Lucene search
K

2245 matches found

RedHat Linux
RedHat Linux
added yesterday7 views

openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax CMS EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter...

7.5CVSS6.9AI score0.00805EPSS
Exploits0References10
NVD
NVD
added 3 days ago7 views

CVE-2026-61447

PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent.executepython that executes LLM-generated Python code without AST validation, import restrictions, or sandbox enforcement. Attackers can influence LLM output through prompt injection to exfiltrate all environment...

10CVSS0.00544EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/07/06 8:58 a.m.5 views

openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax CMS EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter...

7.5CVSS7AI score0.00805EPSS
Exploits0References10
OSV
OSV
added 2026/07/06 6:28 a.m.5 views

OESA-2026-2860 gnupg2 security update

GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 also known as PGP. GnuPG enables encryption and signing of data and communication, and features a versatile key management system as well as access modules for public key directories. Security Fixes: CMS...

2.9CVSS5.9AI score0.0011EPSS
Exploits0References2
OSV
OSV
added 2026/07/06 6:28 a.m.4 views

OESA-2026-2859 gnupg2 security update

GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 also known as PGP. GnuPG enables encryption and signing of data and communication, and features a versatile key management system as well as access modules for public key directories. Security Fixes: CMS...

2.9CVSS5.9AI score0.0011EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/07/01 7:34 p.m.5 views

vim: Vim: Command injection allows arbitrary code execution via malicious tag files

A flaw was found in Vim, an open-source command-line text editor. This command injection vulnerability occurs during tag file processing. A local user could craft a malicious tags file containing backtick syntax in the filename field. When Vim resolves a tag from this file, it executes the embedd...

6.6CVSS6.4AI score0.00501EPSS
Exploits0References7
NVD
NVD
added 2026/07/01 4:16 p.m.7 views

CVE-2026-58030

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation SyntaxHighlightGeSHi. This vulnerability is associated with program files includes/SyntaxHighlight.Php. This issue affects SyntaxHighlightGeSHi: from before 1.46.0,...

6.1CVSS0.0027EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/01 2:58 p.m.7 views

CVE-2026-58030

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation SyntaxHighlightGeSHi. This vulnerability is associated with program files includes/SyntaxHighlight.Php. This issue affects SyntaxHighlightGeSHi: from before 1.46.0,...

5.3CVSS5.8AI score0.0027EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 2:58 p.m.16 views

CVE-2026-58030

Summary : CVE-2026-58030 is a stored XSS in Wikimedia Foundation’s SyntaxHighlight_GeSHi due to improper neutralization of input in the linelinks processing. Affected versions are before 1.46.0, 1.45.4, 1.44.6, and 1.43.9. The issue is associated with the includes/SyntaxHighlight.Php component an...

6.1CVSS5.8AI score0.0027EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/30 11:17 p.m.6 views

CVE-2026-56777

n8n before 2.25.7 and 2.26.x before 2.26.2 contains an abstract syntax tree AST security validator bypass in the Python Code node. An authenticated user with permission to create or modify workflows containing a Python Code node can bypass the validator and access the task executor module...

5.3CVSS0.00245EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/30 10:38 a.m.12 views

vim: Vim: Command injection allows arbitrary code execution via malicious tag files

A flaw was found in Vim, an open-source command-line text editor. This command injection vulnerability occurs during tag file processing. A local user could craft a malicious tags file containing backtick syntax in the filename field. When Vim resolves a tag from this file, it executes the embedd...

6.6CVSS6.4AI score0.00501EPSS
Exploits0References7
OSV
OSV
added 2026/06/26 12:30 a.m.3 views

MAL-2026-6493 Malicious code in prism-silq (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6bb3e8b0ded57991e21f137aac7c905348a83f6be7914c4da619c18d2acd280c The package ships a binding.gyp whose sources field uses GYP command-expansion syntax !... at line 6. npm implicitly runs node-gyp rebuild whenever a...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/26 12:28 a.m.7 views

MAL-2026-6492 Malicious code in hexo-shoka-swiper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 62f045b55721408d94a92f5d65b58d69c98d3dc29d5f4f9327fb8edb4f85eaad The package ships a binding.gyp whose sources field uses GYP command-expansion syntax !... at line 6. npm implicitly runs node-gyp rebuild whenever a...

6.4AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.16 views

PT-2026-52696

Name of the Vulnerable Software and Affected Versions Apache Kerby versions prior to 2.1.2 Description Sending a deeply nested ASN1 Abstract Syntax Notation One, a standard interface for describing data structures structure to a client or service can trigger a StackOverFlow Exception, resulting i...

6.5CVSS5.8AI score0.00294EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/25 4:35 p.m.6 views

CVE-2026-6094

Heap buffer overread in wcPKCS7DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-supplied data delivered via S/MIME or CMS...

6.3CVSS6AI score0.00294EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.14 views

RHEL 9 : libtasn1 (RHSA-2026:28253)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28253 advisory. A library that provides Abstract Syntax Notation One ASN.1, as specified by the X.680 ITU-T recommendation parsing and structures management, and...

7.5CVSS7.4AI score0.01109EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/23 11:12 p.m.8 views

vim: Vim: Command injection allows arbitrary code execution via malicious tag files

A flaw was found in Vim, an open-source command-line text editor. This command injection vulnerability occurs during tag file processing. A local user could craft a malicious tags file containing backtick syntax in the filename field. When Vim resolves a tag from this file, it executes the embedd...

6.6CVSS6.4AI score0.00501EPSS
Exploits0References7
NVD
NVD
added 2026/06/23 6:18 p.m.11 views

CVE-2026-57062

CMS Cryptographic Message Syntax parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is supposed to be 12 bytes but 4 bytes is accepted. NOTE: this is related to CVE-2026-34182...

2.9CVSS0.0011EPSS
Exploits0References2
OSV
OSV
added 2026/06/23 6:18 p.m.4 views

UBUNTU-CVE-2026-57062

CMS Cryptographic Message Syntax parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is supposed to be 12 bytes but 4 bytes is accepted. NOTE: this is related to CVE-2026-34182...

2.9CVSS5.8AI score0.0011EPSS
Exploits0References3
CVE
CVE
added 2026/06/23 6:17 p.m.86 views

CVE-2026-53753

CVE-2026-53753 affects Crawl4AI before version 0.8.7. The _safe_eval_expression() AST validator only blocks underscore-prefixed attributes, allowing access to generator/frame attributes (gi_frame, f_back, f_builtins) and enabling sandbox escape to achieve arbitrary code execution. The attack is u...

10CVSS6.2AI score0.0045EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder