Lucene search
K

444 matches found

OSV
OSV
added last week6 views

MAL-2026-6588 Malicious code in endpointmap (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa2ddbcbdd90508af14415a021644c1ab8a57e432b526425e4c5128b23f897bb endpointmap advertises itself as a REST endpoint registry but exhibits a two-package smuggle pattern. lib/registry.js exports two non-printable byte...

5.8AI score
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: smb: client: The split caching of bitfields in cachedfid was introduced to avoid race conditions involving shared-byte registers. The functions isopen, haslease, and onlist are stored in the same bitfield byte within the struc...

8.8CVSS5.8AI score0.00218EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/19 2:20 p.m.9 views

undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse

Impact When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, regardless of the intended destination. This cause...

8.8CVSS6.4AI score0.00315EPSS
Exploits0References5Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: fnic: Fixed a crash in fnicwqcmplhandler when FDMI times out. When both the RHBA and RPA FDMI requests time out, fnic reuses a frame to send ABTS for each of them. Upon completion of the sending process, this leads to a...

5.5CVSS5.7AI score0.00129EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: sfc: Fixed the TX channel offset when using legacy interrupts. In the legacy interrupt mode, the txchanneloffset was hardcoded to 1, but this is incorrect if efxsepparatetxChannels is set to false. In that case, the offset is 0...

5.5CVSS5.3AI score0.00226EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: sfc: fixed the issue where all channels had TX queues. Normally, all channels have both RX and TX queues. However, this is not true when modparam efxseparatetxchannels=1 is used. In such cases, some channels only have RX queue...

5.5CVSS5.9AI score0.00252EPSS
Exploits0References2
OSV
OSV
added 2026/06/01 9:16 a.m.8 views

PYSEC-2026-181

A Dag author could either a create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process read-path attack — e.g. /etc/passwd or airflow.cfg or b supply a taskid containing .. sequences accepted by the Task SDK's KEYREGEX write-path attack, and...

6.5CVSS5.9AI score0.00665EPSS
Exploits0References3
PyPA
PyPA
added 2026/06/01 9:16 a.m.9 views

PYSEC-0000-CVE-2026-40861

A Dag author could either a create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process read-path attack — e.g. /etc/passwd or airflow.cfg or b supply a taskid containing .. sequences accepted by the Task SDK's KEYREGEX write-path attack, and...

6.5CVSS5.9AI score0.00665EPSS
Exploits0References3Affected Software1
PyPA
PyPA
added 2026/06/01 9:16 a.m.17 views

PYSEC-2026-181

A Dag author could either a create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process read-path attack — e.g. /etc/passwd or airflow.cfg or b supply a taskid containing .. sequences accepted by the Task SDK's KEYREGEX write-path attack, and...

6.5CVSS5.9AI score0.00665EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/01 7:55 a.m.13 views

EUVD-2026-33598

A Dag author could either a create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process read-path attack — e.g. /etc/passwd or airflow.cfg or b supply a taskid containing .. sequences accepted by the Task SDK's KEYREGEX write-path attack, and...

5.9AI score0.00665EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 7:55 a.m.9 views

CVE-2026-40861

A Dag author could either a create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process read-path attack — e.g. /etc/passwd or airflow.cfg or b supply a taskid containing .. sequences accepted by the Task SDK's KEYREGEX write-path attack, and...

5.9AI score0.00665EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.12 views

PT-2026-45974

A Dag author could either a create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process read-path attack — e.g. /etc/passwd or airflow.cfg or b supply a task id containing .. sequences accepted by the Task SDK's KEY REGEX write-path attack, a...

6.5CVSS5.9AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.14 views

PT-2026-45363

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.2.2 Description A flaw in the FileTaskHandler allows a DAG author to access or modify files outside the configured base log folder when the worker log folder is shared with the API server. This can be achieve...

6.5CVSS5.5AI score0.00665EPSS
Exploits0References8
Fedora
Fedora
added 2026/05/30 12:55 a.m.14 views

[SECURITY] Fedora 44 Update: djvulibre-3.5.30-1.fc44

DjVu is a web-centric format and software platform for distributing documents and images. DjVu can advantageously replace PDF, PS, TIFF, JPEG, and GIF for distributing scanned documents, digital documents, or high-resolution picture s. DjVu content downloads faster, displays and renders faster,...

8.4CVSS7AI score0.00741EPSS
Exploits0
OSV
OSV
added 2026/05/29 10:4 p.m.16 views

MAL-2026-5067 Malicious code in ethers-hdnode (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7fc28c232270f2534095dbfbc320845737c981a075ca9d542c2482d82a23a85d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/28 3:52 a.m.9 views

SUSE CVE-2026-46091

In the Linux kernel, the following vulnerability has been resolved: media: rc: igorplugusb: heed coherency rules In a control request, the USB request structure can be subject to DMA on some HCs. Hence it must obey the rules for DMA coherency. Allocate it separately...

3.3CVSS5.7AI score0.00122EPSS
Exploits0References3
NVD
NVD
added 2026/05/27 2:17 p.m.18 views

CVE-2026-46091

In the Linux kernel, the following vulnerability has been resolved: media: rc: igorplugusb: heed coherency rules In a control request, the USB request structure can be subject to DMA on some HCs. Hence it must obey the rules for DMA coherency. Allocate it separately...

5.5CVSS0.00122EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/27 12:58 p.m.7 views

CVE-2026-46091

In the Linux kernel, the following vulnerability has been resolved: media: rc: igorplugusb: heed coherency rules In a control request, the USB request structure can be subject to DMA on some HCs. Hence it must obey the rules for DMA coherency. Allocate it separately...

5.8AI score0.00122EPSS
Exploits0References9Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/26 10:48 p.m.7 views

CVE-2026-46740 Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections

Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Version 0.06 changes the module from being a stats...

5.8AI score0.00326EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/26 10:48 p.m.10 views

CVE-2026-46740

Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Version 0.06 changes the module from being a stats...

8.2CVSS5.8AI score0.00344EPSS
Exploits0References4
Rows per page
Query Builder