Lucene search
K

10980 matches found

EUVD
EUVD
added 2026/06/25 3:0 p.m.5 views

EUVD-2026-39432

3X-UI is a web control panel for managing Xray-core servers. Prior to 3.3.1, an authenticated administrator can abuse the database import functionality to achieve arbitrary file write on the host by modifying Xray configuration values stored in the database. This can be leveraged to obtain code...

7.2CVSS6.4AI score0.00342EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 2:16 p.m.7 views

CVE-2026-42389

This fix provides extra hardening for the 5.4.x branch by doing extra validation of incoming answers from authoritative servers...

5.3CVSS0.00175EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 1:16 p.m.30 views

CVE-2026-42389 Reject more queries with invalid header values

This fix provides extra hardening for the 5.4.x branch by doing extra validation of incoming answers from authoritative servers...

5.3CVSS0.00175EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:16 p.m.8 views

EUVD-2026-39388

This fix provides extra hardening for the 5.4.x branch by doing extra validation of incoming answers from authoritative servers...

5.3CVSS5.8AI score0.00175EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 1:16 p.m.8 views

CVE-2026-42389

This fix provides extra hardening for the 5.4.x branch by doing extra validation of incoming answers from authoritative servers...

5.3CVSS5.8AI score0.00175EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/25 1:16 p.m.5 views

CVE-2026-42389

This fix provides extra hardening for the 5.4.x branch by doing extra validation of incoming answers from authoritative servers...

5.3CVSS5.8AI score0.00175EPSS
Exploits0
CVE
CVE
added 2026/06/25 1:16 p.m.15 views

CVE-2026-42389

CVE-2026-42389 fixes an issue by adding extra hardening in the 5.4.x branch through enhanced validation of incoming answers from authoritative servers (no exploited details provided in the documents).

5.3CVSS5.8AI score0.00175EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 6:32 p.m.5 views

EUVD-2026-38826

In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in osdmapdecode When decoding osdstate and osdweight from an incoming osdmap in osdmapdecode, both are decoded for each osd, i.e., map-maxosd times. The cephdecodeneed check only accoun...

5.7AI score0.00544EPSS
Exploits0References9
NVD
NVD
added 2026/06/23 5:16 p.m.8 views

CVE-2026-12958

Missing symlink validation in Language Servers for AWS may allow an arbitrary file write outside of the workspace trust boundary. This may occur when a local user opens a workspace with a maliciously crafted symlink that resolves to a file path outside the workspace trust boundary. To remediate...

8.5CVSS0.00142EPSS
Exploits0References2
NVD
NVD
added 2026/06/23 5:16 p.m.13 views

CVE-2026-12957

Improper trust boundary enforcement in Language Servers for AWS before version 1.65.0 on all supported platforms may allow a for arbitrary code execution. If a local user opens a maliciously crafted workspace, any commands within the project configuration files may be automatically executed. This...

8.5CVSS0.00118EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/23 4:3 p.m.30 views

CVE-2026-12958 Arbitrary file write in Language Servers for AWS

Missing symlink validation in Language Servers for AWS may allow an arbitrary file write outside of the workspace trust boundary. This may occur when a local user opens a workspace with a maliciously crafted symlink that resolves to a file path outside the workspace trust boundary. To remediate...

8.5CVSS0.00142EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 4:3 p.m.11 views

EUVD-2026-38489

Missing symlink validation in Language Servers for AWS may allow an arbitrary file write outside of the workspace trust boundary. This may occur when a local user opens a workspace with a maliciously crafted symlink that resolves to a file path outside the workspace trust boundary. To remediate...

8.5CVSS6AI score0.00142EPSS
Exploits0References2
CVE
CVE
added 2026/06/23 4:3 p.m.25 views

CVE-2026-12958

CVE-2026-12958 affects Language Servers for AWS due to missing symlink validation, allowing arbitrary file write outside the workspace trust boundary when a user opens a workspace containing a crafted symlink. The issue is reported across multiple sources (CVE entry, NVD, and related databases). ...

8.5CVSS6AI score0.00142EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 4:2 p.m.21 views

EUVD-2026-38488

Improper trust boundary enforcement in Language Servers for AWS before version 1.65.0 on all supported platforms may allow a for arbitrary code execution. If a local user opens a maliciously crafted workspace, any commands within the project configuration files may be automatically executed. This...

8.5CVSS6.1AI score0.00118EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/23 4:2 p.m.67 views

CVE-2026-12957 Arbitrary Code Execution in Language Servers for AWS

Improper trust boundary enforcement in Language Servers for AWS before version 1.65.0 on all supported platforms may allow a for arbitrary code execution. If a local user opens a maliciously crafted workspace, any commands within the project configuration files may be automatically executed. This...

8.5CVSS0.00118EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/23 4:2 p.m.6 views

CVE-2026-12957

Improper trust boundary enforcement in Language Servers for AWS before version 1.65.0 on all supported platforms may allow a for arbitrary code execution. If a local user opens a maliciously crafted workspace, any commands within the project configuration files may be automatically executed. This...

8.5CVSS6.1AI score0.00118EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.12 views

PT-2026-51547

Name of the Vulnerable Software and Affected Versions Language Servers for AWS versions prior to 1.65.0 Description Improper trust boundary enforcement in the Model Context Protocol MCP server configurations within Amazon Q Developer allows for arbitrary code execution. If a local user opens a...

8.5CVSS6.4AI score0.00118EPSS
Exploits0References23
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.8 views

PT-2026-51548

Name of the Vulnerable Software and Affected Versions Language Servers for AWS versions prior to 1.69.0 Description Missing symlink validation may allow an arbitrary file write outside of the workspace trust boundary. This occurs when a local user opens a workspace containing a maliciously crafte...

8.5CVSS5.9AI score0.00142EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/06/22 9:57 p.m.5 views

CVE-2026-48746

vLLM is an inference and serving engine for large language models LLMs. From 0.3.0 until 0.22.0, a vulnerability in ASGI web servers and starlette's trust on those web servers enables an authentication bypass of the OpenAI API AuthenticationMiddleware. It allows to use the API without providing t...

9.1CVSS5.9AI score0.01014EPSS
Exploits0References4Affected Software1
The Hacker News
The Hacker News
added 2026/06/22 11:58 a.m.10 views

Stop Your Legacy Infrastructure from Hijacking Your AI Agents

Earlier this month, I spoke at the Gartner Security & Risk Management Summit about a blind spot most security programs are still not accounting for - how attackers are circumventing AI security programs by using legacy infrastructure to hijack AI agents. AI adoption is moving faster than security...

10CVSS7AI score0.99945EPSS
Exploits46
Rows per page
Query Builder