Lucene search
K

1337 matches found

ATTACKERKB
ATTACKERKB
added 4 days ago4 views

CVE-2026-48955

An improper access check allows unauthorized users to access workflow stage and transition information...

6.4CVSS6AI score0.00208EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 4 days ago6 views

CVE-2026-48955 Joomla! Core - [20260709] - Incorrect Access Control in com_workflow

An improper access check allows unauthorized users to access workflow stage and transition information...

6.4CVSS6AI score0.00208EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42066

An improper access check allows unauthorized users to access workflow stage and transition information...

6.4CVSS6AI score0.00208EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 4 days ago3 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in uuid.

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in uuid. CVE-2026-41988 The vulnerability have been addressed. Vulnerability Details CVEID:CVE-2026-41988 DESCRIPTION: uuid before 14.0.0 can make unexpected writes when external outp...

3.2CVSS5.9AI score0.00181EPSS
Exploits1Affected Software2
Tenable Nessus
Tenable Nessus
added 5 days ago8 views

pnpm 11.3.x < 11.5.3 Stage Download Path Traversal (CVE-2026-55700)

The version of pnpm installed on the remote host is 11.3.x prior to 11.5.3. It is, therefore, affected by a path traversal vulnerability: - From 11.3.0 until 11.5.3, pnpm stage download derived a local filename from registry-controlled package name and version fields. A crafted manifest could...

7.1CVSS6AI score0.00267EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/07/02 3:45 p.m.7 views

CVE-2026-55700

A flaw was found in pnpm, a package manager. A remote attacker could exploit a vulnerability in the pnpm stage download command by providing a specially crafted package manifest. This could allow the attacker to write files to arbitrary locations on the system, leading to unauthorized modificatio...

7.1CVSS6AI score0.00267EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/07/01 12:13 p.m.5 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS7.1AI score0.00621EPSS
Exploits0References8
OSV
OSV
added 2026/06/30 12:0 a.m.7 views

MAL-2026-6691 Malicious code in polymarket-clob-maths (npm)

Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign targeting Polymarket developers. polymarket-clob-maths uses a dropper technique: a postinstall hook fetches a remote bundle from trabalhos-flax.vercel.app and executes a syncSession function that runs a...

5.9AI score
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/26 2:12 a.m.8 views

SUSE CVE-2026-53145

In the Linux kernel, the following vulnerability has been resolved: drm/gem: Try to fix changehandle ioctl, attempt 4 airlied: just added some comments on how to reenable On-list because the cat is out of the bag and we're clearly not good enough to figure this out in private. The story thus far:...

7.8CVSS5.9AI score0.00106EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 6:16 p.m.7 views

CVE-2026-55700

pnpm is a package manager. From 11.3.0 until 11.5.3, pnpm stage download derived a local filename from registry-controlled package name and version fields. A crafted manifest could escape the selected download directory and overwrite another reachable file. The merged fix validates both fields,...

7.1CVSS0.00267EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 4:47 p.m.9 views

CVE-2026-55700

pnpm is a package manager. From 11.3.0 until 11.5.3, pnpm stage download derived a local filename from registry-controlled package name and version fields. A crafted manifest could escape the selected download directory and overwrite another reachable file. The merged fix validates both fields,...

7.1CVSS5.8AI score0.00267EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/06/25 4:47 p.m.34 views

CVE-2026-55700 pnpm: stage download writes outside destination via manifest version traversal

pnpm is a package manager. From 11.3.0 until 11.5.3, pnpm stage download derived a local filename from registry-controlled package name and version fields. A crafted manifest could escape the selected download directory and overwrite another reachable file. The merged fix validates both fields,...

7.1CVSS0.00267EPSS
Exploits1References2
CVE
CVE
added 2026/06/25 4:47 p.m.16 views

CVE-2026-55700

pnpm stage download (affecting 11.3.0–11.5.3) allowed a crafted manifest to derive a local filename from package name and version, enabling the download to escape the target directory and overwrite a reachable file. The merged fix validates both fields, derives a single safe filename, and verifie...

7.1CVSS5.8AI score0.00267EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/06/25 9:16 a.m.5 views

CVE-2026-53145

In the Linux kernel, the following vulnerability has been resolved: drm/gem: Try to fix changehandle ioctl, attempt 4 airlied: just added some comments on how to reenable On-list because the cat is out of the bag and we're clearly not good enough to figure this out in private. The story thus far:...

7.8CVSS0.00106EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/25 8:38 a.m.35 views

CVE-2026-53145 drm/gem: Try to fix change_handle ioctl, attempt 4

In the Linux kernel, the following vulnerability has been resolved: drm/gem: Try to fix changehandle ioctl, attempt 4 airlied: just added some comments on how to reenable On-list because the cat is out of the bag and we're clearly not good enough to figure this out in private. The story thus far:...

7.8CVSS0.00106EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 8:38 a.m.3 views

EUVD-2026-39236

In the Linux kernel, the following vulnerability has been resolved: drm/gem: Try to fix changehandle ioctl, attempt 4 airlied: just added some comments on how to reenable On-list because the cat is out of the bag and we're clearly not good enough to figure this out in private. The story thus far:...

5.9AI score0.00106EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 8:38 a.m.13 views

CVE-2026-53145

Summary of CVE-2026-53145 (Linux kernel drm/gem change_handle race) : A race between gem_close and gem_change_handle ioctls in the DRM GEM subsystem was addressed but not cleanly fixed initially. The root cause involved confusion around the local handle variable (which is the new handle) and seve...

7.8CVSS5.9AI score0.00106EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52525

Name of the Vulnerable Software and Affected Versions pnpm versions 11.3.0 through 11.5.2 Description The pnpm stage download command derives a local filename using package name and version fields controlled by the registry. A crafted manifest can lead to a path traversal, allowing an attacker to...

7.1CVSS5.8AI score0.00267EPSS
Exploits1References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 11:4 p.m.24 views

Malicious code in leo-streams (npm)

The leo-streams npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 11:4 p.m.10 views

Malicious code in leo-cron (npm)

The leo-cron npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...

5.9AI score
Exploits0References3
Rows per page
Query Builder