Lucene search
K

1808 matches found

Veracode
Veracode
added 2026/06/15 7:20 a.m.9 views

XXE Injection

Spring REST Docs is vulnerable to XML External Entity XXE Injection. The vulnerability is due to unsafe processing of XML content when documenting remote APIs, where a compromised or malicious API can supply crafted XML containing external entities. When documentation-generating tests are execute...

5.9CVSS5.3AI score0.00223EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/11 1:27 p.m.8 views

OpenZeppelin Contracts Wizard has Code Injection in Generated Hardhat and Foundry Tests via Unsanitized opts.name / opts.uri

Summary The OpenZeppelin Contracts Wizard generated Hardhat test/test.ts and Foundry test/.t.sol example test files that interpolated user-supplied strings opts.name, opts.uri into the test source without escaping. A crafted input could produce a generated test file in which the input string brok...

5.3AI score0.0004EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/11 1:27 p.m.6 views

GHSA-4X76-22X2-RX8V OpenZeppelin Contracts Wizard has Code Injection in Generated Hardhat and Foundry Tests via Unsanitized opts.name / opts.uri

Summary The OpenZeppelin Contracts Wizard generated Hardhat test/test.ts and Foundry test/.t.sol example test files that interpolated user-supplied strings opts.name, opts.uri into the test source without escaping. A crafted input could produce a generated test file in which the input string brok...

8.8CVSS5.3AI score0.0004EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.6 views

openSUSE 16 Security Update : sshfs (openSUSE-SU-2026:20915-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20915-1 advisory. Changes in sshfs: - Update to 3.7.6: - Added new maintainer: abhinavagarwal07 Abhinav Agarwal - CVE-2026-47187: Fixed critical vulnerability -...

5.7AI score0.00031EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/10 12:31 a.m.9 views

EUVD-2026-35885

When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API accessed over HTTP, an attacker who compromises the API or tricks the user into documenting a malicious API can perform an XXE injection attack when the documentation-generating tests are next execute...

5.9CVSS5.5AI score0.00223EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/06/10 12:0 a.m.8 views

PI-Hunter: Automated Red-Teaming for Exposing and Localizing Prompt Injections

Large Language Models LLMs are rapidly evolving into agentic systems that interact with external tools and environments, introducing new security risks such as indirect prompt injection attacks through untrusted external sources. Existing defenses mainly focus on blocking malicious content at...

5.4AI score
Exploits0
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.13 views

Roxy-WI 路径遍历漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions of Roxy-WI 8.2.6.4 and earlier contain a path traversal vulnerability. This vulnerability stems from the use of metagroup tests instead of substring containment in path traversal checks,...

8.1CVSS5.3AI score0.00316EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 11:46 p.m.34 views

CVE-2026-40991 XML External Entity (XXE) injection when documenting untrusted XML content

When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API accessed over HTTP, an attacker who compromises the API or tricks the user into documenting a malicious API can perform an XXE injection attack when the documentation-generating tests are next execute...

5.9CVSS0.00223EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 11:46 p.m.16 views

CVE-2026-40991

The CVE-2026-40991 issue affects Spring REST Docs: 4.0.0; 3.0.0–3.0.5; and 2.0.0.RELEASE–2.0.8.RELEASE. When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote HTTP API, an attacker who compromises the API or tricks a user into documenting a malicious API can ...

5.9CVSS5.5AI score0.00223EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/06/09 2:21 a.m.9 views

SUSE CVE-2026-46280

In the Linux kernel, the following vulnerability has been resolved: lib: testhmm: evict device pages on file close to avoid use-after-free Patch series "Minor hmmtest fixes and cleanups". Two bugfixes a cleanup for the HMM kernel selftests. These were mostly reported by Zenghui Yu with special...

5.5CVSS5.3AI score0.00126EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.17 views

PT-2026-48306

Name of the Vulnerable Software and Affected Versions Spring REST Docs version 4.0.0 Spring REST Docs versions 3.0.0 through 3.0.5 Spring REST Docs versions 2.0.0.RELEASE through 2.0.8.RELEASE Description An XXE XML External Entity injection attack can occur when using spring-restdocs-webtestclie...

5.9CVSS6AI score0.00223EPSS
Exploits0References4
NVD
NVD
added 2026/06/08 5:16 p.m.8 views

CVE-2026-46280

In the Linux kernel, the following vulnerability has been resolved: lib: testhmm: evict device pages on file close to avoid use-after-free Patch series "Minor hmmtest fixes and cleanups". Two bugfixes a cleanup for the HMM kernel selftests. These were mostly reported by Zenghui Yu with special...

7.8CVSS0.00126EPSS
Exploits0References6
OSV
OSV
added 2026/06/08 5:16 p.m.17 views

UBUNTU-CVE-2026-46289

In the Linux kernel, the following vulnerability has been resolved: lib/scatterlist: fix length calculations in extractkvectosg Patch series "Fix bugs in extractitertosg", v3. Fix bugs in the kvec and user variants of extractitertosg. This series is growing due to useful remarks made by...

9.8CVSS5.4AI score0.00457EPSS
Exploits0References8
OSV
OSV
added 2026/06/08 5:16 p.m.5 views

UBUNTU-CVE-2026-46280

In the Linux kernel, the following vulnerability has been resolved: lib: testhmm: evict device pages on file close to avoid use-after-free Patch series "Minor hmmtest fixes and cleanups". Two bugfixes a cleanup for the HMM kernel selftests. These were mostly reported by Zenghui Yu with special...

7.8CVSS5.3AI score0.00126EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/08 3:41 p.m.39 views

CVE-2026-46280 lib: test_hmm: evict device pages on file close to avoid use-after-free

In the Linux kernel, the following vulnerability has been resolved: lib: testhmm: evict device pages on file close to avoid use-after-free Patch series "Minor hmmtest fixes and cleanups". Two bugfixes a cleanup for the HMM kernel selftests. These were mostly reported by Zenghui Yu with special...

7.8CVSS0.00126EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/08 3:41 p.m.9 views

EUVD-2026-35145

In the Linux kernel, the following vulnerability has been resolved: lib: testhmm: evict device pages on file close to avoid use-after-free Patch series "Minor hmmtest fixes and cleanups". Two bugfixes a cleanup for the HMM kernel selftests. These were mostly reported by Zenghui Yu with special...

5.4AI score0.00126EPSS
Exploits0References5
CVE
CVE
added 2026/06/08 3:41 p.m.19 views

CVE-2026-46280

CVE-2026-46280 affects the Linux kernel in the HMM selftest path for device memory (dmirror) handling. The root cause is in dmirror_fops_release(), which frees the dmirror struct without migrating device-private pages back to system memory, leaving a stale zone_device_data pointer. If a fault occ...

7.8CVSS5.4AI score0.00126EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-46280

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lib: testhmm: evict device pages on file close to avoid use-after-free Patch series Minor hmmtest fixes and cleanups. Two bugfixes a cleanup for the HMM kernel...

7.8CVSS5.9AI score0.00126EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.13 views

PT-2026-47361

Name of the Vulnerable Software and Affected Versions Linux kernel versions 6.3 through 6.5 Description Issues exist in the extract kvec to sg function within the scatterlist library. When extracting from a kvec to a scatterlist, the length for an sglist entry can exceed the number of bytes in th...

9.8CVSS5.5AI score0.00457EPSS
Exploits1References65
GithubExploit
GithubExploit
added 2026/06/06 12:47 a.m.57 views

ccdd-poc

ccdd-poc — ¿Dónde está el límite de un solucionador de issues...

5.4AI score
Exploits0
Rows per page
Query Builder