Lucene search
K

78 matches found

NVD
NVD
added 4 days ago7 views

CVE-2026-54771

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.3, a Langroid application exposing a chat interface to untrusted users may allow direct tool invocation via raw JSON payloads, even when tools are registered with use=False, handle=True. Version...

8.1CVSS0.00392EPSS
Exploits0References1
OSV
OSV
added 2026/06/22 9:16 p.m.4 views

DEBIAN-CVE-2026-47240

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a "raw data" argument that is sent verbatim after validation to prevent command injection. However, if a server does not support non-synchronizing...

5.8CVSS6AI score0.00491EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 8:17 p.m.24 views

CVE-2026-47240 Net::IMAP: Command Injection via non-synchronizing literal in "raw" argument

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a "raw data" argument that is sent verbatim after validation to prevent command injection. However, if a server does not support non-synchronizing...

5.8CVSS0.00491EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 8:22 p.m.10 views

EUVD-2026-36584

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, ReviewableQueuedPostSerializer unconditionally included payload"rawemail" for posts that arrived via incoming email...

4.3CVSS5.2AI score0.00189EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 6:36 p.m.19 views

GHSA-8P34-64R3-MWG8 Net::IMAP: Command Injection via non-synchronizing literal in "raw" argument

Several Net::IMAP commands accept a "raw data" argument that is sent verbatim after validation to prevent command injection. However, if a server does not support non-synchronizing literals, it may still be possible to inject arbitrary IMAP commands inside non-synchronizing literals. Details Raw...

5.8CVSS5.7AI score0.00491EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.14 views

PT-2026-48340

Name of the Vulnerable Software and Affected Versions Net::IMAP versions prior to 0.6.5 Net::IMAP versions prior to 0.5.15 Description Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Certain commands accept a raw data argument that is sent verbatim after...

5.8CVSS6AI score0.00491EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.14 views

PT-2026-48341

Name of the Vulnerable Software and Affected Versions Net::IMAP versions prior to 0.5.15 Net::IMAP versions prior to 0.6.5 Description Several commands in the Net::IMAP Ruby client accept raw string arguments that are only validated to prevent CRLF injection and are then sent verbatim. An incorre...

2.1CVSS5.9AI score0.00239EPSS
Exploits0References7
RubySec
RubySec
added 2026/06/09 12:0 a.m.12 views

Net::IMAP: Denial of Service via incomplete raw argument validation

Summary Several Net::IMAP commands accept a raw string argument which is only validated to prevent CRLF injection and then sent verbatim. If this string is derived from user-controlled input, an attacker can force the next command to be absorbed as a continuation of the first command. This will...

2.1CVSS5.7AI score0.00239EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/06/09 12:0 a.m.11 views

Net::IMAP: Command Injection via non-synchronizing literal in "raw" argument

Several Net::IMAP commands accept a "raw data" argument that is sent verbatim after validation to prevent command injection. However, if a server does not support non-synchronizing literals, it may still be possible to inject arbitrary IMAP commands inside non-synchronizing literals. Details Raw...

5.8CVSS5.7AI score0.00491EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/05 4:42 p.m.9 views

GHSA-RM5C-5X2P-48WR Klever-Go KVM: Unauthenticated remote node crash (nil-pointer DoS) in klever-go P2P transaction interceptor (txVersionChecker nil RawData) - potential chain halt

Summary Every transaction gossiped on the klever-go P2P network is decoded and validated synchronously inside the libp2p pubsub topic-validator callback. The validator txVersionChecker.CheckTxVersion dereferences tx.RawData.Version with no nil check. A protobuf Transaction whose embedded RawData...

7.5CVSS5.5AI score0.00058EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/05 4:42 p.m.16 views

Klever-Go KVM: Unauthenticated remote node crash (nil-pointer DoS) in klever-go P2P transaction interceptor (txVersionChecker nil RawData) - potential chain halt

Summary Every transaction gossiped on the klever-go P2P network is decoded and validated synchronously inside the libp2p pubsub topic-validator callback. The validator txVersionChecker.CheckTxVersion dereferences tx.RawData.Version with no nil check. A protobuf Transaction whose embedded RawData...

5.5AI score0.00058EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.13 views

PT-2026-48345

Summary Every transaction gossiped on the klever-go P2P network is decoded and validated synchronously inside the libp2p pubsub topic-validator callback. The validator txVersionChecker.CheckTxVersion dereferences tx.RawData.Version with no nil check. A protobuf Transaction whose embedded RawData...

7.5CVSS5.5AI score0.00058EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/05/19 10:44 a.m.9 views

CVE-2026-43492

In the Linux kernel, the following vulnerability has been resolved: lib/crypto: mpi: Fix integer underflow in mpireadrawfromsgl Yiming reports an integer underflow in mpireadrawfromsgl when subtracting "lzeros" from the unsigned "nbytes". For this to happen, the scatterlist "sgl" needs to occupy...

5.5CVSS5.8AI score0.00149EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/05/04 10:4 p.m.10 views

net-imap vulnerable to command Injection via "raw" arguments to multiple commands

Summary Several Net::IMAP commands accept a raw string argument that is sent to the server without validation or escaping. If this string is derived from user-controlled input, it may contain contain CRLF sequences, which an attacker can use to inject arbitrary IMAP commands. Details Net::IMAP's...

9.8CVSS5.6AI score0.00429EPSS
Exploits0References12Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.10 views

PT-2026-37049

Name of the Vulnerable Software and Affected Versions Net::IMAP versions prior to 0.4.24 Net::IMAP versions prior to 0.5.14 Net::IMAP versions prior to 0.6.4 Description Several commands in the Net::IMAP Ruby library accept raw string arguments that are sent to the server without validation or...

9.8CVSS5.9AI score0.00813EPSS
Exploits0References33
RubySec
RubySec
added 2026/05/04 12:0 a.m.12 views

net-imap vulnerable to command Injection via "raw" arguments to multiple commands

Summary Several Net::IMAP commands accept a raw string argument that is sent to the server without validation or escaping. If this string is derived from user-controlled input, it may contain contain CRLF sequences, which an attacker can use to inject arbitrary IMAP commands. Details Net::IMAP's...

9.8CVSS5.9AI score0.00429EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.14 views

PT-2026-34746

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GET /api/v1/public-chatflows/:id endpoint returns the full chatflow object without sanitization for public chatflows. Docker validation revealed this is worse than initially assessed: the...

8.7CVSS5.8AI score0.00421EPSS
Exploits1References2
OSV
OSV
added 2026/03/18 8:7 p.m.3 views

GHSA-VV3X-J2X5-36JC Filament Unvalidated Range and Values summarizer values can be used for XSS

Two Table summarizers Range, Values render raw database values without escaping HTML. If there is a lack of validation for the data in the columns that use these summarizers, an attacker could plant malicious HTML / JavaScript and achieve stored XSS that executes for users who view the table with...

7.3CVSS5.5AI score0.00296EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/03/18 8:7 p.m.5 views

Filament Unvalidated Range and Values summarizer values can be used for XSS

Two Table summarizers Range, Values render raw database values without escaping HTML. If there is a lack of validation for the data in the columns that use these summarizers, an attacker could plant malicious HTML / JavaScript and achieve stored XSS that executes for users who view the table with...

7.3CVSS5.5AI score0.00296EPSS
Exploits0References6Affected Software1
Redos
Redos
added 2026/01/13 12:0 a.m.5 views

ROS-20260113-7352

A vulnerability in the decryptrawdata function in the fs/smb/client/smb2ops.c module of the SMB subsystem of the Linux kernel is related to the reuse of previously freed memory. Exploitation of the vulnerability may allow an intruder to affect confidentiality, integrity and availability of...

7.8CVSS6.5AI score0.00231EPSS
Exploits0
Rows per page
Query Builder