Lucene search
K

4386 matches found

OSV
OSV
added 2026/02/23 10:10 p.m.3 views

GHSA-299V-8PQ9-5GJQ New API has Potential XSS in its MarkdownRenderer component

Summary A potential unsafe operation occurs in component MarkdownRenderer.jsx, allowing for Cross-Site ScriptingXSS when the model outputs items containing tag. Details Line 212-231 of MarkdownRenderer.jsx is unsafe, it use dangerouslySetInnerHTML to preview html the model generates. This can...

7.6CVSS5.5AI score0.00222EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/02/20 1:54 a.m.27 views

CVE-2026-26065 calibre: Path Traversal can Lead to Arbitrary File Write and Potential Code Execution

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below are vulnerable to Path Traversal through PDB readers both 132-byte and 202-byte header variants that allow arbitrary file writes with arbitrary extension and arbitrary...

9.3CVSS0.0052EPSS
Exploits1References2
Packet Storm News
Packet Storm News
added 2026/02/18 12:0 a.m.5 views

Arc2Morph: Identity-Preserving Facial Morphing with Arc2Face

Face morphing attacks are widely recognized as one of the most challenging threats to face recognition systems used in electronic identity documents. These attacks exploit a critical vulnerability in passport enrollment procedures adopted by many countries, where the facial image is often acquire...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/13 12:0 a.m.5 views

Assessing Spear-Phishing Website Generation in Large Language Model Coding Agents

Large Language Models are expanding beyond being a tool humans use and into independent agents that can observe an environment, reason about solutions to problems, make changes that impact those environments, and understand how their actions impacted their environment. One of the most common...

5.6AI score
Exploits0
CNNVD
CNNVD
added 2026/02/11 12:0 a.m.6 views

Nsasoft NetShareWatcher 安全漏洞

Nsasoft NetShareWatcher is a security auditing tool developed by the US company Nsasoft. Version 1.5.8.0 of Nsasoft NetShareWatcher contains a security vulnerability. This vulnerability stems from a buffer overflow in the registration name input field, which may cause the application to crash...

7.5CVSS6AI score0.00345EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/02/10 7:33 a.m.6 views

CVE-2025-66594

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Detailed messages are displayed on the error page. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVRN,...

6.9CVSS5.4AI score0.00204EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/02/09 1:41 a.m.6 views

freerdp: FreeRDP: Heap buffer overflow via crafted RDPGFX surface updates leads to denial of service and potential code execution.

A flaw was found in FreeRDP. A malicious server can exploit an out-of-bounds read/write vulnerability in the ClearCodec component by sending crafted RDPGFX surface updates. This can trigger a client-side heap buffer overflow, leading to a crash Denial of Service DoS and potential heap corruption...

9.8CVSS6AI score0.00443EPSS
Exploits1References7
EUVD
EUVD
added 2026/02/04 9:38 p.m.6 views

EUVD-2023-48034

EVE Doesn't Protect Config Partition with Measured Boot...

8.8CVSS8AI score0.00161EPSS
Exploits0References4
OSV
OSV
added 2026/02/04 9:15 p.m.5 views

CVE-2023-38010

IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system...

7.5CVSS5.8AI score0.00292EPSS
Exploits0References1
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.152 views

Ntopng Authentication Bypass

Ntopng, a passive network monitoring tool, contains an authentication bypass vulnerability in ntopng = 4.2 id: CVE-2021-28073 info: name: Ntopng Authentication Bypass author: z3bd severity: critical description: Ntopng, a passive network monitoring tool, contains an authentication bypass...

9.8CVSS9.2AI score0.14195EPSS
Exploits1References3
CVE
CVE
added 2026/02/03 5:48 p.m.16 views

CVE-2025-52626

Affected product : HCL AION (AI lifecycle management platform). Vulnerability : Command injection vulnerability that can be exploited to execute arbitrary commands on the underlying system. Root cause / context : Descriptions indicate a command injection issue in HCL AION; specific technical root...

9.8CVSS5.5AI score0.00583EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 5:42 p.m.8 views

Compressing Vulnerable to Arbitrary File Write via Symlink Extraction

Arbitrary File Write via Symlink Extraction in github.com/node-modules/compressing Brief Introduction The compressing npm package extracts TAR archives while restoring symbolic links without validating their targets. By embedding symlinks that resolve outside the intended extraction directory, an...

8.4CVSS5.8AI score0.00334EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/30 10:7 p.m.4 views

CVE-2020-37025 Port Forwarding Wizard 4.8.0 - Buffer Overflow

Port Forwarding Wizard 4.8.0 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code through a long request in the Register feature. Attackers can craft a malicious payload with an egg tag and overwrite SEH handlers to potentially execute shellcode on...

8.4CVSS6.3AI score0.00157EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/29 2:28 p.m.5 views

EUVD-2020-30906

Gnome Fonts Viewer 3.34.0 contains a heap corruption vulnerability that allows attackers to trigger an out-of-bounds write by crafting a malicious TTF font file. Attackers can generate a specially crafted TTF file with an oversized pattern to cause an infinite malloc loop and potentially crash th...

8.4CVSS5.9AI score0.00411EPSS
Exploits0References4
OSV
OSV
added 2026/01/27 3:15 p.m.5 views

AZL-76545 CVE-2026-1489 affecting package glib 2.78.6-7

A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds write...

5.4CVSS5.8AI score0.00325EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/01/26 12:0 a.m.5 views

RHEL 9 : gnupg2 (RHSA-2026:1230)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:1230 advisory. The GNU Privacy Guard GnuPG or GPG is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Securi...

7.8CVSS6.3AI score0.00129EPSS
Exploits1References4
NVD
NVD
added 2026/01/20 10:16 p.m.12 views

CVE-2026-21987

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

8.2CVSS0.00196EPSS
Exploits0References1
OSV
OSV
added 2026/01/20 10:16 p.m.10 views

UBUNTU-CVE-2026-21988

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

8.2CVSS5.8AI score0.00196EPSS
Exploits0References3
OSV
OSV
added 2026/01/20 10:15 p.m.5 views

CVE-2026-21957

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.14 and 7.2.4. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to...

7.5CVSS5.8AI score0.00212EPSS
Exploits1References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/20 6:13 a.m.6 views

Malicious code in webmd-debug (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5693e1af021faa1bcf410e9bdf757b9deebbae4505daa969275ef365e719227 The package webmd-debug was found to contain malicious code. Source: ghsa-malware b74e0fa5da459a8e2a346f0ad74dcf61ebdf972a7840b7f61292e46ea5aa58db An...

5.5AI score
Exploits0References1
Rows per page
Query Builder