Lucene search
K

1207 matches found

EUVD
EUVD
added 4 days ago5 views

EUVD-2026-43079

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal UI Patterns SDC in Drupal UI allows Stored XSS. This issue affects UI Patterns SDC in Drupal UI versions: from 2.0.0 to 2.0.17...

6.1AI score0.00274EPSS
Exploits0References2
NVD
NVD
added 5 days ago6 views

CVE-2026-15084

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal UI Patterns SDC in Drupal UI allows Stored XSS. This issue affects UI Patterns SDC in Drupal UI versions: from 2.0.0 to 2.0.17...

5.4CVSS0.00274EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-15084 UI Patterns (SDC in Drupal UI) - Moderately critical - Cross site scripting - SA-CONTRIB-2026-075

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal UI Patterns SDC in Drupal UI allows Stored XSS. This issue affects UI Patterns SDC in Drupal UI versions: from 2.0.0 to 2.0.17...

0.00274EPSS
Exploits0References1
CVE
CVE
added 5 days ago9 views

CVE-2026-15084

The issue is a Stored XSS in Drupal UI Patterns (SDC in Drupal UI) caused by insufficient sanitization in versions 2.0.0–2.0.17. An attacker must have permissions to create/update content rendered by UI Patterns. Remediation: upgrade to a version later than 2.0.17.

5.4CVSS6.1AI score0.00274EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-42656

Ruflo is an agent meta-harness for Claude Code and Codex. Prior to 3.16.3, ruflo's default docker-compose deployment exposed the MCP bridge POST /mcp and POST /mcp/:group endpoints without authentication, allowing an unauthenticated network attacker to invoke tools/call to terminalexecute, obtain...

10CVSS6AI score0.00442EPSS
Exploits0References4
Snyk
Snyk
added 6 days ago3 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in FHIRPath expression evaluation. An attacker can exhaust system CPU resources by submitting specially crafted regular expressions th...

8.7CVSS6AI score
Exploits0References2
Schneier on Security
Schneier on Security
added 6 days ago11 views

The Language of AI Could Change How Humans Speak

Because of the way they are trained, large language models capture only a slice of human language. They're trained on the written word, from textbooks to social media posts, and our speech as captured in movies and on television. These models have minimal access to the unscripted conversations we...

5.9AI score
Exploits0
OSV
OSV
added last week4 views

DRUPAL-CONTRIB-2026-075

This module enables you to use Single Directory Components in site building views, field formatters, blocks, layouts and it improves the Developer Experience DX with SDC. The module doesn't sufficiently sanitize the markup passed to components under certain scenarios. This vulnerability is...

5.4CVSS6AI score0.00274EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.19 views

PT-2026-56664

Name of the Vulnerable Software and Affected Versions Drupal UI Patterns SDC in Drupal UI versions 2.0.0 through 2.0.17 Description An issue exists where the module does not sufficiently sanitize markup passed to components in certain scenarios, leading to Stored Cross-site Scripting XSS...

6.1AI score0.00274EPSS
Exploits0References3
OSV
OSV
added 2026/07/06 8:39 p.m.4 views

GHSA-6XC5-4R68-67FC Langroid: SQLChatAgent dangerous-function blocklist can be bypassed with quoted or schema-qualified pg_read_file calls

SQLChatAgent validatequery dangerous-pattern regex is bypassable via quoted/commented/qualified function names Summary The SQLChatAgent SQL-injection mitigation, with default allowdangerousoperations=False, combines a raw-text regex blocklist DANGEROUSSQLPATTERNS with a sqlglot SELECT-only...

9.3CVSS6.2AI score0.00646EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 7:40 p.m.8 views

CVE-2026-59094

Pathway through 0.31.1, fixed in commit d09722e, document store applies a caller-supplied glob pattern to indexed document paths using a hand-written recursive matcher that branches two ways on each token without memoization, giving exponential worst-case complexity. The filepathglobpattern value...

8.7CVSS5.9AI score0.0047EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.14 views

PT-2026-55461

Name of the Vulnerable Software and Affected Versions langroid versions prior to 0.64.0 Description The SQLChatAgent in langroid implements a defense-in-depth layer via the validate query method, which uses a regex blocklist DANGEROUS SQL PATTERNS to prevent the execution of dangerous SQL...

8.7CVSS6.3AI score0.00686EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/29 5:2 a.m.11 views

CVE-2025-71379

A flaw was found in vLLM. Multiple regular expression denial of service ReDoS vulnerabilities exist in versions greater than or equal to 0.6.3 and less than 0.9.0. An attacker can exploit this by submitting crafted input with nested or repeated structures to specific regex patterns within vLLM,...

7.5CVSS5.8AI score0.00321EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-53204

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - firmware: stratix10-rsu: Fix NULL deref on rsusendmsg timeout in probe rsusendmsg can return -ETIMEDOUT when waitforcompletioninterruptibletimeout fires while t...

5.5CVSS6.1AI score0.00107EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/27 7:12 p.m.14 views

Malicious code in ts-ankle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1695e2ffa9252abe1053fc13895a071bd87cb27eb009eeb2262aae1a27da4ea5 On npm install, [email protected] runs a postinstall hook node test.js that executes two hostile flows against the installer's machine without user...

5.8AI score
Exploits0References2
Patchstack
Patchstack
added 2026/06/24 2:50 p.m.6 views

WordPress Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin <= 6.1.4 - Page Builder for Gutenberg Blocks & Patterns <= 6.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Page Builder for Gutenberg Blocks & Patterns plugin = 6.1.4 - Page Builder for Gutenberg Blocks & Patterns = 6.1.4 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Viet Anh Ngo in WordPress Plugin Essential Blocks for Gutenberg versions = 6.1.4...

6.4CVSS5.8AI score0.00193EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/23 4:11 p.m.7 views

MAL-2026-6317 Malicious code in ts-bn-lint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e591f0b407bc22e3abe20da9207df2d2922f75d98ab97aaa62557ca88b8fc349 [email protected] is a credential harvester disguised as a TypeScript/lint utility. index.js defines decodeStr which base64-decodes all operationally...

5.9AI score
Exploits0References2
NVD
NVD
added 2026/06/22 7:17 p.m.10 views

CVE-2026-54300

@astrojs/netlify is an adapter that allows Astro to deploy your hybrid or server rendered site to Netlify. Prior to 7.0.13, @astrojs/netlify converts Astro image.remotePatterns into Netlify Image CDN images.remoteimages regular expressions with broader semantics than Astro's canonical matcher. A...

5.3CVSS0.00187EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 7:17 p.m.13 views

CVE-2026-55443

LangChain is a framework for building agents and LLM-powered applications. Prior to 1.3.9, several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. Affected behaviors include: a file-search...

5.5CVSS0.00157EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/22 5:30 p.m.32 views

CVE-2026-54300 @astrojs/netlify broadens Astro image.remotePatterns in Netlify Image CDN config

@astrojs/netlify is an adapter that allows Astro to deploy your hybrid or server rendered site to Netlify. Prior to 7.0.13, @astrojs/netlify converts Astro image.remotePatterns into Netlify Image CDN images.remoteimages regular expressions with broader semantics than Astro's canonical matcher. A...

5.3CVSS0.00187EPSS
Exploits0References1
Rows per page
Query Builder