Lucene search
K

256549 matches found

CVE
CVE
added 3 hours ago7 views

CVE-2026-55379

Pillow (Python imaging library) is affected by CVE-2026-55379. In older releases, PIL/BdfFontFile.py:bdf_char() read BBX width/height from a BDF font and passed attacker-controlled values to Image.new() without invoking Image._decompression_bomb_check(), bypassing the library’s decompression bomb...

7.5CVSS6AI score
Exploits0References3
Cvelist
Cvelist
added 3 hours ago5 views

CVE-2026-55380 Pillow GdImageFile decompression bomb protection bypass

Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile.open read image dimensions from the GD 2.x header and stored them in self.size without calling Image.decompressionbombcheck, allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This iss...

7.5CVSS
Exploits0References3
Circl
Circl
added 5 hours ago6 views

CVE-2026-7185

creationtimestamp| type| source ---|---|--- 2026-07-06 16:25:56+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpyixcoksd27...

6CVSS5.9AI score
Exploits0References1
OSV
OSV
added 6 hours ago5 views

BIT-PYTHON-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()

Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...

7.1CVSS5.8AI score0.0029EPSS
Exploits0References57
CVE
CVE
added 6 hours ago8 views

CVE-2026-59195

CVE-2026-59195 affects pnpm prior to versions 10.34.4 and 11.8.0. The issue arises when pnpm reads package names from the env lockfile’s configDependencies section and uses those names directly to create config dependency symlinks under node_modules/.pnpm-config. A crafted pnpm-lock.yaml with a t...

8.2CVSS6AI score
Exploits0References1
Cvelist
Cvelist
added 7 hours ago7 views

CVE-2026-54893 Email-derived URL path injection in the Swoosh Microsoft Graph adapter

URL path injection in the Microsoft Graph adapter of Swoosh. Swoosh.Adapters.MsGraph builds its Microsoft Graph API request URL by interpolating the sender's email address into the URL path /users/from/sendMail without percent-encoding or validation. In applications that derive the from address...

2.1CVSS
Exploits0References4
OSV
OSV
added 10 hours ago6 views

ROOT-APP-NPM-CVE-2026-25639 CVE-2026-25639 in @rootio/axios - Patched by Root

Root has patched CVE-2026-25639 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

7.5CVSS5.4AI score0.02591EPSS
Exploits1
OSV
OSV
added 10 hours ago9 views

ROOT-APP-NPM-CVE-2026-44487 CVE-2026-44487 in @rootio/axios - Patched by Root

Root has patched CVE-2026-44487 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

8.2CVSS5.4AI score0.00689EPSS
Exploits1
OSV
OSV
added 10 hours ago9 views

ROOT-APP-NPM-CVE-2026-44488 CVE-2026-44488 in @rootio/axios - Patched by Root

Root has patched CVE-2026-44488 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

7.5CVSS5.4AI score0.0063EPSS
Exploits1
OSV
OSV
added 10 hours ago10 views

ROOT-APP-NPM-CVE-2026-44494 CVE-2026-44494 in @rootio/axios - Patched by Root

Root has patched CVE-2026-44494 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

8.7CVSS5.4AI score0.01041EPSS
Exploits1
NVD
NVD
added 10 hours ago6 views

CVE-2026-46588

Improper Input Validation vulnerability in Apache Camel. This issue affects Apache Camel: through 4.14.7, from 4.15.0 through 4.18.2, from 4.19.0 through 4.20.0. Users are recommended to upgrade to version 4.14.8, 4.18.3, 4.21.0, which fixes the issue...

7.3CVSS
Exploits0References1
OSV
OSV
added 11 hours ago15 views

ROOT-APP-PYPI-CVE-2026-45134 CVE-2026-45134 in rootio-langsmith - Patched by Root

Root has patched CVE-2026-45134 in the rootio-langsmith package for Root:PyPI. Multiple fixed versions available...

7.1CVSS5.8AI score0.00199EPSS
Exploits0
OSV
OSV
added 12 hours ago10 views

ROOT-APP-PYPI-CVE-2026-47265 CVE-2026-47265 in rootio-aiohttp - Patched by Root

Root has patched CVE-2026-47265 in the rootio-aiohttp package for Root:PyPI. Multiple fixed versions available...

8.7CVSS5.2AI score0.0015EPSS
Exploits0
OSV
OSV
added 12 hours ago10 views

ROOT-APP-PYPI-CVE-2026-34517 CVE-2026-34517 in rootio-aiohttp - Patched by Root

Root has patched CVE-2026-34517 in the rootio-aiohttp package for Root:PyPI. Multiple fixed versions available...

5.3CVSS5.8AI score0.00384EPSS
Exploits0
OSV
OSV
added 12 hours ago3 views

ROOT-APP-PYPI-CVE-2026-54278 CVE-2026-54278 in rootio-aiohttp - Patched by Root

Root has patched CVE-2026-54278 in the rootio-aiohttp package for Root:PyPI. Multiple fixed versions available...

8.7CVSS5.8AI score0.00279EPSS
Exploits0
OSV
OSV
added 12 hours ago8 views

ROOT-APP-PYPI-CVE-2025-69225 CVE-2025-69225 in rootio-aiohttp - Patched by Root

Root has patched CVE-2025-69225 in the rootio-aiohttp package for Root:PyPI. Multiple fixed versions available...

5.3CVSS7.2AI score0.00236EPSS
Exploits0
NVD
NVD
added 12 hours ago7 views

CVE-2026-49099

Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection', Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel Salesforce Component. The camel-salesforce producer resolves its operation parameters - the SOQL query, the SOSL search,...

Exploits0References2
NVD
NVD
added 12 hours ago8 views

CVE-2026-49086

Improper Input Validation, Unintended Proxy or Intermediary 'Confused Deputy' vulnerability in Apache Camel DAPR component. The camel-dapr Dapr Pub/Sub consumer DaprPubSubConsumer copied two fields from each inbound CloudEvent - its Pub/Sub component name and its topic - into the...

6.5CVSS
Exploits0References2
NVD
NVD
added 12 hours ago6 views

CVE-2026-46454

Improper Input Validation vulnerability in Apache Camel Cometd Component. The camel-cometd component maps inbound Bayeux CometD message headers into the Camel Exchange without applying a HeaderFilterStrategy. CometdBinding.populateExchangeFromMessage copies the entire ext.CamelHeaders map supplie...

9.8CVSS
Exploits0References2
NVD
NVD
added 12 hours ago4 views

CVE-2026-46584

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Camel Mail Component. The camel-mail producer MailProducer.getSender scanned the outgoing Exchange for message headers in the mail.smtp. / mail.smtps. namespace and, when any were present...

3.7CVSS
Exploits0References2
Rows per page
Query Builder