Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1707 matches found

EUVD
EUVDadded 2026/02/28 2:46 a.m.3 views

EUVD-2026-9070

pypdf: Manipulated RunLengthDecode streams can exhaust RAM...

6.9CVSS5.9AI score0.00423EPSS
Exploits0References5
Github Security Blog
Github Security Blogadded 2026/02/28 2:46 a.m.9 views

pypdf: Manipulated RunLengthDecode streams can exhaust RAM

Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream using the RunLengthDecode filter. Patches This has been fixed in pypdf==6.7.4. Workarounds If you cannot upgrade yet, consider applying the changes from PR 36...

6.9CVSS5.8AI score0.00423EPSS
Exploits0References6Affected Software1
CVE
CVEadded 2026/02/27 8:59 p.m.14 views

CVE-2026-28351

CVE-2026-28351 affects pypdf before 6.7.4. An attacker can craft a PDF using a RunLengthDecode content stream to cause excessive memory usage during parsing. Root cause: improper handling of RunLengthDecode in content streams. Impact: potential high memory consumption with low exploit complexity;...

6.9CVSS5.8AI score0.00423EPSS
Exploits0References4Affected Software1
OSV
OSVadded 2026/02/27 8:59 p.m.3 views

CVE-2026-28351 Manipulated RunLengthDecode streams can exhaust RAM

pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.4, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream using the RunLengthDecode filter. This has been fixed in pypdf 6.7.4. As a workaroun...

6.9CVSS5.8AI score0.00423EPSS
Exploits0References6
RedhatCVE
RedhatCVEadded 2026/02/27 4:13 a.m.6 views

CVE-2026-27938

WPGraphQL provides a GraphQL API for WordPress sites. Prior to version 2.9.1, the wp-graphql/wp-graphql repository contains a GitHub Actions workflow release.yml vulnerable to OS command injection through direct use of $ github.event.pullrequest.body inside a run: shell block. When a pull request...

7.7CVSS5.8AI score0.00786EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/02/27 4:13 a.m.6 views

CVE-2026-27941

OpenLIT is an open source platform for AI engineering. Prior to version 1.37.1, several GitHub Actions workflows in OpenLIT's GitHub repository use the pullrequesttarget event while checking out and executing untrusted code from forked pull requests. These workflows run with the security context ...

9.9CVSS5.5AI score0.00395EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/02/26 10:34 p.m.5 views

CVE-2026-27701

LiveCode is an open-source, client-side code playground. Prior to commit e151c64c2bd80d2d53ac1333f1df9429fe6a1a11, LiveCode's i18n-update-pull GitHub Actions workflow is vulnerable to JavaScript injection. The title of the Pull Request associated with the triggering issue comment is interpolated...

8.8CVSS5.8AI score0.0025EPSS
Exploits0References1
OSV
OSVadded 2026/02/26 3:16 p.m.7 views

GHSA-VJQX-CFC4-9H6V mcp-server-git : Path traversal in git_add allows staging files outside repository boundaries

In mcp-server-git versions prior to 2026.1.14, the gitadd tool did not validate that file paths provided in the files argument were within the repository boundaries. The tool used GitPython's repo.index.add, which did not enforce working-tree boundary checks for relative paths. As a result,...

6.4CVSS5.6AI score0.00287EPSS
Exploits0References5
NVD
NVDadded 2026/02/26 2:16 a.m.10 views

CVE-2026-27941

OpenLIT is an open source platform for AI engineering. Prior to version 1.37.1, several GitHub Actions workflows in OpenLIT's GitHub repository use the pullrequesttarget event while checking out and executing untrusted code from forked pull requests. These workflows run with the security context ...

9.9CVSS0.00395EPSS
Exploits1References2
OSV
OSVadded 2026/02/26 1:17 a.m.5 views

CVE-2026-27941 OpenLIT Vulnerable to Remote Code Execution and Secret Exposure via Misuse of `pull_request_target` in GitHub Actions Workflows

OpenLIT is an open source platform for AI engineering. Prior to version 1.37.1, several GitHub Actions workflows in OpenLIT's GitHub repository use the pullrequesttarget event while checking out and executing untrusted code from forked pull requests. These workflows run with the security context ...

9.9CVSS5.7AI score0.00395EPSS
Exploits1References4
Cvelist
Cvelistadded 2026/02/26 1:17 a.m.21 views

CVE-2026-27941 OpenLIT Vulnerable to Remote Code Execution and Secret Exposure via Misuse of `pull_request_target` in GitHub Actions Workflows

OpenLIT is an open source platform for AI engineering. Prior to version 1.37.1, several GitHub Actions workflows in OpenLIT's GitHub repository use the pullrequesttarget event while checking out and executing untrusted code from forked pull requests. These workflows run with the security context ...

9.9CVSS0.00395EPSS
Exploits1References2
EUVD
EUVDadded 2026/02/26 1:17 a.m.4 views

EUVD-2026-8804

OpenLIT is an open source platform for AI engineering. Prior to version 1.37.1, several GitHub Actions workflows in OpenLIT's GitHub repository use the pullrequesttarget event while checking out and executing untrusted code from forked pull requests. These workflows run with the security context ...

9.9CVSS5.6AI score0.00395EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2026/02/26 1:17 a.m.7 views

CVE-2026-27941

OpenLIT is an open source platform for AI engineering. Prior to version 1.37.1, several GitHub Actions workflows in OpenLIT's GitHub repository use the pullrequesttarget event while checking out and executing untrusted code from forked pull requests. These workflows run with the security context ...

9.9CVSS5.6AI score0.00395EPSS
Exploits1References3Affected Software1
CVE
CVEadded 2026/02/26 1:17 a.m.14 views

CVE-2026-27941

OpenLIT prior to v1.37.1 used GitHub Actions workflows that employed pull_request_target to check out and run untrusted code from forks. This created a risk where workflows executed with the security context of the base repository, including a write-privileged GITHUB_TOKEN and sensitive secrets (...

9.9CVSS5.6AI score0.00395EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/02/26 1:10 a.m.1 views

CVE-2026-27938

WPGraphQL provides a GraphQL API for WordPress sites. Prior to version 2.9.1, the wp-graphql/wp-graphql repository contains a GitHub Actions workflow release.yml vulnerable to OS command injection through direct use of $ github.event.pullrequest.body inside a run: shell block. When a pull request...

7.7CVSS6.1AI score0.00786EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2026/02/26 1:10 a.m.23 views

CVE-2026-27938 WPGraphQL Repo Vulnerable to Command Injection via Unsanitized GitHub Actions Expression in Release Workflow

WPGraphQL provides a GraphQL API for WordPress sites. Prior to version 2.9.1, the wp-graphql/wp-graphql repository contains a GitHub Actions workflow release.yml vulnerable to OS command injection through direct use of $ github.event.pullrequest.body inside a run: shell block. When a pull request...

7.7CVSS0.00786EPSS
Exploits0References2
EUVD
EUVDadded 2026/02/26 1:10 a.m.5 views

EUVD-2026-8803

WPGraphQL provides a GraphQL API for WordPress sites. Prior to version 2.9.1, the wp-graphql/wp-graphql repository contains a GitHub Actions workflow release.yml vulnerable to OS command injection through direct use of $ github.event.pullrequest.body inside a run: shell block. When a pull request...

7.7CVSS5.9AI score0.00786EPSS
Exploits0References2
CVE
CVEadded 2026/02/26 1:10 a.m.16 views

CVE-2026-27938

The CVE-2026-27938 entry documents a command injection flaw in the WPGraphQL repository (wp-graphql/wp-graphql) prior to version 2.9.1, stemming from an unsafe use of ${{ github.event.pull_request.body }} inside the release.yml shell run block. When a PR from develop to master is merged, the PR b...

7.7CVSS5.9AI score0.00786EPSS
Exploits0References2
OSV
OSVadded 2026/02/26 1:10 a.m.8 views

CVE-2026-27938 WPGraphQL Repo Vulnerable to Command Injection via Unsanitized GitHub Actions Expression in Release Workflow

WPGraphQL provides a GraphQL API for WordPress sites. Prior to version 2.9.1, the wp-graphql/wp-graphql repository contains a GitHub Actions workflow release.yml vulnerable to OS command injection through direct use of $ github.event.pullrequest.body inside a run: shell block. When a pull request...

7.7CVSS6AI score0.00786EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/02/26 12:0 a.m.6 views

PT-2026-22080

Name of the Vulnerable Software and Affected Versions WPGraphQL versions prior to 2.9.1 Description The WPGraphQL software includes a GraphQL API for WordPress sites. A GitHub Actions workflow file release.yml in the wp-graphql/wp-graphql repository is susceptible to OS command injection. This...

7.7CVSS6.2AI score0.00786EPSS
Exploits0References8
Rows per page
Query Builder