Lucene search
K

15743 matches found

Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.8 views

PT-2026-52845

Name of the Vulnerable Software and Affected Versions AutoGPT versions prior to 0.6.32 Description A Denial of Service DoS issue exists in the AITextSummarizerBlock component. This occurs because the system allows input amplification, where a relatively small amount of content can lead to excessi...

5.3CVSS5.8AI score0.00247EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/26 12:0 a.m.5 views

CVE-2026-50765

A stored cross-site scripting XSS vulnerability in the patron restriction type administration page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with administrator privileges to inject arbitrary web scripts via the restriction type label...

6.1CVSS5.8AI score0.00228EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.7 views

PT-2026-52846

Name of the Vulnerable Software and Affected Versions AutoGPT versions prior to 0.6.32 Description AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. A Denial of Service DoS issue exists in the ExtractTextInformationBlock...

5.3CVSS5.8AI score0.00247EPSS
Exploits0References5
Debian
Debian
added 2026/06/25 6:27 p.m.3 views

[SECURITY] [DLA 4648-1] libtext-csv-xs-perl security update

Debian LTS Advisory DLA-4648-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin June 25, 2026 https://wiki.debian.org/LTS Package : libtext-csv-xs-perl Version : 1.45-1+deb11u1 1.49-1+deb12u1 CVE ID : CVE-2026-7111 Debian Bug : 1135232 A use-after-free issue was fou...

8.4CVSS5.7AI score0.00158EPSS
Exploits0
NVD
NVD
added 2026/06/25 6:16 p.m.7 views

CVE-2026-55487

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, the generic peer-suffix normalizer also stripped parenthesized text from git, URL, tarball, file, and other opaque locators. Approval for one source string could therefore authorize a different attacker-controlled source whose locator...

8.8CVSS0.00118EPSS
Exploits1References1
NVD
NVD
added 2026/06/25 5:16 p.m.7 views

CVE-2026-54025

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, there is a vulnerability in LibreChat's markdown artifact preview pipeline. The marked library v15.0.12 does not HTML-escape double-quote characters in image alt text when a custom renderer falls throu...

5.4CVSS0.0014EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 4:41 p.m.4 views

CVE-2026-55487

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, the generic peer-suffix normalizer also stripped parenthesized text from git, URL, tarball, file, and other opaque locators. Approval for one source string could therefore authorize a different attacker-controlled source whose locator...

7.5CVSS5.9AI score0.00118EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/06/25 4:16 p.m.7 views

CVE-2026-57454

Vim is an open source, command line text editor. From 9.2.0320 until 9.2.0679, a crafted undo or swap file can store a virtual-text property whose offset and length point outside the line's property data. When Vim restores or displays such a line it converts the offset into a pointer and reads th...

6.8CVSS0.00119EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 4:16 p.m.8 views

CVE-2026-57451

Vim is an open source, command line text editor. Prior to 9.2.0670, gettextprops in src/textprop.c reads a uint16 property count stored inline after a line's text and returns it as the number of 32-byte textpropT entries that follow. The only check is a floor that guarantees room for a single...

6.1CVSS0.00113EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/25 3:53 p.m.27 views

CVE-2026-54025 LibreChat: Stored XSS via unescaped image alt text in markdown artifact preview

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, there is a vulnerability in LibreChat's markdown artifact preview pipeline. The marked library v15.0.12 does not HTML-escape double-quote characters in image alt text when a custom renderer falls throu...

5.4CVSS0.0014EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/25 3:53 p.m.4 views

EUVD-2026-39463

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, there is a vulnerability in LibreChat's markdown artifact preview pipeline. The marked library v15.0.12 does not HTML-escape double-quote characters in image alt text when a custom renderer falls throu...

5.4CVSS6AI score0.0014EPSS
Exploits1References1
CVE
CVE
added 2026/06/25 3:53 p.m.9 views

CVE-2026-54025

LibreChat suffers a stored XSS in its Markdown artifact preview prior to version 0.8.4-rc1. The vulnerability arises because lib re uses marked v15.0.12 to render image alt text without HTML-escaping double quotes when the custom image renderer defers to the default renderer. LibreChat’s generate...

5.4CVSS6AI score0.0014EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2026/06/25 3:28 p.m.19 views

CVE-2026-57451

Vim CVE-2026-57451 affects Vim up to version 9.2.0670. The issue in get_text_props() (src/textprop.c) reads a uint16 property count inline after a line’s text and treats it as the number of 32-byte textprop_T entries that follow. The only boundary check is a floor for a single entry, and the coun...

6.1CVSS5.9AI score0.00113EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/25 3:28 p.m.5 views

EUVD-2026-39449

Vim is an open source, command line text editor. Prior to 9.2.0670, gettextprops in src/textprop.c reads a uint16 property count stored inline after a line's text and returns it as the number of 32-byte textpropT entries that follow. The only check is a floor that guarantees room for a single...

5.3CVSS5.9AI score0.00113EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/25 3:28 p.m.36 views

CVE-2026-57451 Vim: Out-of-bounds Read in Text Property Count

Vim is an open source, command line text editor. Prior to 9.2.0670, gettextprops in src/textprop.c reads a uint16 property count stored inline after a line's text and returns it as the number of 32-byte textpropT entries that follow. The only check is a floor that guarantees room for a single...

5.3CVSS0.00113EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/06/25 3:28 p.m.7 views

CVE-2026-57451

Vim is an open source, command line text editor. Prior to 9.2.0670, gettextprops in src/textprop.c reads a uint16 property count stored inline after a line's text and returns it as the number of 32-byte textpropT entries that follow. The only check is a floor that guarantees room for a single...

6.1CVSS5.9AI score0.00113EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/25 3:24 p.m.37 views

CVE-2026-57454 Vim: Out-of-bounds Read with Text Properties

Vim is an open source, command line text editor. From 9.2.0320 until 9.2.0679, a crafted undo or swap file can store a virtual-text property whose offset and length point outside the line's property data. When Vim restores or displays such a line it converts the offset into a pointer and reads th...

6.8CVSS0.00119EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/25 3:24 p.m.4 views

CVE-2026-57454

Vim is an open source, command line text editor. From 9.2.0320 until 9.2.0679, a crafted undo or swap file can store a virtual-text property whose offset and length point outside the line's property data. When Vim restores or displays such a line it converts the offset into a pointer and reads th...

6.8CVSS5.8AI score0.00119EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/06/25 3:24 p.m.16 views

CVE-2026-57454

Vim vulnerability CVE-2026-57454 affects 9.2.0320–9.2.0679. A crafted undo or swap file can store a virtual-text property with offset/length outside the line’s property data. On restore/display, Vim converts the offset to a pointer and reads the virtual text without bounds checking, causing an ou...

6.8CVSS5.8AI score0.00119EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/06/25 2:16 a.m.13 views

CVE-2026-8665

OS Command Injection vulnerability in the TR action of Rapid7 InsightConnect Translate Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to insufficient input sanitization in shell command construction...

9.8CVSS0.00675EPSS
Exploits0References1
Rows per page
Query Builder