Lucene search
+L

102 matches found

osv
osv
added 6 days ago5 views

CVE-2026-55187 Mailpit: Incomplete SSRF protection in Link Check API via IPv6 transition mechanisms (follow-up to CVE-2026-27808)

Mailpit is an email testing tool and API for developers. Prior to 1.30.2, the remediation shipped for CVE-2026-27808 is incomplete because the tools.IsInternalIP deny-list in internal/tools/net.go relies on Go's standard library classification helpers and does not block IPv6 transition mechanisms...

5.8CVSS6.1AI score0.00282EPSS
Exploits0References5
cvelist
cvelist
added 6 days ago31 views

CVE-2026-55187 Mailpit: Incomplete SSRF protection in Link Check API via IPv6 transition mechanisms (follow-up to CVE-2026-27808)

Mailpit is an email testing tool and API for developers. Prior to 1.30.2, the remediation shipped for CVE-2026-27808 is incomplete because the tools.IsInternalIP deny-list in internal/tools/net.go relies on Go's standard library classification helpers and does not block IPv6 transition mechanisms...

5.8CVSS0.00282EPSS
Exploits0References3
cve
cve
added 6 days ago8 views

CVE-2026-56814

Summary: CVE-2026-56814 affects Plug:Multipart in Elixir’s Plug.Parsers.MULTIPART, where the :length budget is applied only to part body bytes. Part headers are not counted, so requests with many empty-body file parts can slip under the length limit and create a temporary file per part, triggerin...

6.9CVSS6.1AI score0.00579EPSS
Exploits0References9
githubexploit
githubexploit
added 2026/06/20 3:43 a.m.124 views

ghidra-12.1.2-rce-ace-calc-poc

Ghidra 12.1.2 Conditional ACE/RCE Calc PoCs This repository p...

6.5AI score
Exploits0
osv
osv
added 2026/06/18 3:54 p.m.4 views

SUSE-SU-2026:2457-1 Security update for frr

This update for frr fixes the following issue: - CVE-2026-5107: Fixed an improper access controls in EVPN Type-2 Route Handler bsc1261013. - CVE-2026-28532: Harden TE/SR TLV iteration against malformed lengths bsc1263859. - CVE-2026-37457: Fix off-by-one error in FlowSpec operator array bounds...

7.5CVSS5.8AI score0.00389EPSS
Exploits0References9
ossf
ossf
added 2026/06/12 9:31 p.m.15 views

Malicious code in ect-839201 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ac6cc7433a67e0087dfa415071c9338be630c2166cd38ac371afadbdd0161e3 package.json declares a preinstall lifecycle hook that runs node -e "require'http'.get'http://10.107.121.85:8001/callback839201'" on npm install. Thi...

5.4AI score
Exploits0References12
nessus
nessus
added 2026/06/04 12:0 a.m.13 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : FRR vulnerabilities (USN-8376-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8376-1 advisory. It was discovered that FRR incorrectly handled certain OSPF Traffic Engineering and Segment Routing TLVs. An attacker cou...

7.5CVSS5.7AI score0.00389EPSS
Exploits0References5
ubuntu
ubuntu
added 2026/06/03 1:15 p.m.12 views

USN-8376-1: FRR vulnerabilities

It was discovered that FRR incorrectly handled certain OSPF Traffic Engineering and Segment Routing TLVs. An attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service. CVE-2026-28532 It was discovered that FRR incorrectly handled certain BGP FlowSpec component...

7.5CVSS5.5AI score0.00389EPSS
Exploits0
osv
osv
added 2026/06/03 9:45 a.m.5 views

SUSE-SU-2026:22026-1 Security update for frr

This update for frr fixes the following issues: - CVE-2026-5107: Fixed an improper access controls in EVPN Type-2 Route Handler bsc1261013. - CVE-2026-28532: Harden TE/SR TLV iteration against malformed lengths bsc1263859. - CVE-2026-37457: Fix off-by-one error in FlowSpec operator array bounds...

7.5CVSS5.4AI score0.00389EPSS
Exploits0References9
cnnvd
cnnvd
added 2026/06/01 12:0 a.m.13 views

sglang 安全漏洞

SGLang is a programming language and runtime system developed by SGL-project, aimed at accelerating large model inference. Version SGLang 0.5.10.post1 contains a security vulnerability. This vulnerability stems from an unknown function in the Inference HTTP Endpoint component file...

6.3CVSS4.9AI score0.00368EPSS
Exploits0References6
osv
osv
added 2026/05/26 4:16 p.m.9 views

UBUNTU-CVE-2026-48686

FastNetMon Community Edition through 1.2.9 contains a stack-based buffer overflow in the BGP NLRI Network Layer Reachability Information decoder. The function decodebgpsubnetencodingipv4raw in src/bgpprotocol.cpp reads prefixbitlength directly from the BGP packet line 99 without validating it is ...

9.8CVSS6.4AI score0.00565EPSS
Exploits0References8
attackerkb
attackerkb
added 2026/05/26 12:0 a.m.11 views

CVE-2026-48686

FastNetMon Community Edition through 1.2.9 contains a stack-based buffer overflow in the BGP NLRI Network Layer Reachability Information decoder. The function decodebgpsubnetencodingipv4raw in src/bgpprotocol.cpp reads prefixbitlength directly from the BGP packet line 99 without validating it is ...

6.4AI score0.00565EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/05/26 12:0 a.m.19 views

PT-2026-43275

Name of the Vulnerable Software and Affected Versions FastNetMon Community Edition versions prior to 1.2.10 Description Multiple out-of-bounds reads exist in the BGP MP REACH NLRI IPv6 attribute decoder. The decode mp reach ipv6 function in src/bgp protocol.cpp casts raw pointers to structure typ...

7.5CVSS5.9AI score0.00283EPSS
Exploits0References6
osv
osv
added 2026/05/26 12:0 a.m.2 views

CVE-2026-48686

FastNetMon Community Edition through 1.2.9 contains a stack-based buffer overflow in the BGP NLRI Network Layer Reachability Information decoder. The function decodebgpsubnetencodingipv4raw in src/bgpprotocol.cpp reads prefixbitlength directly from the BGP packet line 99 without validating it is ...

9.8CVSS6.5AI score0.00565EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/05/21 12:0 a.m.10 views

PT-2026-42625

Title Unchecked CryptoVec allocation and growth handling was reachable from local agent inputs in current russh releases and from remote SSH traffic in historical pre-0.58.0 releases Summary CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation/locking paths...

7.5CVSS5.9AI score
Exploits0References3
ptsecurity
ptsecurity
added 2026/05/19 12:0 a.m.20 views

PT-2026-42031

Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.33.3 Coder versions prior to 2.32.2 Coder versions prior to 2.31.12 Coder versions prior to 2.30.8 Coder versions prior to 2.29.13 Coder versions prior to 2.24.5 Description An unauthenticated semi-blind Server-Side...

6.5CVSS6AI score0.00335EPSS
Exploits0References17
osv
osv
added 2026/05/15 11:24 a.m.5 views

SUSE-SU-2026:21798-1 Security update for openssh

This update for openssh fixes the following issues Security issues fixed: - CVE-2026-35385: a file downloaded by scp may be installed setuid or setgid bsc1261427. - CVE-2026-35414: mishandling of authorizedkeys principals option bsc1261430. Other issues fixed: - SSH port not reachable on...

8.1CVSS6AI score0.00419EPSS
Exploits0References7
osv
osv
added 2026/05/15 11:24 a.m.5 views

SUSE-SU-2026:21748-1 Security update for openssh

This update for openssh fixes the following issues Security issues fixed: - CVE-2026-35385: a file downloaded by scp may be installed setuid or setgid bsc1261427. - CVE-2026-35414: mishandling of authorizedkeys principals option bsc1261430. Other issues fixed: - SSH port not reachable on...

8.1CVSS6AI score0.00419EPSS
Exploits0References7
osv
osv
added 2026/05/15 11:23 a.m.5 views

OPENSUSE-SU-2026:20757-1 Security update for openssh

This update for openssh fixes the following issues Security issues fixed: - CVE-2026-35385: a file downloaded by scp may be installed setuid or setgid bsc1261427. - CVE-2026-35414: mishandling of authorizedkeys principals option bsc1261430. Other issues fixed: - SSH port not reachable on...

8.1CVSS5.8AI score0.00419EPSS
Exploits0References6
packetstormnews
packetstormnews
added 2026/05/13 12:0 a.m.29 views

No Attack Required: Semantic Fuzzing for Specification Violations in Agent Skills

LLM-powered agents can silently delete documents, leak credentials, or transfer funds on a routine user request, not because the agent was attacked, but because the skill it invoked broke its own declared safety rules. We call these specification violations: benign inputs cause a skill to breach...

5.9AI score
Exploits0
Rows per page
Query Builder