Lucene search
K

2532 matches found

Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.15 views

PT-2026-51123

Description The ux:install console command installs files from a recipe kit by copying paths listed in a copy-files map. The only guard against malicious paths was Path::isRelative, which returns true for paths like ../../../etc. Path::join then resolves the .. segments without complaint, so the...

7.8CVSS6.1AI score
Exploits0References5
RubySec
RubySec
added 2026/06/19 12:0 a.m.7 views

Concurrent Ruby - ReadWriteLock allows wrong-thread write release and stray read-release counter corruption

Summary Concurrent::ReadWriteLockreleasewritelock does not verify that the calling thread acquired the write lock. Any thread with access to the lock object can release an active write lock held by another thread. A second writer can then enter its critical section while the first writer is still...

9.8CVSS5.9AI score0.0016EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.13 views

PT-2026-50795

Name of the Vulnerable Software and Affected Versions mcp-pinot versions prior to 3.1.0 Description mcp-pinot is a Python-based Model Context Protocol MCP server for interacting with Apache Pinot. The software defaults to running an HTTP MCP server bound to 0.0.0.0:8080 without authentication. Th...

10CVSS5.9AI score0.00498EPSS
Exploits0References15
OSV
OSV
added 2026/06/16 5:34 p.m.6 views

GHSA-9C59-2MVC-VFR8 Langflow: IDOR/BOLA in Monitor API — Missing Ownership Enforcement on 7 Endpoints

Summary Langflow's /api/v1/monitor router exposes 7 endpoints that perform read, write, and delete operations on user-owned resources — messages, sessions, build artifacts, and LLM transaction logs — without verifying that the authenticated requester owns the targeted resource. Any authenticated...

8.8CVSS5.7AI score0.00291EPSS
Exploits1References2
CVE
CVE
added 2026/06/12 9:57 p.m.19 views

CVE-2026-41158

Summary of CVE-2026-41158: The vulnerability concerns GPU DDK where backed sparse PMRs are not handled by the deferred free mechanism after shrink, allowing a non-privileged user to perform GPU system calls that write to arbitrarily freed physical pages. The root cause is that physical memory all...

7.8CVSS5.3AI score0.00118EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 2:50 p.m.13 views

CVE-2026-8828

CVE-2026-8828 describes a lack of authorization validation in ChromaDB Rust (version 1.0.0 and later) that allows any authenticated user to arbitrarily read, write, update, or delete data in any tenant’s collection, regardless of tenant ownership. The core issue is insufficient access control in ...

8.8CVSS5.3AI score0.00279EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 2:46 p.m.9 views

CVE-2026-45830

A lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to...

8.8CVSS5.3AI score0.00345EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 2:46 p.m.42 views

CVE-2026-45830

CVE-2026-45830 affects the ChromaDB Python project (version 0.4.17 and later). The lack of authorization validation allows any authenticated user to arbitrarily read, write, update, or delete data in any tenant’s collection, regardless of tenancy. The vulnerability is described with a CVSS 4.0 ba...

8.8CVSS5.3AI score0.00345EPSS
Exploits0References4Affected Software1
GithubExploit
GithubExploit
added 2026/06/10 3:2 p.m.75 views

Exploit for Out-of-bounds Read in Google Chrome

CVE-2026-11645 - Chrome V8 Out-of-Bounds Read/Write Exploit...

8.8CVSS5.9AI score0.01654EPSS
Exploits4
EUVD
EUVD
added 2026/06/10 2:10 p.m.12 views

EUVD-2025-210107

During an internal security assessment, a potential vulnerability was discovered in some ThinkPad embedded controller firmware that could allow a privileged local user to perform arbitrary reads or writes to privileged memory regions...

8.4CVSS5.6AI score0.00077EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 12:42 p.m.9 views

EUVD-2026-36016

Ghidra before 12.1 contains a heap-use-after-free vulnerability in the decompiler's HighVariable::merge function during the variable merging pass. Attackers can trigger this vulnerability by crafting a binary that causes stale pointers in the HighIntersectTest::highedgemap cache to be dereference...

4.6CVSS5.4AI score0.00144EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/06/10 2:30 a.m.8 views

SUSE CVE-2026-11690

Out of bounds read and write in Media in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

7.5CVSS6AI score0.00214EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/09 8:33 p.m.10 views

EUVD-2026-35828

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access...

8.1CVSS5.5AI score0.0039EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 7:17 p.m.9 views

CVE-2026-10045

Shenzhen Kangda Xin Intelligent Network Technology Company's router, model DR300, version 2.1.2.121, contains hardcoded login credentials and has telnet enabled by default on WAN and LAN interfaces. These vulnerabilities allow attackers to read and write to memory, modify firmware stored in flash...

9.8CVSS0.00209EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 6:9 p.m.8 views

CVE-2026-10045 CVE-2026-10045

Shenzhen Kangda Xin Intelligent Network Technology Company's router, model DR300, version 2.1.2.121, contains hardcoded login credentials and has telnet enabled by default on WAN and LAN interfaces. These vulnerabilities allow attackers to read and write to memory, modify firmware stored in flash...

5.5AI score0.00209EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 12:33 a.m.10 views

EUVD-2026-35216

Out of bounds read and write in Media in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

7.5CVSS6AI score0.00214EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.10 views

Adobe ColdFusion 输入验证错误漏洞

Adobe ColdFusion is a rapid application development platform provided by Adobe Inc. This platform includes an integrated development environment and a scripting language. Versions of Adobe ColdFusion such as 2023.19, 2025.8, and earlier versions have a vulnerability related to input validation...

8.1CVSS5.3AI score0.0039EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/08 11:27 p.m.6 views

CVE-2026-11690

Out of bounds read and write in Media in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

7.5CVSS6AI score0.00214EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/08 11:27 p.m.7 views

CVE-2026-11690

Out of bounds read and write in Media in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6AI score0.00214EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/08 11:27 p.m.42 views

CVE-2026-11645

Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

0.01654EPSS
Exploits4References2
Rows per page
Query Builder