Lucene search
K

1713 matches found

Vulnrichment
Vulnrichment
added 2026/05/19 9:25 a.m.11 views

CVE-2026-46725 Remote Code Execution in extension "Content Element Selector" (ceselector)

The extension passes an attacker-controlled cookie directly to PHP's unserialize without safely processing the input. A remote, unauthenticated attacker can supply a crafted serialized payload to trigger PHP Object Injection, leading to Remote Code Execution on the TYPO3 server. Exploitation...

9.2CVSS5.8AI score0.02306EPSS
Exploits1References1
NVD
NVD
added 2026/05/19 7:16 a.m.26 views

CVE-2026-47309

Uncontrolled Recursion vulnerability in Samsung Open Source Escargot allows Oversized Serialized Data Payloads. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3...

7.5CVSS0.00266EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/19 4:47 a.m.7 views

CVE-2026-47309

Uncontrolled Recursion vulnerability in Samsung Open Source Escargot allows Oversized Serialized Data Payloads. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3...

5.5CVSS5.8AI score0.00266EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/19 4:47 a.m.48 views

CVE-2026-47309

Uncontrolled Recursion vulnerability in Samsung Open Source Escargot allows Oversized Serialized Data Payloads. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3...

5.5CVSS0.00266EPSS
Exploits0References1
CVE
CVE
added 2026/05/19 4:47 a.m.19 views

CVE-2026-47309

Technical details for CVE-2026-47309 are not publicly available in the provided documents. Monitor for updates.

7.5CVSS5.8AI score0.00266EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/05/19 4:47 a.m.11 views

EUVD-2026-30839

Uncontrolled Recursion vulnerability in Samsung Open Source Escargot allows Oversized Serialized Data Payloads. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3...

5.5CVSS5.8AI score0.00266EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.13 views

PT-2026-41828

Name of the Vulnerable Software and Affected Versions Escargot version 590345cc6258317c5da850d846ce6baaf2afc2d3 Description Uncontrolled Recursion allows the processing of oversized serialized data payloads. Recommendations At the moment, there is no information about a newer version that contain...

7.5CVSS5.4AI score0.00266EPSS
Exploits0References6
OSV
OSV
added 2026/05/18 10:1 a.m.5 views

OPENSUSE-SU-2026:20776-1 Security update for valkey

This update for valkey fixes the following issues - CVE-2025-67733: data tampering and denial of service via improper null character handling in Lua scripts bsc1258746. - CVE-2026-21863: denial of service via invalid clusterbus packet bsc1258788. - CVE-2026-23479: use-after-free in unblock client...

8.8CVSS6.4AI score0.02995EPSS
Exploits4References10
SUSE Linux
SUSE Linux
added 2026/05/18 7:51 a.m.9 views

Security update for valkey

This update for valkey fixes the following issues CVE-2026-23479: use-after-free in unblock client flow may lead to remote code execution bsc1264164. CVE-2026-23631: Lua use-after-free via the master-replica synchronization mechanism may lead to remote code execution bsc1264165. CVE-2026-25243:...

7.7CVSS6.5AI score0.02995EPSS
Exploits4References12
OSV
OSV
added 2026/05/18 7:51 a.m.4 views

SUSE-SU-2026:1949-1 Security update for valkey

This update for valkey fixes the following issues - CVE-2026-23479: use-after-free in unblock client flow may lead to remote code execution bsc1264164. - CVE-2026-23631: Lua use-after-free via the master-replica synchronization mechanism may lead to remote code execution bsc1264165. -...

8.8CVSS6.4AI score0.02995EPSS
Exploits4References7
Snyk
Snyk
added 2026/05/15 6:7 p.m.9 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the FileSystemTicketStore process. An attacker can read and unserialize files outside the intended directory, and conditionally delete files, by supplying crafted path traversal sequences in public CAS validation...

8.8CVSS6.3AI score0.00422EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/13 4:26 a.m.6 views

CVE-2026-7635

The coreActivity: Activity Logging for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0. This is due to the plugin failing to validate or strip PHP serialization syntax from the User-Agent HTTP header before storing it in the logmeta...

8.1CVSS5.8AI score0.00481EPSS
Exploits0References13
Github Security Blog
Github Security Blog
added 2026/05/11 3:56 p.m.30 views

Next.js has cross-site scripting in beforeInteractive scripts with untrusted input

Impact Applications that use beforeInteractive scripts together with untrusted content can be vulnerable to cross-site scripting. In affected versions, serialized script content was not escaped safely before being embedded into the document, which could allow attacker-controlled input to break ou...

6.1CVSS5.7AI score0.00205EPSS
Exploits0References5Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/10 8:29 p.m.10 views

Malicious code in django-b64-img (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f5ebdaebc61cf7a888322348e074f219519b7d09a24ab91732d8bc5061d86b2e The package provides a special image-storing field for Django REST Framework based on a legitimate implementation from the Hipo/drf-extra-fields repository. Th...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/10 8:29 p.m.9 views

MAL-2026-3413 Malicious code in django-b64-img (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f5ebdaebc61cf7a888322348e074f219519b7d09a24ab91732d8bc5061d86b2e The package provides a special image-storing field for Django REST Framework based on a legitimate implementation from the Hipo/drf-extra-fields repository. Th...

5.8AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/09 2:21 a.m.10 views

CVE-2025-69690

Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing the postrebootcommands property. NOTE: the Supplier disputes this because this installer is only available to admins and they are intentionally allowed to execut...

9.1CVSS6.3AI score0.00634EPSS
Exploits4References1
EUVD
EUVD
added 2026/05/08 9:31 a.m.47 views

EUVD-2025-209738

Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing the postrebootcommands property. NOTE: the Supplier disputes this because this installer is only available to admins and they are intentionally allowed to execut...

9.1CVSS6.3AI score0.00634EPSS
Exploits4References3
NVD
NVD
added 2026/05/08 7:16 a.m.44 views

CVE-2025-69690

Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing the postrebootcommands property. NOTE: the Supplier disputes this because this installer is only available to admins and they are intentionally allowed to execut...

9.1CVSS0.00634EPSS
Exploits4References2
Packet Storm News
Packet Storm News
added 2026/05/08 12:0 a.m.8 views

Hard to Read, Easy to Jailbreak: How Visual Degradation Bypasses MLLM Safety Alignment

Recent advancements in visual context compression enable MLLMs to process ultra-long contexts efficiently by rendering text into images. However, we identify a critical vulnerability inherent to this paradigm: lowering image resolution inadvertently catalyzes jailbreaking. Our experiments reveal...

5.8AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/08 12:0 a.m.8 views

CVE-2025-69690

Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing the postrebootcommands property. NOTE: the Supplier disputes this because this installer is only available to admins and they are intentionally allowed to execut...

6.3AI score0.00634EPSS
Exploits4References3
Rows per page
Query Builder