Lucene search
K

31476 matches found

OSV
OSV
added 1 hour ago1 views

GHSA-4W3Q-QPFQ-V992 Apollo ConfigService access key authentication bypass via appId parsing and non-canonical matching

Summary Apollo ConfigService may allow unauthorized access to configuration data when AccessKey / management key authentication is enabled and ConfigService accepts a non-canonical appId variant during authentication while downstream request handling resolves it to the protected app. Details...

7.5CVSS
Exploits0References3
OSV
OSV
added 1 hour ago1 views

GHSA-4CHG-4752-W88R NukeViet: Pre-authentication SSRF via X-Forwarded-Host

Summary An unauthenticated attacker can coerce the server into issuing HTTP requests to an attacker-chosen host by spoofing the X Forwarded-Host and X-Forwarded-Proto request headers. The forwarded host is used, without validation, to build the URL that serverinfoupdate fetches with cURL, resulti...

7.2CVSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 3 hours ago1 views

Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities

Summary IBM Guardium Data Security Center has addressed these vulnerabilities with an update. Vulnerability Details CVEID:CVE-2026-41683 DESCRIPTION: i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Prior to version 3.9.3,...

8.9CVSS0.00804EPSS
Exploits1Affected Software1
OSV
OSV
added 4 hours ago1 views

PYSEC-2026-2389 BabelDOC: Arbitrary Code Execution via CMap Pickle Deserialization in babeldoc/pdfminer/cmapdb.py

Arbitrary Code Execution via CMap Pickle Deserialization in babeldoc/pdfminer/cmapdb.py Summary BabelDOC's vendored PDF parser babeldoc/pdfminer/cmapdb.py deserializes untrusted pickle data when loading CMap files. The loaddata method strips only NUL bytes from a PDF-controlled CMap name, then...

7.8CVSS
Exploits0References5
PyPA
PyPA
added 4 hours ago1 views

BabelDOC: Arbitrary Code Execution via CMap Pickle Deserialization in babeldoc/pdfminer/cmapdb.py

Arbitrary Code Execution via CMap Pickle Deserialization in babeldoc/pdfminer/cmapdb.py SummaryBabelDOC's vendored PDF parser babeldoc/pdfminer/cmapdb.py deserializes untrusted pickle data when loading CMap files. The loaddata method strips only NUL bytes from a PDF-controlled CMap name, then...

7.8CVSS
Exploits0References5Affected Software1
PyPA
PyPA
added 4 hours ago1 views

`lxml_html_clean.Cleaner` does not strip `javascript:` URLs from namespaced URL attributes

lxmlhtmlclean.Cleaner does not strip javascript: URLs from namespaced URL attributes xlink:hrefReporter: Guillem Lefait · Date: 2026-05-10Affected: lxml ≤ 6.1.0 and lxmlhtmlclean ≤ 0.4.4 latest stableConfirmed against: lxml 6.1.0 + lxmlhtmlclean 0.4.4 on Python 3.13.5, 3.14.4, and 3.15.0a8 libxml...

8.2CVSS
Exploits0References5Affected Software1
OSV
OSV
added 4 hours ago1 views

PYSEC-2026-2614 `lxml_html_clean.Cleaner` does not strip `javascript:` URLs from namespaced URL attributes

lxmlhtmlclean.Cleaner does not strip javascript: URLs from namespaced URL attributes xlink:href Reporter: Guillem Lefait · Date: 2026-05-10 Affected: lxml ≤ 6.1.0 and lxmlhtmlclean ≤ 0.4.4 latest stable Confirmed against: lxml 6.1.0 + lxmlhtmlclean 0.4.4 on Python 3.13.5, 3.14.4, and 3.15.0a8...

8.2CVSS
Exploits0References5
PyPA
PyPA
added 4 hours ago0 views

joserfc: HS256/HS384/HS512 verify accepts empty/nil HMAC key (cross-language sibling of CVE-2026-45363)

Summaryjoserfc.jwt.decode accepts attacker-forged HMAC-signed tokens when thecaller-supplied verification key is the empty string or None.HMACAlgorithm.sign and HMACAlgorithm.verify insrc/joserfc/rfc7518/jwsalgs.py:62-70 feed whateverOctKey.getopkey... produced into hmac.new..., and...

8.7CVSS
Exploits0References7Affected Software1
OSV
OSV
added 4 hours ago0 views

PYSEC-2026-2528 joserfc: HS256/HS384/HS512 verify accepts empty/nil HMAC key (cross-language sibling of CVE-2026-45363)

Summary joserfc.jwt.decode accepts attacker-forged HMAC-signed tokens when the caller-supplied verification key is the empty string or None. HMACAlgorithm.sign and HMACAlgorithm.verify in src/joserfc/rfc7518/jwsalgs.py:62-70 feed whatever OctKey.getopkey... produced into hmac.new..., and...

8.7CVSS
Exploits0References7
OSV
OSV
added 4 hours ago1 views

PYSEC-2026-2580 Langroid: SQLChatAgent _validate_query blocklist misses pg_read_file family enabling arbitrary file read

Summary SQLChatAgent in langroid ships a validatequery defense-in-depth layer whose DANGEROUSSQLPATTERNS regex blocklist enumerates dangerous SQL primitives by specific function name. The list misses the canonical PostgreSQL filesystem-disclosure family pgreadfile, pgstatfile, pglslogdir,...

8.7CVSS0.00686EPSS
Exploits0References6
OSV
OSV
added 4 hours ago0 views

PYSEC-2026-2589 Lemur: JWT verifier honors attacker-supplied alg, enabling ATO

Lemur 1.9.0: JWT verifier trusts attacker-supplied alg from token header — defense-in-depth gap; chain-dependent ATO with secret disclosure Vulnerability Summary Field | Value -- | -- Title | Lemur 1.9.0: JWT verifier trusts attacker-supplied alg from token header — defense-in-depth gap;...

4.8CVSS
Exploits0References6
PyPA
PyPA
added 4 hours ago2 views

motionEye's Absolute Path Traversal in Media File Handlers Allows Arbitrary File Read

SummarymEye contains an absolute path traversal vulnerability in multiple media file handlers that allows an attacker to read arbitrary files from the filesystem.The affected handlers accept a user-controlled filename parameter and construct filesystem paths using os.path.join. When an absolute...

8.7CVSS0.00623EPSS
Exploits1References5Affected Software1
OSV
OSV
added 4 hours ago2 views

PYSEC-2026-2667 motionEye's Absolute Path Traversal in Media File Handlers Allows Arbitrary File Read

Summary mEye contains an absolute path traversal vulnerability in multiple media file handlers that allows an attacker to read arbitrary files from the filesystem. The affected handlers accept a user-controlled filename parameter and construct filesystem paths using os.path.join. When an absolute...

8.7CVSS0.00623EPSS
Exploits1References5
OSV
OSV
added 4 hours ago0 views

PYSEC-2026-3435 python-zeroconf: Unbounded TC-deferred queue allows LAN-local memory exhaustion via spoofed-source flood

Impact AsyncListener.handlequeryordefer retained every truncated TC-bit incoming query in self.deferredaddr and armed a per-addr timer in self.timersaddr that flushed the reassembled query within 500 ms RFC 6762 §18.5. Neither the per-addr list nor the number of distinct addr keys was capped, and...

6.5CVSS6.1AI score0.00018EPSS
Exploits0References7
PyPA
PyPA
added 4 hours ago2 views

python-zeroconf: Unbounded TC-deferred queue allows LAN-local memory exhaustion via spoofed-source flood

ImpactAsyncListener.handlequeryordefer retained every truncated TC-bit incoming query in self.deferredaddr and armed a per-addr timer in self.timersaddr that flushed the reassembled query within 500 ms RFC 6762 §18.5. Neither the per-addr list nor the number of distinct addr keys was capped, and...

6.5CVSS0.00018EPSS
Exploits0References7Affected Software1
OSV
OSV
added 4 hours ago0 views

PYSEC-2026-3437 zeroconf: Unbounded exception-dedup state retains packet buffers via traceback frame locals, enabling LAN-local memory exhaustion

Impact DNSIncoming.logexceptiondebug and the four QuietLogger exception-dedup methods stored an unbounded seenlogs dict keyed by strsys.excinfo1. The seven IncomingDecodeError messages raised from readname / decodelabelsatoffset RFC 6762 §18 name-decoding error paths all embed self.source — the...

6.5CVSS0.0002EPSS
Exploits0References7
PyPA
PyPA
added 4 hours ago2 views

zeroconf has unbounded DNS record cache that allows LAN-local memory exhaustion via multicast flood

ImpactDNSCache.asyncadd inserted every response record into cache, expirations, expireheap, and servicecache with no cap on entry count. The only pre-existing protection was a PTR TTL floor DNSPTRMINTTL = 1125 s, RFC 6762 §10, which actually prolonged attacker-injected records, and a periodic...

6.5CVSS0.00023EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 4 hours ago1 views

zeroconf: Unbounded exception-dedup state retains packet buffers via traceback frame locals, enabling LAN-local memory exhaustion

ImpactDNSIncoming.logexceptiondebug and the four QuietLogger exception-dedup methods stored an unbounded seenlogs dict keyed by strsys.excinfo1. The seven IncomingDecodeError messages raised from readname / decodelabelsatoffset RFC 6762 §18 name-decoding error paths all embed self.source — the...

6.5CVSS0.0002EPSS
Exploits0References7Affected Software1
OSV
OSV
added 4 hours ago0 views

PYSEC-2026-3439 zeroconf has unbounded DNS record cache that allows LAN-local memory exhaustion via multicast flood

Impact DNSCache.asyncadd inserted every response record into cache, expirations, expireheap, and servicecache with no cap on entry count. The only pre-existing protection was a PTR TTL floor DNSPTRMINTTL = 1125 s, RFC 6762 §10, which actually prolonged attacker-injected records, and a periodic...

6.5CVSS0.00023EPSS
Exploits0References7
PyPA
PyPA
added 4 hours ago1 views

local-deep-research has an SSRF bypass in `safe_get`

SummaryThe URL checking logic in local-deep-research has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. DetailsThe current project uses validateurl to validate the input URL. The main logic is to perform security checks on the host portion of the URL extracted by...

5CVSS0.00247EPSS
Exploits0References10Affected Software1
Rows per page
Query Builder