Lucene search
K

1143 matches found

EUVD
EUVD
added 2026/06/22 3:38 p.m.7 views

EUVD-2026-38291

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.16, 20.3.24, and 19.2.25, a Cross-Site Scripting XSS vulnerability exists in @angular/platform-server's DOM emulation dependency domino wh...

8.6CVSS5.9AI score0.00239EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-55748

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a crafted project name with shell metacharacters. NOTE: some...

6CVSS5.8AI score0.0019EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.7 views

Rclone 1.46.x < 1.74.3 Unauthenticated Command Execution

The version of Rclone installed on the remote host is 1.46.x prior to 1.74.3. It is, therefore, affected by an unauthenticated command execution vulnerability: - rclone rcd --rc-serve accepts unauthenticated GET and HEAD requests to paths of the form /remote:path/object. The remote value is parse...

9.8CVSS6AI score0.00701EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/17 6:35 p.m.12 views

OpenStack Horizon RC file generation does not escape special characters in project names

OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a crafted project name with shell metacharacters. NOTE: some parties consider this a security hardening opportunity to address certain types of user error, not a vulnerability...

6CVSS5.3AI score0.0019EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/06/17 2:12 p.m.29 views

CVE-2026-55748

OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a crafted project name with shell metacharacters. NOTE: some parties consider this a security hardening opportunity to address certain types of user error, not a vulnerability...

6CVSS0.0019EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 2:12 p.m.9 views

EUVD-2026-37723

OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a crafted project name with shell metacharacters. NOTE: some parties consider this a security hardening opportunity to address certain types of user error, not a vulnerability...

6CVSS5.4AI score0.0019EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/17 2:12 p.m.11 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the processing of crafted project names containing shell metacharacters during the generation of OpenStack RC files. An attacker can access sensitive information or modify data by tricking a highly privileged user...

7.3CVSS6AI score0.0019EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/17 2:12 p.m.7 views

CVE-2026-55748

OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a crafted project name with shell metacharacters. NOTE: some parties consider this a security hardening opportunity to address certain types of user error, not a vulnerability...

6CVSS5.3AI score0.0019EPSS
Exploits0
OSV
OSV
added 2026/06/16 11:39 p.m.6 views

GHSA-QW24-GH76-8RVV Rclone: Unauthenticated command execution in `rclone rcd --rc-serve` via inline remote instantiation, bypassing CVE-2026-41179 fix

Summary rclone rcd --rc-serve accepts unauthenticated GET and HEAD requests to paths of the form: text /remote:path/object The remote value is parsed from the URL and passed to normal backend initialization. Inline remote configuration can set backend options that execute local commands during...

9.8CVSS6.1AI score0.00701EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 8:55 p.m.13 views

Malicious code in @wacrot/infra-data-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1568dfa61d19a63f6837c4a8c9b5d728401d0f34c87ce3550af594c141a94ac1 On any require or import of @wacrot/infra-data-kit, src/index.js invokes addSupport at module top level, which spawns a detached bash -c 'curl -fsSL...

5.4AI score
Exploits0References8
NVD
NVD
added 2026/06/09 5:16 a.m.14 views

CVE-2026-11623

A security vulnerability has been detected in tmux up to 3.6a. Affected is the function imagefree of the file image.c. Such manipulation leads to use after free. Local access is required to approach this attack. This attack is characterized by high complexity. The exploitability is told to be...

4.5CVSS0.00124EPSS
Exploits0References8
OSV
OSV
added 2026/06/09 5:16 a.m.11 views

UBUNTU-CVE-2026-11623

A security vulnerability has been detected in tmux up to 3.6a. Affected is the function imagefree of the file image.c. Such manipulation leads to use after free. Local access is required to approach this attack. This attack is characterized by high complexity. The exploitability is told to be...

4.5CVSS4.6AI score0.00124EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/06/09 3:15 a.m.36 views

CVE-2026-11623 tmux image.c image_free use after free

A security vulnerability has been detected in tmux up to 3.6a. Affected is the function imagefree of the file image.c. Such manipulation leads to use after free. Local access is required to approach this attack. This attack is characterized by high complexity. The exploitability is told to be...

4.5CVSS0.00124EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/06/09 3:15 a.m.9 views

CVE-2026-11623 tmux image.c image_free use after free

A security vulnerability has been detected in tmux up to 3.6a. Affected is the function imagefree of the file image.c. Such manipulation leads to use after free. Local access is required to approach this attack. This attack is characterized by high complexity. The exploitability is told to be...

4.5CVSS4.6AI score0.00124EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/09 3:15 a.m.13 views

EUVD-2026-35297

A security vulnerability has been detected in tmux up to 3.6a. Affected is the function imagefree of the file image.c. Such manipulation leads to use after free. Local access is required to approach this attack. This attack is characterized by high complexity. The exploitability is told to be...

4.5CVSS4.6AI score0.00124EPSS
Exploits0References8
CVE
CVE
added 2026/06/09 3:15 a.m.40 views

CVE-2026-11623

CVE-2026-11623 affects tmux up to 3.6a. The vulnerability lies in the image_free function in image.c, resulting in a use‑after‑free. Exploitation requires local access and is described as high complexity, with public disclosure of exploits. A fix is available in tmux 3.7-rc; patch hash fc6d94a9f8...

4.5CVSS4.6AI score0.00124EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.17 views

PT-2026-47640

Name of the Vulnerable Software and Affected Versions tmux versions prior to 3.7-rc Description A use after free issue exists in the image free function within the image.c file. This flaw requires local access to exploit and is characterized by high complexity and difficult exploitability...

4.5CVSS4.7AI score0.00124EPSS
Exploits0References17
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-11623

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security vulnerability has been detected in tmux up to 3.6a. Affected is the function imagefree of the file image.c. Such manipulation leads to use after free...

4.5CVSS5.1AI score0.00124EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

WordPress plugin AJAX Report Comments 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

4.3CVSS5.3AI score0.00124EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/08 9:0 a.m.7 views

CVE-2026-11500

A vulnerability was identified in Weaviate up to 1.37.7. This vulnerability affects the function validateConfig of the file usecases/auth/authentication/apikey/client.go of the component Static API Key Handler. The manipulation of the argument StaticApiKey leads to authorization bypass. It is...

5CVSS4.9AI score0.00281EPSS
Exploits0References8
Rows per page
Query Builder