Lucene search
+L

1227 matches found

Cvelist
Cvelist
added 3 days ago38 views

CVE-2026-52870 MCP Python SDK: Experimental task handlers allow any client to access and cancel other clients' tasks

The MCP Python SDK, called mcp on PyPI, is a Python implementation of the Model Context Protocol MCP. From 1.23.0 until 1.27.2, default handlers installed by server.experimental.enabletasks for tasks/list, tasks/get, tasks/result, and tasks/cancel operate only on task identifiers without recordin...

7.6CVSS0.00227EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/07/08 3:22 p.m.7 views

kernel: wifi: mac80211: drop stray 'static' from fast-RX rx_result

A flaw was found in the Linux kernel's Wi-Fi mac80211 subsystem. The ieee80211invokefastrx function uses a static variable for rxresult, which is shared across concurrent calls. This can lead to incorrect processing of Wi-Fi packets, where a packet might be mishandled or its status incorrectly...

8.8CVSS5.9AI score0.00167EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/07/07 2:39 p.m.8 views

CVE-2026-14742

A flaw was found in langgraph. A remote attacker could exploit this vulnerability by manipulating the defaultcachekey argument within the freeze function of the Task Result Cache component. This manipulation leads to the use of a weak hash, which may result in limited information disclosure...

3.1CVSS5.7AI score0.0016EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/07/05 6:30 p.m.36 views

CVE-2026-14766 CodeAstro Apartment Visitor Management System POST Parameter search-result.php sql injection

A vulnerability was identified in CodeAstro Apartment Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /apartment-visitor/search-result.php of the component POST Parameter Handler. The manipulation of the argument searchdata leads to sql injection...

6.5CVSS0.00204EPSS
Exploits0References6
NVD
NVD
added 2026/07/05 11:16 a.m.10 views

CVE-2026-14742

A vulnerability was determined in langchain-ai langgraph up to 1.2.4. The affected element is the function freeze of the file libs/langgraph/langgraph/internal/cache.py of the component Task Result Cache. This manipulation of the argument defaultcachekey causes use of weak hash. The attack is...

3.1CVSS0.0016EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/05 10:45 a.m.8 views

EUVD-2026-41747

A vulnerability was determined in langchain-ai langgraph up to 1.2.4. The affected element is the function freeze of the file libs/langgraph/langgraph/internal/cache.py of the component Task Result Cache. This manipulation of the argument defaultcachekey causes use of weak hash. The attack is...

3.1CVSS5AI score0.0016EPSS
Exploits0References7
CVE
CVE
added 2026/07/05 10:45 a.m.31 views

CVE-2026-14742

The CVE affects langchain-ai langgraph up to 1.2.4. The vulnerability lies in the function _freeze in libs/langgraph/langgraph/_internal/_cache.py (Task Result Cache). Manipulating the argument default_cache_key causes use of a weak hash, enabling a possible remote attack. Exploitation is describ...

3.1CVSS5AI score0.0016EPSS
Exploits0References7
OSV
OSV
added 2026/07/05 10:45 a.m.4 views

CVE-2026-14742 langchain-ai langgraph Task Result Cache _cache.py _freeze weak hash

A vulnerability was determined in langchain-ai langgraph up to 1.2.4. The affected element is the function freeze of the file libs/langgraph/langgraph/internal/cache.py of the component Task Result Cache. This manipulation of the argument defaultcachekey causes use of weak hash. The attack is...

2.3CVSS5AI score0.0016EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/07/05 10:45 a.m.47 views

CVE-2026-14742 langchain-ai langgraph Task Result Cache _cache.py _freeze weak hash

A vulnerability was determined in langchain-ai langgraph up to 1.2.4. The affected element is the function freeze of the file libs/langgraph/langgraph/internal/cache.py of the component Task Result Cache. This manipulation of the argument defaultcachekey causes use of weak hash. The attack is...

3.1CVSS0.0016EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/05 12:30 a.m.10 views

EUVD-2026-41709

A vulnerability was determined in 666ghj BettaFish up to 1.2.1. Impacted is the function deduplicateresults of the file InsightEngine/agent.py of the component InsightEngine search-result Deduplication. Executing a manipulation can lead to partial string comparison. The attack can be launched...

6.9CVSS5.8AI score0.00332EPSS
Exploits0References7
CVE
CVE
added 2026/07/05 12:30 a.m.17 views

CVE-2026-14687

Affected software: 666ghj BettaFish (≤1.2.1). Vulnerable component: InsightEngine search-result Deduplication, specifically function _deduplicate_results in InsightEngine/agent.py. Root cause: manipulation can cause partial string comparison. Impact: remote exploitation possible. Publicly disclos...

6.9CVSS5.8AI score0.00332EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.10 views

PT-2026-55818

Name of the Vulnerable Software and Affected Versions CodeAstro Apartment Visitor Management System version 1.0 Description An issue exists in the POST Parameter Handler component within the file /apartment-visitor/search-result.php. The manipulation of the searchdata parameter allows for remote...

6.5CVSS6.7AI score0.00204EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2026/07/03 6:50 a.m.6 views

CVE-2026-9230

The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 11.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS6AI score0.00312EPSS
Exploits0References15
OSV
OSV
added 2026/07/02 7:38 p.m.4 views

CVE-2026-58579 RAGFlow < 0.26.3 - Stored Cross-Site Scripting via Agent Pipeline Node Name

RAGFlow before 0.26.3 stores an agent pipeline DSL node name without sanitization: the agent update endpoint normalizes the submitted DSL via normalizedsl, which only performs JSON serialization validation and preserves the node name verbatim. The dataflow-result web UI then renders that name int...

5.1CVSS6.1AI score0.00182EPSS
Exploits0References8
Snyk
Snyk
added 2026/07/01 9:19 p.m.7 views

Deserialization of Untrusted Data

Overview software.amazon.jdbc:aws-advanced-jdbc-wrapper is an Amazon Web Services AWS Advanced JDBC Wrapper Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the CachedResultSet deserialization path in the RemoteQueryCachePlugin. An attacker can execute...

8.8CVSS6.7AI score0.00416EPSS
Exploits0References2
NVD
NVD
added 2026/06/29 10:16 p.m.10 views

CVE-2026-10647

The USB CDC-NCM device class subsys/usb/devicenext/class/usbdcdcncm.c ignores the return value of usbdepenqueue in its ethernet transmit callback cdcncmsend. When the enqueue fails, the function still calls ksemtake&data-syncsem, KFOREVER, blocking on a completion semaphore that is only ever...

5.3CVSS0.00134EPSS
Exploits1References2
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-449 pgAdmin 4 Vulnerable to Cross-Site Scripting (XSS) via Query Result Rendering

pgAdmin = 9.1 is affected by a security vulnerability with Cross-Site ScriptingXSS. If attackers execute any arbitrary HTML/JavaScript in a user's browser through query result rendering, then HTML/JavaScript runs on the browser...

9.1CVSS7.4AI score0.00305EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/06/26 2:12 a.m.9 views

SUSE CVE-2026-53134

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftfib: fix stale stack leak via the OIFNAME register For NFTFIBRESULTOIFNAME the destination register is declared with len = IFNAMSIZ four 32-bit registers, but on the lookup-fail, RTNLOCAL and oif-mismatch paths...

5.8AI score0.00122EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 3:16 p.m.10 views

CVE-2026-57588

A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user, injects malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data...

4.6CVSS0.00304EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2026/06/25 1:47 p.m.9 views

CVE-2026-57588 SQL Injection in Nessus via Malicious Scan Result File Import

A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user, injects malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data...

4.6CVSS5.9AI score0.00304EPSS
Exploits2References1
Rows per page
Query Builder