Lucene search
K

124 matches found

Github Security Blog
Github Security Blog
added 2 days ago5 views

Coder vulnerable to denial of service via unbounded request body in AI Bridge provider endpoints

Summary AI Bridge provider handlers read request bodies with io.ReadAll without a maximum size so an authenticated user with AI Bridge access could send an arbitrarily large body and exhaust memory. Note: Exploitation requires authenticated access to the AI Bridge endpoints and the impact is...

6.5CVSS6AI score
Exploits0References6Affected Software1
OSV
OSV
added 3 days ago9 views

ROOT-OS-UBUNTU-2404-CVE-2026-43495 CVE-2026-43495 in rootio-linux - Patched by Root

Root has patched CVE-2026-43495 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

8.8CVSS5.8AI score0.00272EPSS
Exploits0
EUVD
EUVD
added 2026/06/26 10:59 p.m.7 views

EUVD-2026-39492

pnpm Vulnerable to Arbitrary File Write/Delete via Malicious Patch File Path Traversal...

7.3CVSS5.8AI score0.0027EPSS
Exploits1References2
NVD
NVD
added 2026/06/25 6:16 p.m.8 views

CVE-2026-50014

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm passes the lockfile-controlled git resolution.commit value to git fetch without a -- separator or commit-format validation. For git dependencies fetched through the shallow-fetch path, a malicious lockfile can replace the expected...

7.3CVSS0.0018EPSS
Exploits1References1
Fedora
Fedora
added 2026/06/21 1:1 a.m.4 views

[SECURITY] Fedora 44 Update: kubernetes1.34-1.34.9-1.fc44

Production-Grade Container Scheduling and Management. Installs kubelet, the kubernetes agent on each machine in a cluster. The kubernetes-client sub-package, containing kubectl, is recommended but not strictly required. The kubernetes-client sub-package should be installed on control plane machin...

8.7CVSS5.7AI score0.00656EPSS
Exploits0
Chainguard
Chainguard
added 2026/06/11 1:18 p.m.6 views

GHSA-5PG7-F6XV-J6M4 vulnerabilities

Vulnerabilities for packages: libcrypto3-2.34, openssl...

5.9AI score
Exploits0
OSV
OSV
added 2026/06/05 10:43 a.m.5 views

MINI-5V34-7RFR-7687

Bulletin has no description...

6.1CVSS5.1AI score0.00178EPSS
Exploits0
NVD
NVD
added 2026/06/02 8:16 p.m.12 views

CVE-2026-40181

React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can trigger an open redirect to an external domain due to path values starting with // being reinterpreted as protocol-relative URLs. The level of impact...

8.7CVSS0.00162EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in binutils

There is a flaw in binutils /bfd/pef.c. An attacker who can submit a crafted input file for processing by the objdump program could cause a null pointer dereference. The greatest threat of this flaw is to the availability of the application. This flaw affects binutils versions prior to 2.34...

5.5CVSS6.4AI score0.01156EPSS
Exploits1References2
OSV
OSV
added 2026/05/11 1:33 p.m.3 views

MINI-M353-5CHP-34QP

Bulletin has no description...

7.5CVSS5.7AI score0.00781EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/08 1:35 p.m.39 views

CVE-2026-44338 PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution

PraisonAI is a multi-agent teams system. From version 2.5.6 to before version 4.6.34, PraisonAI ships a legacy Flask API server with authentication disabled by default. When that server is used, any caller that can reach it can access /agents and trigger the configured agents.yaml workflow throug...

7.3CVSS0.26799EPSS
Exploits3References1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.21 views

PT-2026-39003

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.6.34 Description The Model Context Protocol MCP server in PraisonAI contains a path traversal flaw in its file-handling tools. The server registers four tools by default: 'praisonai.rules.create',...

9.6CVSS6.3AI score0.00619EPSS
Exploits1References11
Packet Storm News
Packet Storm News
added 2026/05/07 12:0 a.m.10 views

LCC-LLM: Leveraging Code-Centric Large Language Models for Malware Attribution

LLMs are increasingly explored for malware analysis; however, current LLM-based malware attribution remains limited by unsupported indicators and insufficient code-level grounding for identifying malicious and vulnerable code segments. To address these limitations, this research introduces LCC-LL...

5.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/03 12:0 a.m.17 views

PT-2026-39005

Name of the Vulnerable Software and Affected Versions PraisonAI versions 2.5.6 through 4.6.33 Description PraisonAI ships a legacy Flask API server that has authentication disabled by default due to hard-coded AUTH ENABLED = False and AUTH TOKEN = None variables in the api server.py file. This...

7.5CVSS6AI score0.26799EPSS
Exploits3References65
RedhatCVE
RedhatCVE
added 2026/03/27 10:51 p.m.6 views

CVE-2026-33541

TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Prior to version 34, a flaw in TSPortal allowed attackers to create arbitrary user records in the database by abusing validation logic. Whil...

6.5CVSS5.9AI score0.00293EPSS
Exploits1References1
NVD
NVD
added 2026/03/26 9:17 p.m.5 views

CVE-2026-33541

TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Prior to version 34, a flaw in TSPortal allowed attackers to create arbitrary user records in the database by abusing validation logic. Whil...

6.5CVSS0.00293EPSS
Exploits1References1
CVE
CVE
added 2026/03/26 8:27 p.m.13 views

CVE-2026-33541

CVE-2026-33541 affects TSPortal prior to version 34. A validation logic side effect allowed creation of arbitrary user records in the database, as invalid usernames were supposed to be rejected but a side effect caused records to be created regardless of request success, enabling uncontrolled dat...

6.5CVSS5.8AI score0.00293EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/26 8:27 p.m.2 views

CVE-2026-33541 TSPortal's Uncontrolled User Creation via Validation Side Effects Leads to Potential Denial of Service

TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Prior to version 34, a flaw in TSPortal allowed attackers to create arbitrary user records in the database by abusing validation logic. Whil...

6.5CVSS5.9AI score0.00293EPSS
Exploits1References1
OSV
OSV
added 2026/03/26 8:27 p.m.9 views

CVE-2026-33541 TSPortal's Uncontrolled User Creation via Validation Side Effects Leads to Potential Denial of Service

TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Prior to version 34, a flaw in TSPortal allowed attackers to create arbitrary user records in the database by abusing validation logic. Whil...

6.5CVSS6AI score0.00293EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.13 views

PT-2026-28493

Name of the Vulnerable Software and Affected Versions TSPortal versions prior to 34 Description TSPortal, the WikiTide Foundation’s in-house platform used by the Trust and Safety team, was found to have a flaw that allowed attackers to create arbitrary user records in the database. This was...

6.5CVSS6AI score0.00293EPSS
Exploits1References6
Rows per page
Query Builder