Lucene search
K

3892 matches found

Vulnrichment
Vulnrichment
added 2026/06/21 1:26 p.m.8 views

CVE-2026-56367 ImageMagick - Heap Out-of-Bounds Read in PSB RLE Decoding

ImageMagick before 7.1.2-15 and 6.9.x before 6.9.13-40 contains an integer overflow in the PSB PSD v2 RLE decoding path ReadPSDChannelRLE in coders/psd.c that causes a heap out-of-bounds read on 32-bit builds. Processing a crafted PSB file can lead to information disclosure or a crash...

6.3CVSS5.9AI score0.00236EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/21 1:26 p.m.10 views

EUVD-2026-38173

ImageMagick before 7.1.2-15 and 6.9.x before 6.9.13-40 contains an integer overflow in the PSB PSD v2 RLE decoding path ReadPSDChannelRLE in coders/psd.c that causes a heap out-of-bounds read on 32-bit builds. Processing a crafted PSB file can lead to information disclosure or a crash...

6.3CVSS5.9AI score0.00236EPSS
Exploits0References2
OSV
OSV
added 2026/06/20 11:24 p.m.18 views

MAL-2026-6247 Malicious code in requests-enhancer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0f61f1a905e0ec1bb593f7b20d4f9a8a9e72deeb16440f72acbcaf00aeab1cd On import requestsenhancer, the package's init.py spawns a daemon thread that runs pip install...

6.7AI score
Exploits0References5
NVD
NVD
added 2026/06/19 8:16 p.m.14 views

CVE-2026-48774

ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 3.0.0 through 3.0.8, ProxySQL's GenAI/MCP runsqlreadonly tool violates its documented read-only contract for MySQL targets. The tool validates only the full input string with a substring blacklist and first-keyword...

7.5CVSS0.00226EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/19 3:12 p.m.8 views

Malicious code in @briskforge/envcheck (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 09dba573f5d6cb00b09562870f2148b3e539786f5d801f2a263338301d759313 The package advertises itself as a tiny environment-variable validator but ships lib/preflight.js, a heavily obfuscated obfuscator.io string-array...

5.9AI score
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in avahi

The avahi-daemon-check-dns.sh script within the Debian avahi package, as of version 0.8-4, is executed as the root user via /etc/network/if-up.d/avahi-daemon. This script allows a local attacker to cause a denial of service or create arbitrary empty files through a symlink attack on files located...

7.8CVSS7.3AI score0.00395EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: bpf: Fix tailcallreachable rejection for interpreter when jit failed During testing of f263a81451c1 “bpf: Track subprog poke descriptors correctly and fix use-after-free” under various failure conditions, for example, when...

5.5CVSS6.1AI score0.00226EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux

A flaw was discovered in the way RTAS handled memory accesses in user space for kernel communication. In a guest system that is under lockdown usually due to Secure Boot, running on top of PowerVM or KVM hypervisors pseries platform, a root-like local user could exploit this flaw to further...

7.2CVSS6.7AI score0.00501EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in ffmpeg5

When decoding an OpenEXR file that uses DWAA or DWAB compression, the specified raw length of run-length-encoded data is not checked when using it to calculate the output data. We read rlerawsize from the input file at 0, decompress and decode it into the buffer td-rlerawdata of size rlerawsize a...

6.9CVSS6.6AI score0.0016EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: bpf, testrun: Fixed an alignment issue in bpfprogtestrunskb. We encountered a syzkaller issue due to an alignment fault for aarch64 architectures when KFENCE is enabled. When the size provided by the user’s bpf program is an o...

7.8CVSS6.4AI score0.0019EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.16 views

PT-2026-50922

Name of the Vulnerable Software and Affected Versions Chromacam version 4.0.3.0 Description An unquoted service path issue exists in the PsyFrameGrabberService. This allows local attackers with write access to C: or subdirectories such as C:Program Files x86Personify to execute arbitrary code. By...

8.5CVSS6.5AI score0.0012EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/18 10:12 p.m.8 views

CVE-2026-56075

PraisonAI before 4.5.128 contains an arbitrary shell command execution vulnerability where the UI modules hardcode approvalmode to auto, overriding administrator configuration from PRAISONAPPROVALMODE environment variable. Authenticated attackers can instruct the LLM agent to execute arbitrary...

8.8CVSS6AI score0.00476EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/18 1:52 p.m.7 views

Information Exposure

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

8.7CVSS5.8AI score
Exploits0References3
OSV
OSV
added 2026/06/18 1:5 p.m.5 views

GHSA-R2XF-7JW5-PJG6 Docker MCP Gateway: Argument injection via OCI image label YAML

Summary A maliciously crafted OCI image label can inject arbitrary arguments into the docker run command line constructed by the MCP Gateway. An attacker who controls an image that the victim references via docker://, or that the victim's catalog pulls a snapshot from, can mount the host...

8.7CVSS6.5AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.19 views

PT-2026-50746

Name of the Vulnerable Software and Affected Versions Docker MCP Plugin affected versions not specified Description A flaw in the OCI image label parsing allows an attacker to inject arbitrary arguments into the docker run command line. This occurs because the io.docker.server.metadata label is...

8.7CVSS6.3AI score
Exploits0References5
Cvelist
Cvelist
added 2026/06/17 3:5 p.m.18 views

CVE-2026-53873 picklescan - Arbitrary Code Execution via profile.run() Blocklist Bypass

picklescan before 1.0.4 contains an incomplete blocklist for the profile module that fails to block the module-level profile.run function, allowing attackers to achieve arbitrary code execution via exec. Attackers can craft malicious pickle files calling profile.runstatement to execute arbitrary...

9.8CVSS0.0046EPSS
Exploits0References2
Wiz blog
Wiz blog
added 2026/06/17 2:33 p.m.15 views

The Red Agent POV: How it Reasoned its Way to SSRF

Part 1: How the Red Agent uncovered a multi-step attack chain allowing SSRF-to-Local-File-Read on a GCP Cloud Run API...

5.2AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/06/16 7:11 p.m.8 views

Deno: Permission Bypass via Unicode Normalization Mismatch on macOS (APFS)

Summary Deno's permission system enforces filesystem and execution restrictions by comparing the requested path against the path supplied to --deny-read, --deny-write, --deny-run, or --deny-ffi. On macOS, that comparison was done at the raw-byte level while the APFS filesystem treats different...

8.4CVSS5.8AI score0.00144EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/06/16 5:58 a.m.11 views

EUVD-2025-210165

Nokia SR Linux is vulnerable to a local privilege escalation vulnerability. Successful exploitation of this vulnerability may allow an authenticated user to execute arbitrary commands with superuser privilege...

6.3CVSS5.8AI score0.0011EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.15 views

PT-2026-50145

Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.7.14 Description Deno's permission system on macOS enforces filesystem and execution restrictions by comparing requested paths against those supplied to --deny-read, --deny-write, --deny-run, or --deny-ffi. The...

7.3CVSS6AI score0.00144EPSS
Exploits1References4
Rows per page
Query Builder