Lucene search
K

1836 matches found

NVD
NVD
added 5 days ago9 views

CVE-2026-58378

Allwinner H616 TV Box TV98 has ADB enabled and exposed to the network on production. An attacker could request for ADB authorization and gain root level privileges if the victim allows access...

8.8CVSS0.00242EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42661

Allwinner H616 TV Box TV98 has ADB enabled and exposed to the network on production. An attacker could request for ADB authorization and gain root level privileges if the victim allows access...

8.8CVSS6AI score0.00242EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 5 days ago14 views

How GitHub gave every repository a durable owner

GitHub has over 14,000 repositories across our primary internal GitHub organization. As of early 2025, there were over 11,000 non-archived repositories, the vast majority of which with no clear owner. For repositories attached to production services, we have historically had robust durable...

6AI score
Exploits0
Snyk
Snyk
added 6 days ago5 views

Arbitrary Code Injection

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Arbitrary Code Injection via the createguardrail, updateguardrail, deleteguardrail, and patchguardrail handlers in the guardrails API. An attacker can upload or modify cust...

7.7CVSS6.3AI score0.00288EPSS
Exploits0References2
CVE
CVE
added 6 days ago7 views

CVE-2026-59821

LiteLLM is a proxy/AI Gateway for LLM API calls. A vulnerability exists in production create/update paths of Custom Code Guardrails before version 1.82.0-stable, where sandboxing/validation was not applied consistently with the test endpoint, allowing a privileged user to submit custom Python cod...

7.2CVSS6AI score0.00288EPSS
Exploits0References3Affected Software1
OSV
OSV
added last week3 views

PYSEC-2026-1059 OpenStack Sushy-Tools and VirtualBMC Improper Preservation of Permissions

An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsupported, production-like configuration."...

5.5CVSS6AI score0.0022EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/07/03 11:3 a.m.10 views

CVE-2026-38969

A flaw was found in WEBrick, a Ruby web server toolkit. This vulnerability allows a remote attacker to perform request smuggling by manipulating the Content-Length header in HTTP/1.1 requests. WEBrick incorrectly re-parses the trailer Content-Length, leading to a desynchronization between the pro...

7.5CVSS5.9AI score0.00352EPSS
Exploits0References6
OSV
OSV
added 2026/07/02 7:3 p.m.3 views

GHSA-QCR8-X557-7CP3 @asymmetric-effort/specifyjs: Production console warnings may leak internal framework state

Finding Location: core/src/core/scheduler.ts:23, core/src/hooks/dispatcher.ts:100, core/src/client/graphql.ts:71 Several console.warn calls are not gated behind DEV and will fire in production builds, potentially exposing internal framework state such as queue sizes, component names, and query...

6.9CVSS5.8AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/30 3:1 a.m.11 views

CVE-2026-50229

A flaw was found in Apache Tomcat. This vulnerability, known as Cross-Site Scripting XSS, allows a remote attacker to inject malicious scripts into the 'number guess example' web page. When other users view the compromised page, these scripts can execute in their web browsers. This could lead to...

6.1CVSS5.8AI score0.00455EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/06/29 5:2 a.m.9 views

CVE-2026-49356

A flaw was found in @babel/core. This vulnerability allows an attacker, who controls the input source code and can read the output, to perform an arbitrary file read. By compiling maliciously crafted code containing a sourceMappingURL comment, the attacker can read any source map file from the...

3.6CVSS6AI score0.00116EPSS
Exploits0References4
OSV
OSV
added 2026/06/26 8:56 p.m.4 views

GHSA-3P34-W4F6-5XH2 better-helperjs Vulnerable to Directory Traversal via String Prefix Bypass in Static Server

Summary A directory traversal vulnerability exists in the production static file server of better-helperjs = 3.0.5. Attackers can read arbitrary files located in adjacent directory structures that share the same string prefix as the intended static root directory. Details The framework utilizes a...

7.5CVSS5.9AI score
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/06/25 12:0 a.m.11 views

VulnCheck KEV: CVE-2026-12569

A critical remote code execution RCE vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data. This advisory also applies to all CPS versions The identified vulnerability also impacts Windchill and...

9.8CVSS6.5AI score0.01247EPSS
In wildExploits0References3
EUVD
EUVD
added 2026/06/24 6:32 p.m.4 views

EUVD-2026-38813

In the Linux kernel, the following vulnerability has been resolved: Revert "wireguard: device: enable threaded NAPI" This reverts commit 933466fc50a8e4eb167acbd0d8ec96a078462e9c which is commit db9ae3b6b43c79b1ba87eea849fd65efa05b4b2e upstream. We have had three independent production user report...

5.8AI score0.00307EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 5:17 p.m.6 views

CVE-2026-52945

In the Linux kernel, the following vulnerability has been resolved: Revert "wireguard: device: enable threaded NAPI" This reverts commit 933466fc50a8e4eb167acbd0d8ec96a078462e9c which is commit db9ae3b6b43c79b1ba87eea849fd65efa05b4b2e upstream. We have had three independent production user report...

7.5CVSS0.00307EPSS
Exploits0References4
OSV
OSV
added 2026/06/24 4:26 p.m.2 views

CVE-2026-52945 Revert "wireguard: device: enable threaded NAPI"

In the Linux kernel, the following vulnerability has been resolved: Revert "wireguard: device: enable threaded NAPI" This reverts commit 933466fc50a8e4eb167acbd0d8ec96a078462e9c which is commit db9ae3b6b43c79b1ba87eea849fd65efa05b4b2e upstream. We have had three independent production user report...

7.5CVSS5.8AI score0.00307EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-51839

Name of the Vulnerable Software and Affected Versions Linux kernel versions 5.15 and 6.1 Description An issue exists in the WireGuard driver where the decryption side can stop working completely for a specific peer under heavy networking load. This occurs when the system is under pressure and the...

7.5CVSS5.7AI score0.00307EPSS
Exploits0References13
NVD
NVD
added 2026/06/22 11:16 p.m.14 views

CVE-2026-54232

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.22.1, the vLLM Dockerfile is vulnerable to a dependency confusion attack through the flashinfer-jit-cache package. The package is installed from a custom index flashinfer.ai/whl/ using --extra-index-url, but the...

8.8CVSS0.00304EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/22 12:27 p.m.10 views

CVE-2026-33245

A flaw was found in React Router. This vulnerability, a type of Cross-Site Scripting XSS, affects applications utilizing React Router's unstable React Server Components RSC APIs. A remote attacker could exploit this by sending untrusted redirects, leading to the execution of malicious scripts in...

8CVSS6AI score0.00188EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.21 views

PT-2026-51418

Name of the Vulnerable Software and Affected Versions vLLM versions prior to 0.22.1 Description vLLM is an inference and serving engine for large language models. The Dockerfile is susceptible to a dependency confusion attack involving the flashinfer-jit-cache package. This occurs because the...

8.8CVSS6.2AI score0.00304EPSS
Exploits1References6
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 5.15

The following vulnerability has been resolved in the Linux kernel: btrfs: fixed an issue with the tree mod log handling of reallocated nodes. We have observed the following panics in production: - Kernel bug at fs/btrfs/tree-mod-log.c:677! - Invalid opcode: 0000 1 SMP - RIP:...

5.5CVSS6.3AI score0.00164EPSS
Exploits0References1
Rows per page
Query Builder