Lucene search
K

8 matches found

Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-52182

Name of the Vulnerable Software and Affected Versions OliveTin affected versions not specified Description The filterToDefinedArgumentsOnly function in the executor fails to properly restrict arguments, allowing any argument starting with the ot prefix to bypass input filtering. While the system ...

4.3CVSS6.1AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.22 views

PT-2026-50078

Name of the Vulnerable Software and Affected Versions LangGraph Python SDK versions prior to 0.3.15 Description Unsafe URL path construction occurs due to unsanitized caller-supplied identifier values used in HTTP request paths for resource operations. Identifiers containing characters with speci...

4.2CVSS5.9AI score0.00216EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/05/20 3:2 a.m.9 views

SUSE CVE-2025-4922

Nomad Community and Nomad Enterprise “Nomad” prefix-based ACL policy lookup can lead to incorrect rule application and shadowing. This vulnerability, identified as CVE-2025-4922, is fixed in Nomad Community Edition 1.10.2 and Nomad Enterprise 1.10.2, 1.9.10, and 1.8.14...

8.1CVSS6AI score0.00484EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/05/12 12:0 a.m.12 views

Reconstruction of Personally Identifiable Information from Supervised Finetuned Models

Supervised Finetuning SFT has become one of the primary methods for adapting a large language model LLM with extensive pre-trained knowledge to domain-specific, instruction-following tasks. SFT datasets, composed of instruction-response pairs, often include user-provided information that may...

5.8AI score
Exploits0
Cvelist
Cvelist
added 2026/04/21 7:34 p.m.36 views

CVE-2026-40876 SFTP root escape via prefix-based path validation in goshs

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs contains an SFTP root escape caused by prefix-based path validation. An authenticated SFTP user can read from and write to filesystem paths outside the configured SFTP root, which breaks the intended jail boundary and can...

8.7CVSS0.00439EPSS
Exploits1References1
Snyk
Snyk
added 2026/03/30 2:12 p.m.6 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper ordering of URL validation and normalization. The renderer validates link destinations using a prefix-based check IsDangerousURL before resolving HTML entities. This allows an attacker to bypass...

6.1CVSS5.9AI score0.00287EPSS
Exploits0References2
OSV
OSV
added 2026/03/13 9:11 a.m.9 views

EEF-CVE-2026-23942 SFTP root escape via component-agnostic prefix check in ssh_sftpd

Summary Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses...

5.3CVSS5.8AI score0.00363EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/14 7:25 p.m.7 views

CVE-2025-68949

n8n is an open source workflow automation platform. From 1.36.0 to before 2.2.0, the Webhook node’s IP whitelist validation performed partial string matching instead of exact IP comparison. As a result, an incoming request could be accepted if the source IP address merely contained the configured...

5.3CVSS6.5AI score0.00253EPSS
Exploits0References1
Rows per page
Query Builder