Lucene search
K

1693 matches found

NVD
NVD
added 2026/06/22 10:16 p.m.14 views

CVE-2026-48513

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, runtime-generated union deserializers emitted by DynamicUnionResolver do not call MessagePackSecurity.DepthStepref reader and do not decrement reader.Depth around recursive deserialization and skip paths. This means...

7.5CVSS0.00231EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 9:12 p.m.5 views

CVE-2026-48513

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, runtime-generated union deserializers emitted by DynamicUnionResolver do not call MessagePackSecurity.DepthStepref reader and do not decrement reader.Depth around recursive deserialization and skip paths. This means...

7.5CVSS5.9AI score0.00231EPSS
Exploits0References2Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.1 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: The fs and lock operations during checks for active status. The referenced commits introduced a two-step process for deleting FTEs: - Lock the FTE, delete it from the hardware, set the hardware deletion function to NULL...

5.5CVSS6.2AI score0.00198EPSS
Exploits0References2
NVD
NVD
added 2026/06/18 5:16 p.m.14 views

CVE-2025-32424

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, ScreenshotWebPageBlock will store the captured screenshots in a temporary directory. StepThroughItemsBlock can be used to iterate ScreenshotWebPageBlock...

8.7CVSS0.00276EPSS
Exploits0References1
CVE
CVE
added 2026/06/18 4:20 p.m.17 views

CVE-2025-32437

CVE-2025-32437 affects AutoGPT prior to 0.6.63, specifically the MediaDurationBlock. The issue arises because MediaDurationBlock downloads and stores videos in a temporary directory without proper deletion, and StepThroughItemsBlock can iterate MediaDurationBlock multiple times, with no limit on ...

8.7CVSS5.3AI score0.00276EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/18 4:12 p.m.17 views

CVE-2025-32422 AutoGPT has a DoS vulnerability in FileStoreBlock with StepThroughItemsBlock

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, StepThroughItemsBlock can iterate all the contents in a list and send them to FileStoreBlock for downloading one by one. Although FileStoreBlock has access...

8.7CVSS0.00276EPSS
Exploits0References1
CVE
CVE
added 2026/06/18 4:12 p.m.14 views

CVE-2025-32422

AutoGPT contains a DoS vulnerability in StepThroughItemsBlock leading to disk exhaustion via unbounded downloads to FileStoreBlock. Before version 0.6.63, StepThroughItemsBlock can iterate over an arbitrary list and trigger downloads to FileStoreBlock without limiting loop count, while FileStoreB...

8.7CVSS5.3AI score0.00276EPSS
Exploits0References1
Wiz blog
Wiz blog
added 2026/06/17 2:33 p.m.15 views

The Red Agent POV: How it Reasoned its Way to SSRF

Part 1: How the Red Agent uncovered a multi-step attack chain allowing SSRF-to-Local-File-Read on a GCP Cloud Run API...

5.2AI score
Exploits0
NVD
NVD
added 2026/06/16 10:16 a.m.7 views

CVE-2026-39437

Unauthenticated Cross Site Scripting XSS in Min Max Step Quantity Limits Manager for WooCommerce = 5.2.2 versions...

7.1CVSS0.00142EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/16 9:0 a.m.6 views

EUVD-2026-37044

Unauthenticated Cross Site Scripting XSS in Min Max Step Quantity Limits Manager for WooCommerce = 5.2.2 versions...

7.1CVSS5.2AI score0.00142EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 9:0 a.m.18 views

CVE-2026-39437

The CVE-2026-39437 issue affects the WordPress plugin “Min Max Step Quantity Limits Manager for WooCommerce” (versions ≤ 5.2.2). The vulnerability is an unauthenticated Cross Site Scripting (XSS), described as reflected in Patchstack and corroborated by NVD/CVE listings. The root cause is an inpu...

7.1CVSS5.1AI score0.00142EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/06/16 2:20 a.m.9 views

SUSE CVE-2026-47167

Vim is an open source, command line text editor. Prior to version 9.2.0496, a code injection vulnerability exists in s:stepmatch in the cucumber filetype plugin runtime/ftplugin/cucumber.vim on Vim builds with +ruby support. Step-definition patterns read from .rb files under the repository's...

5.3CVSS5.8AI score0.00135EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2026/06/13 8:1 a.m.13 views

Vim: Vimscript Code Injection in cucumber filetype plugin via crafted step-definition regex

...

5.3CVSS5.3AI score0.00135EPSS
Exploits0
NVD
NVD
added 2026/06/12 4:16 p.m.16 views

CVE-2026-44976

Frappe is a full-stack web application framework. Prior to version 16.17.4, any user can modify any field in any Onboarding Step record. This issue has been patched in version 16.17.4...

5.3CVSS0.00278EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 3:8 p.m.10 views

EUVD-2026-32594

Budibase: SSRF via User-Controlled queryId in Automation Execute Query Step...

5.1CVSS5.2AI score0.00329EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 2:38 p.m.11 views

CVE-2026-44976 Frappe: IDOR in update_onboarding_step

Frappe is a full-stack web application framework. Prior to version 16.17.4, any user can modify any field in any Onboarding Step record. This issue has been patched in version 16.17.4...

5.3CVSS5.3AI score0.00278EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 2:38 p.m.31 views

CVE-2026-44976

CVE-2026-44976 affects the Frappe web framework. The vulnerability is described as an IDOR in the “update_onboarding_step” function, allowing any user to modify any field in any Onboarding Step record prior to version 16.17.4. The issue is explicitly patched in version 16.17.4. The available conn...

5.3CVSS5.3AI score0.00278EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 2:38 p.m.9 views

EUVD-2026-36493

Frappe is a full-stack web application framework. Prior to version 16.17.4, any user can modify any field in any Onboarding Step record. This issue has been patched in version 16.17.4...

5.3CVSS5.2AI score0.00278EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 2:38 p.m.26 views

CVE-2026-44976 Frappe: IDOR in update_onboarding_step

Frappe is a full-stack web application framework. Prior to version 16.17.4, any user can modify any field in any Onboarding Step record. This issue has been patched in version 16.17.4...

5.3CVSS0.00278EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 10:0 a.m.33 views

CVE-2026-9266

A Missing Required Cryptographic Step vulnerability has been identified in Moxa's embedded Linux firmware for industrial computers and controllers. This vulnerability represents an incomplete remediation of CVE-2026-0714. The firmware introduced TPM2 parameter encryption as a countermeasure again...

7CVSS0.0007EPSS
Exploits0References1
Rows per page
Query Builder