Lucene search
+L

12839 matches found

CVE
CVE
added 2026/06/22 2:55 p.m.69 views

CVE-2026-53655

node-tar (node-tar) before version 7.5.16 is vulnerable: it applies a PAX extended header size override to the next header entry, including intermediary L/K/x headers, which desynchronizes the stream cursor from other tar implementations. This yields a tar-parser interpretation differential (CWE-...

6.9CVSS5.9AI score0.00107EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.18 views

PT-2026-51449

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description An issue exists where webhooks follow redirects, allowing access to hostnames within localCIDRs Internet Protocol address ranges used for local networks. This leads to Server Side Request Forgery SSRF,...

8.3CVSS7.2AI score0.00402EPSS
Exploits0References9
OSV
OSV
added 2026/06/19 9:42 p.m.12 views

GHSA-6VXV-WG6J-5QWP Gogs: XSS in .ipynb files renderer due to outdated notebookjs

Summary Gogs renders Jupyter notebook files .ipynb using jsvine/notebookjs, but the version is outdated, missing patches for known XSS vulnerabilities. Details Gogs uses version 0.4.2 of notebookjs to render Jupyter notebook files:...

8.5CVSS5.8AI score
Exploits0References2
CVE
CVE
added 2026/06/18 6:4 a.m.24 views

CVE-2026-55741

Cotonti 1.0.0 (master, commit f43f1fc3) is vulnerable to Cross-Site Request Forgery in the admin configuration handler. The vulnerability occurs in system/admin/admin.config.php where the update action (a=update) processes POST data via cot_config_update_options() without calling cot_check_xg() t...

8.8CVSS5.6AI score0.00176EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 3:12 a.m.11 views

Malicious code in @mastra/s3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 69bd7442a33e88350e5a804e238625a967b16df137b4b1623cd6a0587d25dc21 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/17 3:11 a.m.49 views

MAL-2026-5963 Malicious code in @mastra/schema-compat (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3037c66f9c4357ce9a1c2ec848e86eeef189f1b1a2c3f9f6c891963cf60049c0 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
Cvelist
Cvelist
added 2026/06/16 7:27 p.m.22 views

CVE-2026-46838

...

9.9CVSS0.00411EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 5:16 p.m.16 views

CVE-2026-12003

To allow builds of Python to be run from an in-tree layout rather than an installed file layout, the VPATH variable is defined at build time and used to locate certain landmarks - specifically, Modules/setup.local. When this landmark is found relative to VPATH relative to the executable, Python...

5.3CVSS0.00136EPSS
Exploits0References8
Chainguard
Chainguard
added 2026/06/16 2:16 p.m.12 views

CVE-2026-12009 vulnerabilities

Vulnerabilities for packages: chromium...

8.3CVSS5.1AI score0.00246EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.14 views

PT-2026-50162

Name of the Vulnerable Software and Affected Versions Caddy versions prior to 2.11.4 Description Caddy is an extensible server platform that uses TLS by default. The stripHTML template function, specifically within the funcStripHTML function, cannot reliably remove all HTML tags from input string...

4.2CVSS6AI score0.00153EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2026/06/15 8:56 p.m.25 views

Nuxt: Dev server discloses project absolute path and persistent workspace UUID via `/.well-known/appspecific/com.chrome.devtools.json`

Summary When running nuxt dev, Nuxt registers an unauthenticated route at /.well-known/appspecific/com.chrome.devtools.json that returns the absolute filesystem path of the project root and a per-project UUID persisted to nodemodules/.cache/nuxt/chrome-workspace.json. The route is enabled by...

5.5AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 8:38 p.m.16 views

Starlette: Unvalidated request path concatenated into authority poisons request.url.hostname

Summary In affected versions, the HTTP request path is not validated before being used to reconstruct request.url. Because request.url is rebuilt by concatenating scheme://hostpath and re-parsing the result, a path that does not begin with / for example @google.com moves the authority boundary...

5.3CVSS5.5AI score0.00187EPSS
Exploits0References4Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 9:40 a.m.16 views

Malicious code in ckanext-dms (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5bce6d55a65fbab98cd93d6109b563f49e9557b542a8b9c2fd68e25755b7089e Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.6AI score
Exploits0References1
Redos
Redos
added 2026/06/15 12:0 a.m.9 views

ROS-20260615-73-0012

The vulnerability of the planardecompressplanerle function in the FreeRDP RDP client is related to data writing beyond the specified buffer. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...

8.8CVSS7.8AI score0.00591EPSS
Exploits1
NVD
NVD
added 2026/06/12 7:16 p.m.30 views

CVE-2026-50101

Naxclow devices use a server-side, per-device relay credential that never rotates and is re-issued to the device on each boot. Because this credential remains valid indefinitely and cannot be reset or revoked by the legitimate owner, any party that obtains it through any exposure path can maintai...

9.2CVSS0.00281EPSS
Exploits0References2
OSV
OSV
added 2026/06/12 3:8 p.m.8 views

GHSA-6964-PP88-6WP9 Budibase: SSRF via User-Controlled queryId in Automation Execute Query Step

Summary The executeQuery automation step in Budibase accepts a queryId from automation step inputs and passes it directly to the query execution controller without additional validation. When combined with a REST datasource configured to target internal infrastructure, this creates a server-side...

5.1CVSS5.9AI score0.00329EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/12 3:1 p.m.9 views

EUVD-2026-36476

The Aqara IAM/SSO gateway gw-builder.aqara.com exposes bidirectional AES round-trups against the platform's signing key without authentication. This is an instance of "CWE-306: Missing Authentication for Critical Function" and "CWE-327: Use of a Broken or Risky Cryptographic Algorithm," and has a...

10CVSS5.2AI score0.0029EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/12 2:49 p.m.12 views

CVE-2026-47190 IPAM controller service account granted unnecessary full access to Secrets

IPAM is the IP address Manager for Cluster API Provider Metal3. Prior to versions 1.11.7, 1.12.4, and 1.13.0, the IPAM controller's ClusterRole granted full CRUD permissions create, delete, get, list, patch, update, watch on core/v1 Secrets. The controller never accesses Secrets during normal...

4.4CVSS5.2AI score0.00333EPSS
Exploits0References4
OSV
OSV
added 2026/06/12 2:49 p.m.3 views

CVE-2026-47190 IPAM controller service account granted unnecessary full access to Secrets

IPAM is the IP address Manager for Cluster API Provider Metal3. Prior to versions 1.11.7, 1.12.4, and 1.13.0, the IPAM controller's ClusterRole granted full CRUD permissions create, delete, get, list, patch, update, watch on core/v1 Secrets. The controller never accesses Secrets during normal...

4.4CVSS5.9AI score0.00333EPSS
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 2:9 p.m.14 views

Malicious code in zatzdbai (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ee421570e1dd748a4953205977d4b902c65acae47ebf90a91ba8c5c86a9961f3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
Rows per page
Query Builder