Lucene search
K

938 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-456 PickleScan's pkgutil.resolve_name has a universal blocklist bypass

Summary pkgutil.resolvename is a Python stdlib function that resolves any "module:attribute" string to the corresponding Python object at runtime. By using pkgutil.resolvename as the first REDUCE call in a pickle, an attacker can obtain a reference to ANY blocked function e.g., os.system,...

10CVSS5.8AI score0.00623EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/23 8:0 a.m.6 views

CVE-2026-56410

A flaw was found in libexpat. Specifically, the xmlwf utility contains an integer overflow vulnerability in its resolveSystemId function. This flaw could be exploited by an attacker to potentially gain unauthorized access to sensitive information or execute arbitrary code, leading to a compromise...

6.9CVSS6.1AI score0.0011EPSS
Exploits0References4
OSV
OSV
added 2026/06/21 4:16 p.m.4 views

ALPINE-CVE-2026-56410

xmlwf in libexpat before 2.8.2 has an integer overflow in resolveSystemId...

6.9CVSS5.8AI score0.0011EPSS
Exploits0References1
OSV
OSV
added 2026/06/21 4:16 p.m.5 views

UBUNTU-CVE-2026-56410

xmlwf in libexpat before 2.8.2 has an integer overflow in resolveSystemId...

6.9CVSS5.8AI score0.0011EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/06/21 3:55 p.m.6 views

CVE-2026-56410

xmlwf in libexpat before 2.8.2 has an integer overflow in resolveSystemId...

6.9CVSS5.8AI score0.0011EPSS
Exploits0
CVE
CVE
added 2026/06/21 3:55 p.m.29 views

CVE-2026-56410

The vulnerability CVE-2026-56410 affects xmlwf in libexpat prior to 2.8.2, due to an integer overflow in resolveSystemId. Impact is indicated as high for confidentiality and integrity, with low availability impact; attack vector is local and no user interaction is required. Remedy: upgrade to lib...

6.9CVSS5.9AI score0.0011EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.13 views

PT-2026-51246

Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.8.2 Description The xmlwf component contains an integer overflow in the resolveSystemId function. An integer overflow occurs when an arithmetic operation results in a value that exceeds the maximum size of the...

6.9CVSS5.8AI score0.0011EPSS
Exploits0References6
NVD
NVD
added 2026/06/17 5:16 p.m.15 views

CVE-2026-3490

picklescan before 1.0.4 fails to block pkgutil.resolvename, allowing attackers to bypass the entire blocklist by resolving any dangerous function through indirect REDUCE calls. Remote attackers can invoke any blocked function such as os.system, builtins.exec, or subprocess.call to achieve remote...

10CVSS0.00623EPSS
Exploits0References2
CVE
CVE
added 2026/06/17 3:5 p.m.26 views

CVE-2026-3490

CVE-2026-3490 affects picklescan prior to version 1.0.4, where the blocklist of dangerous functions is bypassed via pkgutil.resolve_name. The underlying issue is an incomplete blocklist that allows indirect REDUCE calls to resolve dangerous functions, enabling remote code execution (e.g., os.syst...

10CVSS5.9AI score0.00623EPSS
Exploits0References2
Veracode
Veracode
added 2026/06/09 5:1 a.m.14 views

DNS Cache Poisoning

Netty is vulnerable to DNS Cache Poisoning. The vulnerability is due to insufficient validation of the bailiwick of NS records in DnsResolveContext, which allows an attacker controlling an authoritative subdomain name server to poison DNS cache entries for parent domains...

10CVSS5.5AI score0.00292EPSS
Exploits0References12Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/09 2:58 a.m.14 views

CVE-2026-11461

A vulnerability has been found in NousResearch hermes-agent up to 0.12.0. This affects the function resolvesessionbytitle of the file hermesstate.py of the component resume Endpoint. Such manipulation of the argument Title leads to authorization bypass. It is possible to launch the attack remotel...

6.5CVSS6.1AI score0.00225EPSS
Exploits0References1
Veracode
Veracode
added 2026/06/08 5:11 p.m.26 views

Deserialization Of Untrusted Data

org.apache.fory:fory-core is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to improper handling of the Java replace-resolve deserialization path, which allows an attacker to bypass security checks and invoke arbitrary readResolve or readExternal methods through crafted...

9.1CVSS5.7AI score0.0052EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/08 12:30 a.m.19 views

EUVD-2026-34992

A vulnerability has been found in NousResearch hermes-agent up to 0.12.0. This affects the function resolvesessionbytitle of the file hermesstate.py of the component resume Endpoint. Such manipulation of the argument Title leads to authorization bypass. It is possible to launch the attack remotel...

6.5CVSS5.1AI score0.00225EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/07 9:45 p.m.38 views

CVE-2026-11461 NousResearch hermes-agent resume Endpoint hermes_state.py resolve_session_by_title authorization

A vulnerability has been found in NousResearch hermes-agent up to 0.12.0. This affects the function resolvesessionbytitle of the file hermesstate.py of the component resume Endpoint. Such manipulation of the argument Title leads to authorization bypass. It is possible to launch the attack remotel...

6.5CVSS0.00225EPSS
Exploits0References6
CVE
CVE
added 2026/06/07 9:45 p.m.190 views

CVE-2026-11461

CVE-2026-11461 affects NousResearch Hermes-Agent up to version 0.12.0. The vulnerability is in the resume endpoint’s file hermes_state.py, in the function resolve_session_by_title, where manipulating the Title argument can bypass authorization. It allows remote exploitation, with the exploit publ...

6.5CVSS6.1AI score0.00225EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/07 9:45 p.m.11 views

CVE-2026-11461 NousResearch hermes-agent resume Endpoint hermes_state.py resolve_session_by_title authorization

A vulnerability has been found in NousResearch hermes-agent up to 0.12.0. This affects the function resolvesessionbytitle of the file hermesstate.py of the component resume Endpoint. Such manipulation of the argument Title leads to authorization bypass. It is possible to launch the attack remotel...

6.5CVSS6.1AI score0.00225EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/07 9:45 p.m.7 views

CVE-2026-11461

A vulnerability has been found in NousResearch hermes-agent up to 0.12.0. This affects the function resolvesessionbytitle of the file hermesstate.py of the component resume Endpoint. Such manipulation of the argument Title leads to authorization bypass. It is possible to launch the attack remotel...

6.5CVSS6.1AI score0.00225EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.9 views

CVE-2025-60477

A NULL pointer dereference in the gffilterpidresolvefiletemplateex function /filtercore/filterpid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted file...

5CVSS5.5AI score0.00107EPSS
Exploits0References1
NVD
NVD
added 2026/06/05 6:17 p.m.12 views

CVE-2026-45750

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/filemanager/ssh/resolvePath endpoint in the Termix File Manager component unsafely processes the path parameter and embeds it into a shell command...

9CVSS0.00294EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/05 6:6 p.m.11 views

CVE-2026-45750 Termix Vulnerable to Arbitrary Command Execution in File Manager

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/filemanager/ssh/resolvePath endpoint in the Termix File Manager component unsafely processes the path parameter and embeds it into a shell command...

9CVSS5.5AI score0.00294EPSS
Exploits1References2
Rows per page
Query Builder