; when a nested path plus the basename exceeds MAX_PATH_LENGTH (4096 bytes), directory components are silently dropped, yielding only a bare fil...

8.7CVSS5.8AI score0.00368EPSS
Exploits0References1
OSV
OSV
added 2026/05/08 11:33 p.m.8 views

GHSA-HG3H-G7XC-F7VP view_component: System Test Entry Point Path Check Allows Sibling Directory Escape

Summary The system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path. This is not a safe containment check because sibling directories can share the same string prefix. Severity: Medium; test-rou...

5.9CVSS5.8AI score0.00412EPSS
Exploits1References4
NVD
NVD
added 2026/05/06 9:16 p.m.8 views

CVE-2026-40281

Gotenberg is a Docker-powered stateless API for PDF files. In versions 8.30.1 and earlier, the metadata write endpoint validates metadata keys for control characters but leaves metadata values unsanitized. A newline character in a metadata value splits the ExifTool stdin line into two separate...

10CVSS0.00611EPSS
Exploits1References2
Amazon
Amazon
added 2026/04/14 12:0 a.m.10 views

Medium: runc

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

7.5CVSS5.9AI score0.00728EPSS
Exploits0
Amazon
Amazon
added 2026/04/14 12:0 a.m.15 views

Important: nerdctl

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

9.1CVSS6AI score0.01557EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/04/14 12:0 a.m.11 views

Amazon Linux 2 : docker, --advisory ALAS2DOCKER-2026-108 (ALASDOCKER-2026-108)

"The version of docker installed on the remote host is prior to 25.0.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-108 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On...

9.1CVSS7.1AI score0.01557EPSS
Exploits1References10
Amazon
Amazon
added 2026/04/13 12:0 a.m.6 views

Medium: yq

Issue Overview: The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content. CVE-2025-47911 The html.Parse function in golang.org/x/net/html has an...

7.5CVSS7.2AI score0.00728EPSS
Exploits1
Amazon
Amazon
added 2026/04/13 12:0 a.m.22 views

Medium: docker

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

7.5CVSS7.3AI score0.00728EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.8 views

PT-2026-31994

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.5.128 Description PraisonAI is a multi-agent teams system. The cmd unpack function in the recipe CLI extracts .praison tar archives using tar.extract without validating archive member paths. A malicious .praison...

9.4CVSS5.9AI score0.00379EPSS
Exploits1References11
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.3 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-006607)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006607 advisory. An issue was discovered in fs/iouring.c in the Linux kernel before 5.6. It unsafely handles the root directory during path lookups, and thus a process inside a mount...

6.5CVSS6.8AI score0.00512EPSS
Exploits1References3
Rows per page
Query Builder