Lucene search
K

164 matches found

EUVD
EUVD
added 2 days ago6 views

EUVD-2026-43277

A vulnerability has been found in yashbhalgat HashNeRF-pytorch up to 82885e698295982504eb6a26d060a6b2473e3706. Affected by this issue is the function torch.load of the file runnerf.py of the component Checkpoint File Handler. The manipulation of the argument ckptpath leads to deserialization. The...

5.3CVSS5.6AI score0.00121EPSS
Exploits0References7
CVE
CVE
added 2026/06/18 9:18 p.m.24 views

CVE-2026-8100

CVE-2026-8100 affects Chef 360. The issue arises from improper handling of URL-encoded paths during request processing, allowing an authenticated request to bypass standard access controls and access higher-privilege API endpoints under certain conditions. Impact is deployment/configuration depen...

9.4CVSS5.2AI score0.00401EPSS
Exploits0References1
OSV
OSV
added 2026/06/15 3:34 p.m.5 views

SUSE-SU-2026:2400-1 Security update for kubevirt

This update for kubevirt fixes the following issues: Update to version 1.7.4, fixes various go embedded security issues: - CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents bsc1251420. - CVE-2025-47913: golang.org/x/crypto/ssh/agent:...

9.9CVSS7.8AI score0.01557EPSS
Exploits3References15
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.11 views

CVE-2026-9550

A vulnerability was determined in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. Affected by this issue is some unknown functionality of the file /SubstationWEBV2/app/..;/main/upfile. Executing a manipulation of the argument path can lead to path traversal...

7.5CVSS6.8AI score0.00519EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 9:24 a.m.35 views

CVE-2026-45842 slip: reject VJ receive packets on instances with no rstate array

In the Linux kernel, the following vulnerability has been resolved: slip: reject VJ receive packets on instances with no rstate array slhcinit accepts rslots == 0 as a valid configuration, with the documented meaning of 'no receive compression'. In that case the allocation loop in slhcinit is...

0.00114EPSS
Exploits0References8
OSV
OSV
added 2026/05/09 10:58 a.m.2 views

CVE-2026-8187 Open5GS UPF gtp-path.c _gtpv1_u_recv_cb resource consumption

A flaw has been found in Open5GS up to 2.7.7. This impacts the function gtpv1urecvcb of the file src/upf/gtp-path.c of the component UPF. Executing a manipulation can lead to resource consumption. The attack may be performed from remote. The project was informed of the problem early through an...

6.9CVSS5.8AI score0.00635EPSS
Exploits1References7
OSV
OSV
added 2026/05/05 7:53 p.m.20 views

GHSA-CW26-7653-2RP5 exiftool-vendored vulnerable to argument injection via newline characters in tag names

Impact exiftool-vendored starts ExifTool in -stayopen True -@ - mode, where arguments are read from stdin one per line. In affected versions, several caller-supplied strings were interpolated into ExifTool arguments without rejecting line delimiters. A newline or carriage return inside one of tho...

8.2CVSS6.4AI score0.00485EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 3:14 p.m.17 views

Security Bulletin: IBM Quantum Safe Remediator is affected by multiple vulnerabilities

Summary The vulnerabilities are found in the dependent open source libraries used in IBM Quantum Safe Remediator code base. IBM Quantum Safe Remediator has addressed these vulnerabilities by updating the libraries versions. Vulnerability Details CVEID:CVE-2026-33228 DESCRIPTION: flatted is a...

9.8CVSS7.7AI score0.01557EPSS
Exploits6Affected Software1
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.10 views

SourceCodester Pharmacy Sales and Inventory System 注入漏洞

SourceCodester Pharmacy Sales and Inventory System is an open-source medication sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Sales and Inventory System has a SQL injection vulnerability. This vulnerability stems from the saveexpired...

5.8CVSS5.9AI score0.00263EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/24 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-31534

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: smb: client: let senddone handle a completion without IBSENDSIGNALED With smbdirectsendbatch...

5.5AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/23 6:17 a.m.5 views

CVE-2026-34488

IP Setting Software contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges...

7.3CVSS6AI score0.00144EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.6 views

PT-2026-31280

Summary A path handling inconsistency in serveStatic allows protected static files to be accessed by using repeated slashes // in the request path. When route-based middleware e.g., /admin/ is used for authorization, the router may not match paths containing repeated slashes, while serveStatic...

5.3CVSS5.9AI score0.00376EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/04 12:0 a.m.9 views

Electron 代码问题漏洞

Electron is an open-source JavaScript framework developed by users for creating cross-platform desktop applications. This framework is based on Node.js and Chromium, allowing the development of cross-platform desktop applications using HTML and CSS. There were code-related vulnerabilities in...

7.8CVSS5.9AI score0.0013EPSS
Exploits0References1
CVE
CVE
added 2026/03/31 1:56 a.m.66 views

CVE-2026-34054

The CVE-2026-34054 issue affects vcpkg’s Windows OpenSSL builds, where openssldir was set from the build machine. This exposed a path on customer machines that could be attackable. The vulnerability is addressed in vcpkg 3.6.1#3. Affected component: OpenSSL builds within vcpkg’s Windows workflow;...

7.8CVSS5.8AI score0.00715EPSS
Exploits0References3
NVD
NVD
added 2026/03/26 6:16 p.m.8 views

CVE-2026-33490

H3 is a minimal HTTP framework. In versions 2.0.0-0 through 2.0.1-rc.16, the mount method in h3 uses a simple startsWith check to determine whether incoming requests fall under a mounted sub-application's path prefix. Because this check does not verify a path segment boundary i.e., that the next...

5.3CVSS0.00239EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/23 8:25 p.m.4 views

CVE-2026-23482

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the file server endpoint does not perform permission checks on the temp/ path and does not filter path traversal sequences, allowing unauthorized attackers to read arbitrary files on the server. When scheduled backup tasks...

8.2CVSS5.8AI score0.01523EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.11 views

PT-2026-26303

Name of the Vulnerable Software and Affected Versions Salvo versions 0.39.0 through 0.89.2 Description Salvo, a Rust web framework, contains a Path Traversal and Access Control Bypass issue within its salvo-proxy component. An unauthenticated attacker can bypass proxy routing constraints and acce...

7.5CVSS6AI score0.00565EPSS
Exploits1References11
EUVD
EUVD
added 2026/03/18 6:31 p.m.8 views

EUVD-2026-12913

In the Linux kernel, the following vulnerability has been resolved: net/sched: Only allow actct to bind to clsact/ingress qdiscs and shared blocks As Paolo said earlier 1: "Since the blamed commit below, classify can return TCACTCONSUMED while the current skb being held by the defragmentation...

5.7AI score0.00123EPSS
Exploits0References5
NVD
NVD
added 2026/03/12 12:16 a.m.7 views

CVE-2026-3966

A vulnerability was detected in 648540858 wvp-GB28181-pro up to 2.7.4-20260107. Affected by this vulnerability is the function getDownloadFilePath of the file /src/main/java/com/genersoft/iot/vmp/media/abl/ABLMediaNodeServerService.java of the component IP Address Handler. The manipulation of the...

6.5CVSS0.00206EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/09 12:30 a.m.7 views

EUVD-2026-10277

A weakness has been identified in UltraVNC 1.6.4.0 on Windows. This affects an unknown function in the library cryptbase.dll of the component Windows Service. This manipulation causes uncontrolled search path. The attack requires local access. A high degree of complexity is needed for the attack...

7.3CVSS6.7AI score0.00166EPSS
Exploits0References5
Rows per page
Query Builder