Lucene search
K

47 matches found

ATTACKERKB
ATTACKERKB
added 2 days ago7 views

CVE-2025-71367

picklescan before 0.0.34 fails to detect operator.attrgetter function calls in pickle payloads, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle files using operator.attrgetter in reduce methods to execute arbitrary code when pickle.load processes the file...

8.1CVSS6.3AI score0.00445EPSS
Exploits0References3
NVD
NVD
added 2026/04/29 7:16 p.m.10 views

CVE-2026-7439

AgentFlow's local web API accepts non-JSON content types on POST /api/runs and POST /api/runs/validate endpoints without enforcing application/json validation, allowing attackers to bypass trust-boundary enforcement on sensitive operations. Attackers can exploit this content-type validation...

4.8CVSS0.00089EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/16 9:23 p.m.8 views

Flowise Execute Flow function has an SSRF vulnerability

Summary The attacker provides an intranet address through the base url field configured in the Execute Flow node → Bypass checkDenyList / resolveAndValidate in httpSecurity.ts not called → Causes the server to initiate an HTTP request to any internal network address, read cloud metadata, or detec...

5.8AI score
Exploits0References2Affected Software2
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.7 views

Simple Git 操作系统命令注入漏洞

Simple Git is a lightweight interface developed by Steve King from the UK. It is used to execute Git commands within any Node.js application. Versions of Simple Git 3.31.1 and earlier contained a vulnerability related to operating system command injection. This vulnerability stemmed from a bypass...

9.8CVSS7.6AI score0.02712EPSS
Exploits2References4
OSV
OSV
added 2026/02/11 2:25 p.m.5 views

USN-8025-1 dotnet8, dotnet9, dotnet10 vulnerability

Kevin Jones discovered that the System.Security.Cryptography.Cose component in .NET did not properly handle certain missing special elements in input data. An attacker could possibly use this issue to bypass security checks and gain unauthorized access or perform data manipulation...

7.5CVSS5.8AI score0.01015EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/10 12:0 a.m.5 views

Fickling 代码问题漏洞

Fickling is an open source decompiler and static analyzer for Python by Trail of Bits. A code issue vulnerability exists in versions prior to Fickling 0.1.7 that stems from the static analyzer failing to flag high-risk modules, which could lead to bypassing security checks and executing arbitrary...

9.3CVSS6.8AI score0.00554EPSS
Exploits1References6
Redos
Redos
added 2025/12/16 12:0 a.m.6 views

ROS-20251216-7358

A vulnerability in the Extensions component of Google Chrome and Microsoft Edge browsers is related to flaws in the implementation of security checks for standard elements. Exploitation of the vulnerability could allow an attacker acting remotely to bypass existing security restrictions...

6.5CVSS6.5AI score0.0017EPSS
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2005-4708

Malware in sbrugna...

7.5CVSS6.4AI score0.03756EPSS
Exploits1References11
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-0853

Malware in sbrugna...

7.5CVSS7.5AI score0.01404EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2006-3155

Malware in sbrugna...

7.5CVSS6.4AI score0.03123EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2025/09/29 8:2 a.m.13 views

kernel: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass

In the Linux kernel, the following vulnerability has been resolved: fs: export anoninodemakesecureinode and fix secretmem LSM bypass Export anoninodemakesecureinode to allow KVM guestmemfd to create anonymous inodes with proper security context. This replaces the current pattern of calling...

7.8CVSS6.8AI score0.00163EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/07/02 5:12 a.m.7 views

firefox: thunderbird: Incorrect parsing of URLs could have allowed embedding of youtube.com

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an embed tag. This could have bypassed website security...

6.5CVSS5.8AI score0.00285EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/07/01 9:20 p.m.5 views

firefox: thunderbird: Incorrect parsing of URLs could have allowed embedding of youtube.com

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an embed tag. This could have bypassed website security...

6.5CVSS5.8AI score0.00285EPSS
Exploits0References5
Snyk
Snyk
added 2025/06/10 9:31 p.m.3 views

Unsafe Dependency Resolution

Overview @nx/azure-cache is an A Nx plugin which provides a Nx cache which can be self hosted on Azure Blob Storage. Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the build cache process. An attacker can inject compromised artifacts into trusted production...

9.9CVSS6.6AI score0.00192EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 3:11 a.m.5 views

CVE-2023-23604

A duplicate SystemPrincipal object could be created when parsing a non-system html document via DOMParser::ParseFromSafeString. This could have lead to bypassing web security checks. This vulnerability affects Firefox 109...

6.5CVSS6.8AI score0.00463EPSS
Exploits0References1
NVD
NVD
added 2025/03/03 7:15 p.m.15 views

CVE-2025-1889

picklescan before 0.0.22 only considers standard pickle file extensions in the scope for its vulnerability scan. An attacker could craft a malicious model that uses Pickle and include a malicious pickle file with a non-standard file extension. Because the malicious pickle file inclusion is not...

9.8CVSS0.00365EPSS
Exploits2References2
BDU FSTEC
BDU FSTEC
added 2024/12/03 12:0 a.m.7 views

The vulnerability of the FileSystem component in Microsoft Edge and Google Chrome browsers allows attackers to bypass file system restrictions.

The vulnerability of the FileSystem component in Microsoft Edge and Google Chrome is related to improperly implemented security checks for standard elements. Exploiting this vulnerability allows a malicious actor to bypass file system restrictions by using a specially created HTML page...

5CVSS5.5AI score0.00277EPSS
Exploits0References12Affected Software6
OSV
OSV
added 2024/09/03 3:15 p.m.4 views

CVE-2024-7345

Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents on supported OpenEdge LTS platforms up to OpenEdge LTS 11.7.18 and LTS 12.2.13 on all supported release platforms...

9.6CVSS5.8AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/11/02 12:0 a.m.6 views

The vulnerability of Google Chrome’s Payments component allows a hacker to bypass security restrictions and gain unauthorized access to protected information.

The vulnerability of Google Chrome’s Payments component is related to improperly implemented security checks for standard elements. Exploiting this vulnerability can allow an attacker to bypass security restrictions and gain unauthorized access to protected information...

8.7CVSS6.6AI score0.011EPSS
Exploits0References10Affected Software4
BDU FSTEC
BDU FSTEC
added 2023/10/17 12:0 a.m.5 views

The vulnerability of the Extensions API of Microsoft Edge and Google Chrome browsers allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Extensions API for Microsoft Edge and Google Chrome relates to improper security checks for standard elements. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information through a specially created HTML pa...

7.8CVSS6.5AI score0.00621EPSS
Exploits0References15Affected Software7
Rows per page
Query Builder