Lucene search
K

3912 matches found

RedHat Linux
RedHat Linux
added yesterday5 views

freerdp: FreeRDP: Out-of-bounds write in planar bitmap decoder allows arbitrary code execution

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. The planar bitmap decoder contains an out-of-bounds heap write vulnerability when processing RLE planar data. A remote attacker could exploit this by providing specially crafted RLE planar data, leading to an...

9.8CVSS6.5AI score0.0049EPSS
Exploits1References5
NVD
NVD
added yesterday6 views

CVE-2026-15531

A vulnerability has been found in yashbhalgat HashNeRF-pytorch up to 82885e698295982504eb6a26d060a6b2473e3706. Affected by this issue is the function torch.load of the file runnerf.py of the component Checkpoint File Handler. The manipulation of the argument ckptpath leads to deserialization. The...

5.3CVSS0.00121EPSS
Exploits0References7
CVE
CVE
added yesterday7 views

CVE-2026-15531

The CVE-2026-15531 entry affects yashbhalgat HashNeRF-pytorch (up to commit 82885e698295982504eb6a26d060a6b2473e3706). The vulnerable component is the Checkpoint File Handler’s run_nerf.py, specifically the function torch.load, where deserialization can be triggered by manipulating the ckpt_path ...

5.3CVSS5.6AI score0.00121EPSS
Exploits0References7
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-42899

PraisonAI versions before 4.6.78 contain an allowlist bypass vulnerability in shell command execution that allows attackers to execute restricted commands via find's built-in -exec, -execdir, and -delete actions. Attackers can craft find commands with these built-in actions to read blocked files,...

8.8CVSS6.3AI score0.00579EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 5 days ago5 views

freerdp: FreeRDP: Out-of-bounds write in planar bitmap decoder allows arbitrary code execution

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. The planar bitmap decoder contains an out-of-bounds heap write vulnerability when processing RLE planar data. A remote attacker could exploit this by providing specially crafted RLE planar data, leading to an...

9.8CVSS6.6AI score0.0049EPSS
Exploits1References5
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-15035 bentoml OpenLLM Model Repository Directory Name common.py async_run_command command injection

A vulnerability was found in bentoml OpenLLM 0.6.30. This affects the function asyncruncommand of the file src/openllm/common.py of the component Model Repository Directory Name Handler. Performing a manipulation of the argument cmd results in command injection. Attacking locally is a requirement...

5.3CVSS0.01338EPSS
Exploits1References7
CVE
CVE
added 6 days ago11 views

CVE-2026-15035

Bentoml OpenLLM 0.6.30 is affected by a command-injection in async_run_command (src/openllm/common.py, Model Repository Directory Name Handler). The vulnerability stems from manipulation of the cmd argument, enabling local exploitation. Public exploit details exist, and attack requires local acce...

7.8CVSS5.8AI score0.01338EPSS
Exploits1References7Affected Software1
CVE
CVE
added 6 days ago16 views

CVE-2026-56776

CVE-2026-56776 affects n8n versions prior to 1.123.55, 2.25.7, and 2.26.2. The issue is an authorization bypass in POST /workflows/{workflowId}/test-runs/new where access is granted using workflow:read instead of workflow:execute, enabling an authenticated user with read-only access to trigger a ...

7.4CVSS6.1AI score0.00161EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-56417

Name of the Vulnerable Software and Affected Versions bentoml OpenLLM version 0.6.30 Description Command injection is possible within the Model Repository Directory Name Handler component. This occurs when the cmd argument is manipulated in the async run command function located in the...

7.8CVSS6.2AI score0.01338EPSS
Exploits1References12
The Hacker News
The Hacker News
added last week25 views

Rogue Agent Flaw Could Have Let Attackers Hijack Google Dialogflow CX Chatbots

A critical flaw in Google's Dialogflow CX could have let an attacker with edit rights on one Code Block-enabled agent compromise other Code Block-enabled agents in the same Google Cloud project. From there, they could read live conversations, steal the data users shared, and make the bots send...

6.7AI score
Exploits0
RedHat Linux
RedHat Linux
added last week6 views

freerdp: FreeRDP: Out-of-bounds write in planar bitmap decoder allows arbitrary code execution

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. The planar bitmap decoder contains an out-of-bounds heap write vulnerability when processing RLE planar data. A remote attacker could exploit this by providing specially crafted RLE planar data, leading to an...

9.8CVSS6.6AI score0.0049EPSS
Exploits1References5
EUVD
EUVD
added 2026/07/07 7:44 a.m.7 views

EUVD-2026-42020

A flaw was found in GIMP's PSD parser. An integer overflow in readRLEchannel can cause an undersized heap allocation for the RLE row-length table, after which subsequent per-row writes corrupt heap memory. This could lead to memory corruption, potentially resulting in denial of service or arbitra...

7.3CVSS6.2AI score0.00219EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/07/07 7:44 a.m.38 views

CVE-2026-58384 Gimp: gimp: integer overflow in read_rle_channel()

A flaw was found in GIMP's PSD parser. An integer overflow in readRLEchannel can cause an undersized heap allocation for the RLE row-length table, after which subsequent per-row writes corrupt heap memory. This could lead to memory corruption, potentially resulting in denial of service or arbitra...

7.3CVSS0.00219EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2026/07/07 7:44 a.m.5 views

CVE-2026-58384

A flaw was found in GIMP's PSD parser. An integer overflow in readRLEchannel can cause an undersized heap allocation for the RLE row-length table, after which subsequent per-row writes corrupt heap memory. This could lead to memory corruption, potentially resulting in denial of service or arbitra...

7.8CVSS6.2AI score0.00219EPSS
Exploits1
EUVD
EUVD
added 2026/07/06 12:3 p.m.5 views

EUVD-2026-41872

Imager versions before 1.032 for Perl have a heap out-of-bounds read in the bundled Imager::File::SGI reader via a 16-bit RLE literal run in readrgb16rle. readrgb16rle guards each literal run with if count dataleft, but count is a pixel count while every 16-bit sample consumes two bytes. The copy...

7.1CVSS6AI score0.00136EPSS
Exploits0References2
CVE
CVE
added 2026/07/06 12:3 p.m.15 views

CVE-2026-13705

CVE-2026-13705 affects Imager before 1.032 for Perl. The vulnerability is a heap out-of-bounds read in the bundled Imager::File::SGI reader caused by a 16-bit RLE literal run in read_rgb_16_rle. The code guards a pixel-count (count) with data_left, but each 16-bit sample uses two bytes; the copy ...

7.1CVSS6AI score0.00136EPSS
Exploits0References3
CVE
CVE
added 2026/07/04 12:0 p.m.21 views

CVE-2026-14626

NousResearch hermes-agent (up to 2026.4.30), specifically the HTTP API component and AIAgent.run_conversation in run_agent.py, is vulnerable. The issue arises from manipulation of the todos argument, enabling remote denial of service. Public exploit is noted, and the vendor was contacted without ...

5.3CVSS5.6AI score0.00277EPSS
Exploits0References5
Snyk
Snyk
added 2026/07/04 3:12 a.m.7 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the runautogradprof function. An attacker can execute arbitrary code by crafting a malicious pickle file...

8.1CVSS6.6AI score0.00427EPSS
Exploits0References2
NVD
NVD
added 2026/07/04 2:16 a.m.9 views

CVE-2025-71345

picklescan before 0.0.30 fails to detect malicious pickle files that invoke torch.utils.bottleneck.main.runautogradprof function. Attackers can embed undetected code in pickle files that executes during deserialization, enabling remote code execution...

8.1CVSS0.00427EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/04 1:23 a.m.38 views

CVE-2025-71342 picklescan - Undetected Remote Code Execution via idlelib.run.Executive.runcode

picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.run.Executive.runcode in reduce methods. Attackers can embed undetected code in pickle files that executes during pickle.load, enabling remote code execution in PyTorch models and supply chain attacks...

8.1CVSS0.00427EPSS
Exploits0References2
Rows per page
Query Builder