Lucene search
+L

387 matches found

NVD
NVD
added 2 days ago6 views

CVE-2026-15449

A time-of-check to time-of-use TOCTOU flaw in the illumos data-link pseudo-driver dld affects handling of the DLDIOCGETMACPROP and DLDIOCSETMACPROP ioctls on /dev/dld. drviocpropcommon in usr/src/uts/common/io/dld/dlddrv.c copies the dldiocmacpropt ioctl header in once to read its prvalsize field...

5.8CVSS0.00084EPSS
Exploits0References3
CVE
CVE
added 3 days ago9 views

CVE-2026-55576

The CVE-2026-55576 entry concerns MaaAssistantArknights. In the dev-v2 workflow, the string from github.event.pull_request.title was inlined into a run: shell command in .github/workflows/release-preparation.yml for PRs opened, reopened, or ready_for_review. A non-draft fork PR with a title start...

8.8CVSS6.2AI score0.00297EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago4 views

EUVD-2025-210472

A reachable assertion vulnerability exists in the Matter SDK connectedhomeip before 1.4.0, in the interaction model command processing logic. When an InvokeCommandRequest is sent to a nonexistent endpoint and cluster e.g., 0x34, the code incorrectly treats the endpoint as valid due to missing...

7.5CVSS6.1AI score0.0035EPSS
Exploits1References4
NVD
NVD
added 2026/07/06 1:16 a.m.9 views

CVE-2026-14784

A vulnerability was identified in vxcontrol PentAGI up to 2.1.0. This affects an unknown function of the file backend/pkg/docker/client.go of the component Docker API. The manipulation leads to sandbox issue. The attack may be initiated remotely. The pull request to fix this issue awaits acceptan...

6.5CVSS0.00228EPSS
Exploits0References7
CVE
CVE
added 2026/06/29 6:30 a.m.22 views

CVE-2026-13543

Documenso (up to v2.11.0) is affected by a vulnerability in the Google OAuth Login flow. The issue resides in the file packages/auth/server/lib/utils/handle-oauth-callback-url.ts and is triggered by manipulation of the OAuth callback URL, leading to improper authentication. The flaw can be exploi...

6.3CVSS5.6AI score0.00364EPSS
Exploits0References7
OSV
OSV
added 2026/06/26 8:17 p.m.5 views

UBUNTU-CVE-2026-53319

In the Linux kernel, the following vulnerability has been resolved: blk-wbt: remove WARNONONCE from wbtinitenabledefault wbtinitenabledefault uses WARNONONCE to check for failures from wbtalloc and wbtinit. However, both are expected failure paths: - wbtalloc can return NULL under memory pressure...

5.5CVSS5.8AI score0.001EPSS
Exploits0References5
NVD
NVD
added 2026/06/23 4:17 p.m.14 views

CVE-2026-56696

OpenHarness /issue and /prcomments slash commands lack remoteinvocable=False protection, allowing remote channel senders to write attacker-controlled Markdown into project context files. Admitted remote attackers can inject malicious content into .openharness/issue.md and .openharness/prcomments....

5.4CVSS0.00216EPSS
Exploits0References3
OSV
OSV
added 2026/06/23 3:36 p.m.3 views

CVE-2026-56696 OpenHarness - Prompt Injection via /issue and /pr_comments Slash Commands

OpenHarness /issue and /prcomments slash commands lack remoteinvocable=False protection, allowing remote channel senders to write attacker-controlled Markdown into project context files. Admitted remote attackers can inject malicious content into .openharness/issue.md and .openharness/prcomments....

5.3CVSS6AI score0.00216EPSS
Exploits0References6
OSV
OSV
added 2026/06/04 3:52 p.m.8 views

MINI-W329-PR28-V44X

Bulletin has no description...

5.3CVSS5.2AI score0.0037EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/04 12:30 p.m.46 views

CVE-2026-10807 mjperpinosa stumasy change_profile_image.php unrestricted upload

A vulnerability was determined in mjperpinosa stumasy. The impacted element is an unknown function of the file application/PHP/objects/profiles/changeprofileimage.php. Executing a manipulation of the argument prprofileimage can lead to unrestricted upload. The attack may be launched remotely. The...

6.5CVSS0.00209EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/04 12:30 p.m.12 views

EUVD-2026-34253

A vulnerability was determined in mjperpinosa stumasy. The impacted element is an unknown function of the file application/PHP/objects/profiles/changeprofileimage.php. Executing a manipulation of the argument prprofileimage can lead to unrestricted upload. The attack may be launched remotely. The...

6.5CVSS5.6AI score0.00209EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/02 1:30 a.m.12 views

CVE-2026-10565 Open5GS NGAP Handover gmm-sm.c gmm_state_security_mode race condition

A security flaw has been discovered in Open5GS up to 2.7.6. The impacted element is the function gmmstatesecuritymode of the file src/amf/gmm-sm.c of the component NGAP Handover. Performing a manipulation results in race condition. The attack can be initiated remotely. The complexity of an attack...

3.1CVSS5AI score0.00224EPSS
Exploits0References8
CVE
CVE
added 2026/05/26 3:49 p.m.25 views

CVE-2026-44723

CVE-2026-44723 affects Vowpal Wabbit. The issue arises in the GitHub workflow .github/workflows/python_checks.yml where the PR title ({{ github.event.pull_request.title }}) is directly embedded inside double-quoted bash strings in four steps across four jobs, passing it as a CLI argument to run_t...

9.9CVSS6.1AI score0.00469EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.16 views

PT-2026-43379

A weakness has been identified in ThingsBoard up to 4.3.1.1. Affected by this vulnerability is the function getGatewayDockerComposeFile of the file /api/v1/provision of the component YAML Handler. This manipulation causes code injection. It is possible to initiate the attack remotely. The attack'...

5.1CVSS5.2AI score0.00219EPSS
Exploits0References6
NVD
NVD
added 2026/05/22 11:16 a.m.12 views

CVE-2026-4646

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate user-supplied input in API request handlers which allows an authenticated attacker to crash the plugin process via a crafted HTTP request to the PR details endpoint.. Mattermost Advisory ID:...

4.3CVSS0.0025EPSS
Exploits0References1
OSV
OSV
added 2026/05/22 10:25 a.m.6 views

CVE-2026-4646 Insufficient input validation in GitHub plugin API causes denial of service

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate user-supplied input in API request handlers which allows an authenticated attacker to crash the plugin process via a crafted HTTP request to the PR details endpoint.. Mattermost Advisory ID:...

4.3CVSS5.9AI score0.0025EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.16 views

PT-2026-42748

Name of the Vulnerable Software and Affected Versions Mattermost version 11.6.0 Mattermost version 11.5.3 Mattermost version 11.4.4 Mattermost version 10.11.14 Description Insufficient input validation in the GitHub plugin API request handlers allows an authenticated attacker to cause a denial of...

4.3CVSS5.8AI score0.0025EPSS
Exploits0References10
EUVD
EUVD
added 2026/05/18 12:31 a.m.15 views

EUVD-2026-30714

A vulnerability has been found in vercel ai up to 3.0.97. Impacted is the function run of the file .github/workflows/prettier-on-automerge.yml of the component PR Branch Name Interpolation. The manipulation leads to os command injection. The attack can be initiated remotely. The complexity of an...

5CVSS5AI score0.04261EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/05/17 10:30 p.m.8 views

CVE-2026-8767 vercel ai PR Branch Name Interpolation prettier-on-automerge.yml run os command injection

A vulnerability has been found in vercel ai up to 3.0.97. Impacted is the function run of the file .github/workflows/prettier-on-automerge.yml of the component PR Branch Name Interpolation. The manipulation leads to os command injection. The attack can be initiated remotely. The complexity of an...

5CVSS5.2AI score0.04261EPSS
Exploits1References4
CVE
CVE
added 2026/05/17 10:30 p.m.28 views

CVE-2026-8767

CVE-2026-8767 affects vercel ai up to version 3.0.97. The issue lies in the run function of .github/workflows/prettier-on-automerge.yml within the PR Branch Name Interpolation component, enabling an OS command injection. Attacks can be remote, with high attack complexity and exploitability deemed...

7.5CVSS5.2AI score0.04261EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder