Lucene search
+L

3386 matches found

Github Security Blog
Github Security Blog
added 2026/06/23 6:13 p.m.11 views

mise HTTP backend uses raw version path for install symlink destination

Summary The mise HTTP backend builds its install symlink destination from the raw resolved version string for non-latest versions. Normal tool install paths use the sanitized version pathname, but the HTTP backend's symlink path uses the raw value. On Unix-like systems, if that version is an...

5.5CVSS6.1AI score0.00175EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/23 4:52 p.m.9 views

Gogs Vulnerable to Privilege Escalation via Collaboration Access Mode Validation

Summary A repository admin collaborator can escalate their privileges to owner-level access by exploiting an off-by-one error in the ChangeCollaborationAccessMode function. Vulnerable Code In internal/database/repocollaboration.go, line 129: go func r Repository ChangeCollaborationAccessModeuserI...

7CVSS5.9AI score0.00499EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.12 views

PT-2026-53090

Name of the Vulnerable Software and Affected Versions Nmap versions 7.0.0 through 7.99 Description An issue exists in the ipv6 get data primitive function libnetutil/netutil.cc where the IPv6 extension-header walk is not kept within the captured packet. This causes the pointer to advance past the...

6.9CVSS6.6AI score0.00278EPSS
Exploits0References10
NVD
NVD
added 2026/06/22 10:16 p.m.11 views

CVE-2026-55409

Filament is a collection of full-stack components for accelerated Laravel development. From 3.0.0 until 3.3.53, a disabled RichEditor field rendered its raw state without sanitizing HTML. Where the data stored in this field's state isn't sanitized already when the form state was filled, an attack...

7.6CVSS0.00168EPSS
Exploits0References1
OSV
OSV
added 2026/06/22 9:16 p.m.5 views

DEBIAN-CVE-2026-47240

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a "raw data" argument that is sent verbatim after validation to prevent command injection. However, if a server does not support non-synchronizing...

5.8CVSS6AI score0.00491EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 8:17 p.m.50 views

CVE-2026-47240

Summary of CVE-2026-47240 (Net::IMAP, Ruby) : The vulnerability affects Net::IMAP’s IMAP client in Ruby, where several commands accept a “raw data” argument that is validated but could still be exploited if a server does not support non-synchronizing literals. In that case, a server may interpret...

5.8CVSS6AI score0.00491EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 8:17 p.m.25 views

CVE-2026-47240 Net::IMAP: Command Injection via non-synchronizing literal in "raw" argument

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a "raw data" argument that is sent verbatim after validation to prevent command injection. However, if a server does not support non-synchronizing...

5.8CVSS0.00491EPSS
Exploits0References1
OSV
OSV
added 2026/06/22 8:17 p.m.3 views

CVE-2026-47240 Net::IMAP: Command Injection via non-synchronizing literal in "raw" argument

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a "raw data" argument that is sent verbatim after validation to prevent command injection. However, if a server does not support non-synchronizing...

5.8CVSS6AI score0.00491EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/22 8:11 p.m.5 views

CVE-2026-47241

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a raw string argument which is only validated to prevent CRLF injection and then sent verbatim. If this string is derived from user-controlled inpu...

2.1CVSS5.9AI score0.00239EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/22 8:11 p.m.30 views

CVE-2026-47241

Net::IMAP in Ruby (affected: before 0.6.5 and 0.5.15) validates CRLF but may send a user-controlled raw string verbatim, allowing a subsequent command to be absorbed as a continuation of the first. This can cause the first command to fail and block further responses until another command is issue...

2.1CVSS5.9AI score0.00239EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 8:11 p.m.23 views

CVE-2026-47241 Net::IMAP: Denial of Service via incomplete raw argument validation

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a raw string argument which is only validated to prevent CRLF injection and then sent verbatim. If this string is derived from user-controlled inpu...

2.1CVSS0.00239EPSS
Exploits0References1
OSV
OSV
added 2026/06/22 8:11 p.m.3 views

CVE-2026-47241 Net::IMAP: Denial of Service via incomplete raw argument validation

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a raw string argument which is only validated to prevent CRLF injection and then sent verbatim. If this string is derived from user-controlled inpu...

2.1CVSS5.9AI score0.00239EPSS
Exploits0References3
NVD
NVD
added 2026/06/22 6:16 p.m.13 views

CVE-2026-50555

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.16, 20.3.24, and 19.2.25, a Cross-Site Scripting XSS vulnerability exists in @angular/platform-server's DOM emulation dependency domino wh...

8.6CVSS0.00167EPSS
Exploits0References2
CVE
CVE
added 2026/06/22 3:37 p.m.23 views

CVE-2026-50555

Summary: CVE-2026-50555 affects the @angular/platform-server SSR path via the domino DOM emulation dependency. A Unicode index alignment bug in domino’s escaping logic caused astral Unicode characters preceding closing tags (such as,,) to misalign the escape/replacement, leaving the closing tag u...

8.6CVSS6AI score0.00167EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/22 3:37 p.m.4 views

CVE-2026-50555

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.16, 20.3.24, and 19.2.25, a Cross-Site Scripting XSS vulnerability exists in @angular/platform-server's DOM emulation dependency domino wh...

8.6CVSS5.8AI score0.00167EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/06/19 8:46 p.m.7 views

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop through the preamble decode loop in DuplexFramingMiddleware and SingletonFramingMiddleware, with the same end-of-stream handling issue in RawStream.ReadAsyncInternal. An attacker can keep a server connection open...

8.7CVSS5.8AI score0.00476EPSS
Exploits0References2
OSV
OSV
added 2026/06/19 10:13 a.m.4 views

OPENSUSE-SU-2026:21142-1 Security update for perl-Compress-Raw-Zlib

This update for perl-Compress-Raw-Zlib fixes the following issues: Changes in perl-Compress-Raw-Zlib: - updated to 2.222 see /usr/share/doc/packages/perl-Compress-Raw-Zlib/Changes 2.222 27 February 2026 Add SECURITY.md. Fixes 40 Fix spelling typos 2.221 27 February 2026 Merge remote-tracking bran...

9.8CVSS7.2AI score0.00548EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/19 4:31 a.m.13 views

EUVD-2026-37983

The Bogo plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.9.1 via the bogorestcreateposttranslation. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract the raw title, content, excerpt,...

4.3CVSS5.8AI score0.00254EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/06/19 4:31 a.m.8 views

CVE-2026-9013

The Bogo plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.9.1 via the bogorestcreateposttranslation. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract the raw title, content, excerpt,...

4.3CVSS5.8AI score0.00254EPSS
Exploits0References10
OSV
OSV
added 2026/06/18 2:28 p.m.28 views

GHSA-P6GQ-J5CR-W38F Nodemailer: Message-level raw option bypasses disableFileAccess/disableUrlAccess, enabling arbitrary file read and full-response SSRF in the delivered message

Message-level raw option bypasses disableFileAccess / disableUrlAccess, enabling arbitrary file read and full-response SSRF in the sent message - Target: nodemailer/nodemailer, npm nodemailer v9.0.0 HEAD 4e58450eb490e5097a74b2b2cce35a8d9e21856e - Verdict: CONFIRMED local PoC, no network Summary...

7.1CVSS5.6AI score
Exploits0References2
Rows per page
Query Builder