Lucene search
K

241 matches found

OSV
OSV
added 2026/07/01 7:1 p.m.3 views

GHSA-HWPP-H97W-2H3J repomix: attach_packed_output can bypass file-read secret scanning for supported local files

attachpackedoutput can register arbitrary .json/.txt/.md/.xml files and bypass the MCP file-read safety check Summary Repomix's MCP server exposes a normal filesystemreadfile tool that reads absolute paths only after running the project's secret check. However, the attachpackedoutput plus...

6.9CVSS6.1AI score0.00028EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-56371

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick before 7.1.2-15 and 6.9.13-40 contains a memory leak in coders/txt.c when processing TXT files with texture attributes: the texture object allocated...

6.9CVSS6AI score0.00257EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/23 12:13 p.m.4 views

CVE-2026-56371 ImageMagick - Memory Leak in TXT File Processing via Texture Attribute

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a memory leak in coders/txt.c when processing TXT files with texture attributes: the texture object allocated via ReadImage is not released when GetTypeMetrics fails, leaking memory each time a crafted TXT file with a texture attribute is process...

6.9CVSS5.8AI score0.00257EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 12:13 p.m.8 views

EUVD-2026-38439

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a memory leak in coders/txt.c when processing TXT files with texture attributes: the texture object allocated via ReadImage is not released when GetTypeMetrics fails, leaking memory each time a crafted TXT file with a texture attribute is process...

5.8AI score0.00257EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/23 12:13 p.m.43 views

CVE-2026-56371 ImageMagick - Memory Leak in TXT File Processing via Texture Attribute

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a memory leak in coders/txt.c when processing TXT files with texture attributes: the texture object allocated via ReadImage is not released when GetTypeMetrics fails, leaking memory each time a crafted TXT file with a texture attribute is process...

6.9CVSS0.00257EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/06/23 12:13 p.m.5 views

CVE-2026-56371

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a memory leak in coders/txt.c when processing TXT files with texture attributes: the texture object allocated via ReadImage is not released when GetTypeMetrics fails, leaking memory each time a crafted TXT file with a texture attribute is process...

6.9CVSS5.8AI score0.00257EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.12 views

PT-2026-51512

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-15 ImageMagick versions prior to 6.9.13-40 Description A memory leak exists in coders/txt.c during the processing of TXT files containing texture attributes. The issue occurs because the texture object...

6.9CVSS5.8AI score0.00257EPSS
Exploits0References86
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.16 views

PT-2026-49073

Name of the Vulnerable Software and Affected Versions abrt-dbus affected versions not specified Description A time-of-check time-of-use TOCTOU race condition exists in the SetElement method of the abrt-dbus D-Bus service. A TOCTOU race condition occurs when a program checks a condition such as a...

7.8CVSS5.6AI score0.00103EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.10 views

CVE-2026-35487

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in loadprompt allows reading any .txt file on the server filesystem. The file content is returned verbatim in the API response. This vulnerability...

5.3CVSS5.5AI score0.00263EPSS
Exploits0References1
NVD
NVD
added 2026/05/20 6:16 p.m.19 views

CVE-2026-30691

Cross-Site Scripting XSS vulnerability in @cyntler/react-doc-viewer v1.17.1 allows remote attackers to execute arbitrary JavaScript via a crafted .txt file. The TXTRenderer component fails to sanitize file content and explicitly casts raw data as a ReactNode...

6.1CVSS0.00298EPSS
Exploits0References2
CVE
CVE
added 2026/05/20 12:0 a.m.29 views

CVE-2026-30691

CVE-2026-30691 affects @cyntler/react-doc-viewer v1.17.1. TXTRenderer improperly sanitizes .txt content and casts raw data as a ReactNode, enabling Cross-Site Scripting (XSS) via crafted files. Impact: remote attacker can execute arbitrary JavaScript. No remediation details provided in the docume...

6.1CVSS6.1AI score0.00298EPSS
Exploits0References2
OSV
OSV
added 2026/05/01 2:25 p.m.17 views

MAL-2026-3214 Malicious code in renderkitcore (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a66bf58bff553ec613604164eb60adcb89fcde468491b746838a6e2c18b0e3a0 Package is prepared to exfiltrate .log and .txt files to the target already associated with exfiltrating sensitive data. --- Category: MALICIOUS - The campaign...

5.9AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/01 2:14 p.m.12 views

Malicious code in funkratov-renderkit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 78b5f3b4a8756df49b4a5eb41647e9dd20328da005f95869f81447355e2f7880 Package is prepared to exfiltrate .log and .txt files to the target already associated with exfiltrating sensitive data. --- Category: MALICIOUS - The campaign...

5.9AI score
Exploits0References4
Fedora
Fedora
added 2026/04/25 1:55 a.m.6 views

[SECURITY] Fedora 44 Update: qt6-qtpositioning-6.10.3-1.fc44

The Qt Positioning APIs gives developers the ability to determine a position by using a variety of possible sources, including satellite, or wifi, or text file, and so on...

5.3AI score
Exploits0
Snyk
Snyk
added 2026/04/08 12:5 a.m.5 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the resourceGetHandler process. An attacker can access the full content of text files within their authorized scope by sending requests to the /api/resources endpoint, bypassing the intended download permission...

7.5CVSS5.8AI score0.00274EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/08 12:5 a.m.5 views

EUVD-2026-19780

File Browser discloses text file content via /api/resources endpoint bypassing Perm.Download check...

5.3CVSS5.9AI score0.00274EPSS
Exploits1References2
NVD
NVD
added 2026/04/07 5:16 p.m.6 views

CVE-2026-35606

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.1, the resourceGetHandler in http/resource.go returns full text file content without checking the Perm.Download permission flag. All three other...

7.5CVSS0.00274EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/07 4:29 p.m.2 views

CVE-2026-35606 File Browser discloses text file content via /api/resources endpoint bypassing Perm.Download check

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.1, the resourceGetHandler in http/resource.go returns full text file content without checking the Perm.Download permission flag. All three other...

5.3CVSS5.9AI score0.00274EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/07 4:29 p.m.22 views

CVE-2026-35606 File Browser discloses text file content via /api/resources endpoint bypassing Perm.Download check

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.1, the resourceGetHandler in http/resource.go returns full text file content without checking the Perm.Download permission flag. All three other...

5.3CVSS0.00274EPSS
Exploits1References1
NVD
NVD
added 2026/04/07 4:16 p.m.2 views

CVE-2026-35487

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in loadprompt allows reading any .txt file on the server filesystem. The file content is returned verbatim in the API response. This vulnerability...

5.3CVSS0.00263EPSS
Exploits0References1
Rows per page
Query Builder