Lucene search
K

7950 matches found

Circl
Circl
added 2 days ago9 views

CVE-2026-61447

creationtimestamp| type| source ---|---|--- 2026-07-11 14:28:04+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqeup5otvv2b 2026-07-11 14:36:06+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqev5jlzua2c 2026-07-11 15:00:53+00:00| seen|...

10CVSS6.1AI score0.00544EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 3 days ago7 views

CVE-2026-7492

A flaw was found in GitLab. Under certain conditions, an unauthenticated user could determine the existence of a private project. This information disclosure is possible due to improper authorization controls on cross-project reference pages. This vulnerability allows an attacker to gain sensitiv...

5.3CVSS6AI score0.00254EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 4 days ago5 views

CVE-2026-59819

A flaw was found in LiteLLM, a proxy server for Large Language Model LLM APIs. A privileged caller, such as a proxy administrator, with permissions to test model connections, could exploit the /health/testconnection endpoint. By supplying specific environment or OIDC OpenID Connect file reference...

4.9CVSS6AI score0.00278EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 4 days ago4 views

GitLab 9.1 < 18.11.7 / 19.0 < 19.0.4 / 19.1 < 19.1.2 (CVE-2026-7492)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.1 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an...

5.3CVSS6.2AI score0.00254EPSS
Exploits0References5
Snyk
Snyk
added 5 days ago5 views

External Control of File Name or Path

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to External Control of File Name or Path via request-supplied OIDC file references through the /health/testconnection handler in litellm/proxy/healthendpoints/healthendpoints....

6.9CVSS6.2AI score0.00278EPSS
Exploits0References2
NVD
NVD
added 5 days ago6 views

CVE-2026-7492

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.1 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an unauthenticated user to determine the existence of a private project due to improper authorization controls...

5.3CVSS0.00254EPSS
Exploits0References3
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-7492 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.1 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an unauthenticated user to determine the existence of a private project due to improper authorization controls...

4.3CVSS0.00254EPSS
Exploits0References3
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-42406

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.1 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an unauthenticated user to determine the existence of a private project due to improper authorization controls...

4.3CVSS6AI score0.00254EPSS
Exploits0References3
CVE
CVE
added 5 days ago67 views

CVE-2026-7492

GitLab CE/EE vulnerable in all versions before patch levels: 18.11.7 for 9.1–18.11.x, 19.0.4 for 19.0.x, and 19.1.2 for 19.1.x. The issue allowed an unauthenticated user to determine the existence of a private project due to improper authorization controls on cross‑project reference pages. Impact...

5.3CVSS6AI score0.00254EPSS
Exploits0References3Affected Software1
NVD
NVD
added 5 days ago6 views

CVE-2026-58501

Zeep is a Python SOAP client. From 4.0.0 before 4.3.3, Settings.forbidexternal is defined but not enforced when parsing WSDL or XSD documents, allowing transitive xsd:import, xsd:include, wsdl:import, and lxml entity or DTD references to fetch attacker-chosen HTTP or HTTPS URLs. This issue is fix...

5.9CVSS0.00252EPSS
Exploits0References3
CVE
CVE
added 5 days ago9 views

CVE-2026-59819

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.83.10-stable, LiteLLM's /health/testconnection endpoint resolved request-supplied environment and OIDC file references in litellmparams, allowing a proxy administrator or another privileged caller with...

4.9CVSS5.9AI score0.00278EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-59819 LiteLLM: Local file read via request-supplied OIDC file references

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.83.10-stable, LiteLLM's /health/testconnection endpoint resolved request-supplied environment and OIDC file references in litellmparams, allowing a proxy administrator or another privileged caller with...

2.1CVSS0.00278EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 5 days ago5 views

Important: Red Hat Security Advisory: xorg-x11-server-Xwayland security update

An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...

7.8CVSS7AI score0.00165EPSS
Exploits0References10
NVD
NVD
added 5 days ago9 views

CVE-2026-57240

When the application opens a PDF file and JavaScript deletes the PDF fields, the subsequent logic still uses the old field pointers, resulting in invalid pointer references and causing the application to crash...

7.8CVSS0.00128EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago10 views

EUVD-2026-42186

The application opens the PDF file. JavaScript then rewrites the document to modify the page structure, resulting in the invalidation of the page objects. However, the thumbnails still use the invalid page objects, ultimately causing the application to crash...

7.8CVSS6AI score0.00116EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago8 views

CVE-2026-57240

When the application opens a PDF file and JavaScript deletes the PDF fields, the subsequent logic still uses the old field pointers, resulting in invalid pointer references and causing the application to crash...

7.8CVSS6AI score0.00128EPSS
Exploits0References2Affected Software2
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-42199

There is an abnormal annotation within the PDF that is referenced by other objects. When the application parses the PDF, it fails to perform proper type checking, ultimately causing the application to crash...

7.8CVSS6AI score0.00116EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 5 days ago11 views

PT-2026-56353

Name of the Vulnerable Software and Affected Versions Foxit PDF Editor/Reader affected versions not specified Description An issue exists where the application fails to perform proper type checking when parsing a PDF containing an abnormal annotation referenced by other objects. This type confusi...

7.8CVSS6AI score0.00116EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 5 days ago10 views

PT-2026-56339

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A crash occurs when the application opens a PDF file and JavaScript deletes PDF fields. The subsequent logic continues to use old field pointers, leading to...

7.8CVSS6.1AI score0.00128EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-56616

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 9.1 through 18.11.6 GitLab CE/EE versions 19.0 through 19.0.3 GitLab CE/EE versions 19.1 through 19.1.1 Description Improper authorization controls on cross-project reference pages could allow an unauthenticated user to...

5.3CVSS6.1AI score0.00254EPSS
Exploits0References7
Rows per page
Query Builder