Lucene search
+L

796 matches found

CVE
CVE
added 2 days ago18 views

CVE-2026-48819

CVE-2026-48819 affects the Hey API openapi-ts code generator. Prior to version 0.97.3, the generated template in dist/clients/core/params.ts copies a runtime template into SDKs (params.gen.ts). The function buildClientParams writes unknown keys with slot prefixes (notably $query_) directly into s...

4.8CVSS5.3AI score0.00352EPSS
Exploits0References4
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-48819 Hey API: `buildClientParams` template: prototype chain substitution via unknown `$<slot>___proto__` key

Hey API is an ecosystem for turning API specifications into production-ready code. Prior to 0.97.3, dist/clients/core/params.ts ships a runtime template copied into generated SDKs as params.gen.ts, and buildClientParams writes unknown slot-prefixed keys such as $body, $headers, $path, and $query...

4.8CVSS0.00352EPSS
Exploits0References4
NVD
NVD
added 2 days ago8 views

CVE-2026-49212

Symfony UX is a JavaScript ecosystem for Symfony. From 2.8.0 until 2.36.0 and 3.1.0, the HMAC computed by Symfony\UX\LiveComponent\LiveComponentHydrator covered only sorted prop key/value pairs and did not include the component name, the slot identifier props vs propsFromParent, or request contex...

6.9CVSS0.0018EPSS
Exploits0References4
Cvelist
Cvelist
added 2 days ago35 views

CVE-2026-49212 Symfony UX: LiveComponentHydrator HMAC checksum lacks component and slot binding

Symfony UX is a JavaScript ecosystem for Symfony. From 2.8.0 until 2.36.0 and 3.1.0, the HMAC computed by Symfony\UX\LiveComponent\LiveComponentHydrator covered only sorted prop key/value pairs and did not include the component name, the slot identifier props vs propsFromParent, or request contex...

6.9CVSS0.0018EPSS
Exploits0References4
CVE
CVE
added 2 days ago28 views

CVE-2026-49212

The CVE-2026-49212 issue affects Symfony UX LiveComponent: the HMAC used to protect read-only props and the propsFromParent blob did not bind to component name, slot, or request context, allowing a signed blob for one component/slot to be replayed on another and potentially set a read-only prop. ...

6.9CVSS5.2AI score0.0018EPSS
Exploits0References4
NVD
NVD
added 3 days ago7 views

CVE-2026-44434

Quicly is an IETF QUIC protocol implementation intended primarily for use within the H2O HTTP server. Prior to commit dccf5d4, Quicly was vulnerable to stateless reset injection through lack of packet entry validation. The QUIC protocol is designed to withstand packet injection attacks, once the...

5.3CVSS0.00147EPSS
Exploits0References2
OSV
OSV
added 5 days ago6 views

MAL-2026-10540 Malicious code in postcss-processor-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0253c4f750443ba47f0ab61347fa85a1659b847190a85757575e904966636da On require, src/index.js loads src/token-loader.js, which reads data/design-tokens.json, XOR-decodes the base64 blobs under encrypted.chunks using a...

6.1AI score
Exploits0References5
OSV
OSV
added 2026/07/09 12:49 p.m.2 views

OESA-2026-2898 graphite2 security update

Graphite is a system that can be used to create “smart fonts” capable of displaying writing systems with various complex behaviors. A smart font contains not only letter shapes but also additional instructions indicating how to combine and position the letters in complex ways. Security Fixes:...

7.3CVSS6.1AI score0.00112EPSS
Exploits0References2
OSV
OSV
added 2026/07/04 12:17 p.m.8 views

UBUNTU-CVE-2026-53359

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected role Commit 0cb2af2ea66ad "KVM: x86: Fix shadow paging use-after-free due to unexpected GFN" fixed a shadow paging mismatch between stored and computed GFNs; the bug...

8.8CVSS6AI score0.0012EPSS
Exploits5References10
Cvelist
Cvelist
added 2026/07/04 11:51 a.m.116 views

CVE-2026-53359 KVM: x86: Fix shadow paging use-after-free due to unexpected role

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected role Commit 0cb2af2ea66ad "KVM: x86: Fix shadow paging use-after-free due to unexpected GFN" fixed a shadow paging mismatch between stored and computed GFNs; the bug...

8.8CVSS0.0012EPSS
Exploits5References6
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.15 views

PT-2026-55206

Name of the Vulnerable Software and Affected Versions @hey-api/openapi-ts versions prior to 0.97.3 Description An issue exists in the dist/clients/core/params.ts file, which is used as a runtime template in generated SDKs. The buildClientParams function fails to validate unknown keys that start...

4.8CVSS5.4AI score0.00352EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/30 1:16 p.m.2 views

rpm: heap buffer overflow in NDB slot table parsing

No description is available for this CVE...

6.1AI score
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/30 1:29 a.m.10 views

CVE-2026-53324

In the Linux kernel, the following vulnerability has been resolved: net: mana: Use pciname for debugfs directory naming Use pcinamepdev for the per-device debugfs directory instead of hardcoded "0" for PFs and pcislotnamepdev-slot for VFs. The previous approach had two issues: 1. pcislotname...

5.5CVSS5.7AI score0.00115EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-53324

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: mana: Use pciname for debugfs directory naming Use pcinamepdev for the per-device debugfs directory instead of hardcoded 0 for PFs and pcislotnamepdev-slot...

5.5CVSS6AI score0.00115EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/28 1:8 a.m.10 views

SUSE CVE-2026-53324

In the Linux kernel, the following vulnerability has been resolved: net: mana: Use pciname for debugfs directory naming Use pcinamepdev for the per-device debugfs directory instead of hardcoded "0" for PFs and pcislotnamepdev-slot for VFs. The previous approach had two issues: 1. pcislotname...

5.8AI score0.00115EPSS
Exploits0References3
OSV
OSV
added 2026/06/26 8:17 p.m.3 views

DEBIAN-CVE-2026-53324

In the Linux kernel, the following vulnerability has been resolved: net: mana: Use pciname for debugfs directory naming Use pcinamepdev for the per-device debugfs directory instead of hardcoded "0" for PFs and pcislotnamepdev-slot for VFs. The previous approach had two issues: 1. pcislotname...

5.5CVSS5.7AI score0.00115EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 2:15 p.m.11 views

Malicious code in ts-einkle-slot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f565a21645ed6a288a820dea60e648589a5cca95a91b2c90720f3d2bcadca73b Package is published as ts-einkle-slot but its tarball contents source, README, LICENCE, package.json author/repository/description are copied verbat...

5.8AI score
Exploits0References6
OSV
OSV
added 2026/06/26 2:15 p.m.8 views

MAL-2026-6525 Malicious code in ts-einkle-slot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f565a21645ed6a288a820dea60e648589a5cca95a91b2c90720f3d2bcadca73b Package is published as ts-einkle-slot but its tarball contents source, README, LICENCE, package.json author/repository/description are copied verbat...

5.8AI score
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/26 7:47 a.m.10 views

CVE-2026-53277

A flaw was found in the Kernel-based Virtual Machine KVM component of the Linux kernel on arm64 architectures. This vulnerability occurs because certain page table walk operations, used in fault injection and Address Translation AT emulation, do not properly acquire a Sleepable Read-Copy Update...

8.8CVSS5.8AI score0.00114EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/26 2:14 a.m.6 views

SUSE CVE-2026-52969

In the Linux kernel, the following vulnerability has been resolved: KVM: Reject wrapped offset in kvmresetdirtygfn kvmresetdirtygfn guards the gfn range with if !memslot || offset + flsmask = memslot-npages return; but offset is u64 and the addition is unchecked. The check can be silently bypasse...

7.8CVSS5.8AI score0.00152EPSS
Exploits0References13
Rows per page
Query Builder