Lucene search
+L

3968 matches found

CVE
CVE
added 2026/06/22 9:4 p.m.13 views

CVE-2025-71344

CVE-2025-71344 affects picklescan prior to 0.0.30 (vulnerable: 0.0.26 and earlier). Malicious pickle files that embed ensurepip._run_pip calls in reduce can bypass detection and enable remote code execution when pickle.load() is used. No exploitation details are provided beyond this description.

8.1CVSS6.8AI score0.00367EPSS
Exploits0References2
OSV
OSV
added 2026/06/22 9:4 p.m.4 views

CVE-2025-71344 picklescan - Arbitrary Code Execution via Undetected ensurepip._run_pip Function

picklescan before 0.0.30 affected versions 0.0.26 and earlier fails to detect the ensurepip.runpip built-in function when scanning pickle files, allowing attackers to execute arbitrary code. Malicious pickle files embedding ensurepip.runpip calls in reduce methods bypass picklescan detection and...

7.6CVSS6.8AI score0.00367EPSS
Exploits0References4
OSV
OSV
added 2026/06/22 2:34 p.m.8 views

OPENSUSE-SU-2026:21019-1 Security update for rpcbind

This update for rpcbind fixes the following issues - Update to rpcbind 1.2.9 bsc1267212 https://lore.kernel.org/linux-nfs/[email protected]/ rpcinfo: stack buffer overflow in rpcinfo rpcbaddrlist rpcbind: Stop unauthenticated oversized allocation in PMAPPROCCALLIT...

6AI score
Exploits0References3
NVD
NVD
added 2026/06/21 2:16 p.m.14 views

CVE-2026-56367

ImageMagick before 7.1.2-15 and 6.9.x before 6.9.13-40 contains an integer overflow in the PSB PSD v2 RLE decoding path ReadPSDChannelRLE in coders/psd.c that causes a heap out-of-bounds read on 32-bit builds. Processing a crafted PSB file can lead to information disclosure or a crash...

9.1CVSS0.00236EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/21 1:26 p.m.8 views

CVE-2026-56367 ImageMagick - Heap Out-of-Bounds Read in PSB RLE Decoding

ImageMagick before 7.1.2-15 and 6.9.x before 6.9.13-40 contains an integer overflow in the PSB PSD v2 RLE decoding path ReadPSDChannelRLE in coders/psd.c that causes a heap out-of-bounds read on 32-bit builds. Processing a crafted PSB file can lead to information disclosure or a crash...

6.3CVSS5.9AI score0.00236EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/21 1:26 p.m.11 views

EUVD-2026-38173

ImageMagick before 7.1.2-15 and 6.9.x before 6.9.13-40 contains an integer overflow in the PSB PSD v2 RLE decoding path ReadPSDChannelRLE in coders/psd.c that causes a heap out-of-bounds read on 32-bit builds. Processing a crafted PSB file can lead to information disclosure or a crash...

6.3CVSS5.9AI score0.00236EPSS
Exploits0References2
OSV
OSV
added 2026/06/20 11:24 p.m.20 views

MAL-2026-6247 Malicious code in requests-enhancer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0f61f1a905e0ec1bb593f7b20d4f9a8a9e72deeb16440f72acbcaf00aeab1cd On import requestsenhancer, the package's init.py spawns a daemon thread that runs pip install...

6.7AI score
Exploits0References5
NVD
NVD
added 2026/06/19 8:16 p.m.24 views

CVE-2026-48774

ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 3.0.0 through 3.0.8, ProxySQL's GenAI/MCP runsqlreadonly tool violates its documented read-only contract for MySQL targets. The tool validates only the full input string with a substring blacklist and first-keyword...

7.5CVSS0.00226EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/19 3:12 p.m.25 views

Malicious code in @briskforge/envcheck (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 09dba573f5d6cb00b09562870f2148b3e539786f5d801f2a263338301d759313 The package advertises itself as a tiny environment-variable validator but ships lib/preflight.js, a heavily obfuscated obfuscator.io string-array...

5.9AI score
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux

A flaw was discovered in the way RTAS handled memory accesses in user space for kernel communication. In a guest system that is under lockdown usually due to Secure Boot, running on top of PowerVM or KVM hypervisors pseries platform, a root-like local user could exploit this flaw to further...

7.2CVSS6.7AI score0.00501EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.20 views

PT-2026-50922

Name of the Vulnerable Software and Affected Versions Chromacam version 4.0.3.0 Description An unquoted service path issue exists in the PsyFrameGrabberService. This allows local attackers with write access to C: or subdirectories such as C:Program Files x86Personify to execute arbitrary code. By...

8.5CVSS6.5AI score0.0012EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/18 10:12 p.m.9 views

CVE-2026-56075

PraisonAI before 4.5.128 contains an arbitrary shell command execution vulnerability where the UI modules hardcode approvalmode to auto, overriding administrator configuration from PRAISONAPPROVALMODE environment variable. Authenticated attackers can instruct the LLM agent to execute arbitrary...

8.8CVSS6AI score0.00476EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/18 1:52 p.m.8 views

Information Exposure

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

8.7CVSS5.8AI score
Exploits0References3
OSV
OSV
added 2026/06/18 1:5 p.m.7 views

GHSA-R2XF-7JW5-PJG6 Docker MCP Gateway: Argument injection via OCI image label YAML

Summary A maliciously crafted OCI image label can inject arbitrary arguments into the docker run command line constructed by the MCP Gateway. An attacker who controls an image that the victim references via docker://, or that the victim's catalog pulls a snapshot from, can mount the host...

8.7CVSS6.5AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.25 views

PT-2026-50746

Name of the Vulnerable Software and Affected Versions Docker MCP Plugin affected versions not specified Description A flaw in the OCI image label parsing allows an attacker to inject arbitrary arguments into the docker run command line. This occurs because the io.docker.server.metadata label is...

8.7CVSS6.3AI score
Exploits0References5
Cvelist
Cvelist
added 2026/06/17 3:5 p.m.21 views

CVE-2026-53873 picklescan - Arbitrary Code Execution via profile.run() Blocklist Bypass

picklescan before 1.0.4 contains an incomplete blocklist for the profile module that fails to block the module-level profile.run function, allowing attackers to achieve arbitrary code execution via exec. Attackers can craft malicious pickle files calling profile.runstatement to execute arbitrary...

9.8CVSS0.0046EPSS
Exploits0References2
Wiz blog
Wiz blog
added 2026/06/17 2:33 p.m.16 views

The Red Agent POV: How it Reasoned its Way to SSRF

Part 1: How the Red Agent uncovered a multi-step attack chain allowing SSRF-to-Local-File-Read on a GCP Cloud Run API...

5.2AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/06/16 7:11 p.m.11 views

Deno: Permission Bypass via Unicode Normalization Mismatch on macOS (APFS)

Summary Deno's permission system enforces filesystem and execution restrictions by comparing the requested path against the path supplied to --deny-read, --deny-write, --deny-run, or --deny-ffi. On macOS, that comparison was done at the raw-byte level while the APFS filesystem treats different...

8.4CVSS5.8AI score0.00144EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/06/16 6:59 p.m.9 views

GHSA-HV7X-3X78-GX53 n8n: Wrong OAuth Scope On Evaluations Test Run Creation Endpoint

Impact The POST /workflows/workflowId/test-runs/new endpoint authorized access using workflow:read rather than workflow:execute. An authenticated user with read-only access to a workflow could trigger a real evaluation test run, causing the workflow to execute via the internal workflow runner. Th...

7.4CVSS5.7AI score0.00161EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/16 5:58 a.m.13 views

EUVD-2025-210165

Nokia SR Linux is vulnerable to a local privilege escalation vulnerability. Successful exploitation of this vulnerability may allow an authenticated user to execute arbitrary commands with superuser privilege...

6.3CVSS5.8AI score0.0011EPSS
Exploits0References1
Rows per page
Query Builder