Lucene search
K

119 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/26 8:36 p.m.7 views

CVE-2026-50136

Budibase is an open-source low-code platform. Prior to 3.39.3, the application server exposes an unauthenticated endpoint that generates S3 PutObject presigned URLs using credentials stored in a workspace datasource. The route is protected only by the recaptcha middleware and does not require...

7.4CVSS5.8AI score0.0029EPSS
Exploits1References2Affected Software1
Oracle linux
Oracle linux
added 2026/06/23 12:0 a.m.5 views

python3.9 security update

3.9.25-7.0.1 - Remove upstream URL reference 3.9.25-7 - Security fixes for CVE-2026-4786 and CVE-2026-6100 Resolves: RHEL-167919, RHEL-168161 3.9.25-6 - Security fix for CVE-2026-4519 Resolves: RHEL-158117 3.9.25-5 - Rebuilding previous fixes for different build target Related: RHEL-143117,...

5.9CVSS7.1AI score0.00463EPSS
Exploits0
OSV
OSV
added 2026/06/09 7:55 a.m.10 views

MAL-2026-5354 Malicious code in defi-tools-39 (npm)

Crypto/SSH/wallet stealer, blockchain-helper-0 campaign sibling c960+, byte-identical to swap-sdk-87. postinstall auto-execs, src/index.js harvests /.ssh keys + Sol/Eth/BTC/Tron/Sui/Aptos wallets + .env + seeds, self-labels "CRYPTO STEALER", exfils to SAME Telegram bot 8227918239 chat 6433587894...

5.6AI score
Exploits0References2
OSV
OSV
added 2026/06/07 7:24 p.m.5 views

MINI-GFX8-XPFW-RC39

Bulletin has no description...

5.3CVSS5.2AI score0.00313EPSS
Exploits0
OSV
OSV
added 2026/06/05 12:47 p.m.2 views

MINI-526Q-5PHR-8X39

Bulletin has no description...

7.5CVSS5.2AI score0.0056EPSS
Exploits0
OSV
OSV
added 2026/06/04 12:17 p.m.6 views

MINI-GJ5M-278V-39HP

Bulletin has no description...

6.5CVSS5.7AI score0.00248EPSS
Exploits0
NVD
NVD
added 2026/05/27 6:16 p.m.14 views

CVE-2026-48151

Budibase is an open-source low-code platform. Prior to 3.39.0, the webhook schema-building endpoint is registered under builderRoutes, but the generic authorization middleware skips authorization for all paths matching /api/webhooks/schema. As a result, an unauthenticated caller can update the bo...

7.5CVSS0.00224EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 4:52 p.m.21 views

CVE-2026-48153

Budibase: CVE-2026-48153 affects Budibase before 3.39.0. The OAuth2 SDK’s fetchToken makes a POST to a builder-supplied URL using plain node-fetch and bypasses the isBlacklisted outbound-fetch path check, and the OAuth2 URL Joi schema has no scheme/host restrictions. This enables SSRF to reach in...

8.5CVSS5.8AI score0.00174EPSS
Exploits0References1
NVD
NVD
added 2026/05/22 8:16 p.m.11 views

CVE-2026-40610

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.38 and prior, the build packaging workflow follows attacker-controlled symlinks inside the build context and copies the referenced file contents into the generated Bento...

5.5CVSS0.00284EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/05/13 8:23 p.m.9 views

CVE-2026-43992

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, every MCP write tool sendtokens, executecontract, instantiatecontract, uploadwasm, ibctransfer, etc. accepted 'mnemonic: string' as an explicit tool-call parameter. The BIP-39 seed was consequently embedded in th...

9.8CVSS5.8AI score0.00225EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 4:25 p.m.8 views

EUVD-2026-29541

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, every MCP write tool sendtokens, executecontract, instantiatecontract, uploadwasm, ibctransfer, etc. accepted 'mnemonic: string' as an explicit tool-call parameter. The BIP-39 seed was consequently embedded in th...

9.8CVSS5.8AI score0.00225EPSS
Exploits0References3
Chainguard
Chainguard
added 2026/05/12 1:17 p.m.12 views

GHSA-QCCP-GFCP-XXVC vulnerabilities

Vulnerabilities for packages: azureml-inference-server-http, authentik-fips, datahub-ingestion-fips, spamcheck, datahub-ingestion, ansible-operator, azure-functions-host, dbt-snowflake, gitlab-cng-fips, localstack, mlflow, py3-cassandra-medusa, datadog-agent, py3-pip, airflow-core, label-studio,...

5.9AI score
Exploits0
OpenVAS
OpenVAS
added 2026/04/15 12:0 a.m.8 views

SUSE: Security Advisory (SUSE-SU-2026:1296-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS5.8AI score0.00621EPSS
Exploits0References7
NVD
NVD
added 2026/04/14 3:16 p.m.6 views

CVE-2025-69893

A side-channel vulnerability exists in the implementation of BIP-39 mnemonic processing, as observed in Trezor One v1.13.0 to v1.14.0, Trezor T v1.13.0 to v1.14.0, and Trezor Safe v1.13.0 to v1.14.0 hardware wallets. This originates from the BIP-39 standard guidelines, which induce non-constant...

4.6CVSS0.00246EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/14 12:0 a.m.4 views

CVE-2025-69893

A side-channel vulnerability exists in the implementation of BIP-39 mnemonic processing, as observed in Trezor One v1.13.0 to v1.14.0, Trezor T v1.13.0 to v1.14.0, and Trezor Safe v1.13.0 to v1.14.0 hardware wallets. This originates from the BIP-39 standard guidelines, which induce non-constant...

6AI score0.00246EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.12 views

PT-2026-32627

A side-channel vulnerability exists in the implementation of BIP-39 mnemonic processing, as observed in Trezor One v1.13.0 to v1.14.0, Trezor T v1.13.0 to v1.14.0, and Trezor Safe v1.13.0 to v1.14.0 hardware wallets. This originates from the BIP-39 standard guidelines, which induce non-constant...

4.6CVSS6AI score0.00246EPSS
Exploits0References4
CVE
CVE
added 2026/04/14 12:0 a.m.7 views

CVE-2025-69893

CVE-2025-69893 describes a side-channel vulnerability in BIP-39 mnemonic processing observed in Trezor hardware wallets (One v1.13.0–v1.14.0, T v1.13.0–v1.14.0, Safe v1.13.0–v1.14.0). The root cause is non-constant time execution and specific branch patterns during word search dictated by the BIP...

4.6CVSS6AI score0.00246EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2026/04/13 12:32 p.m.8 views

Security update for python39

This update for python39 fixes the following issues: CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives bsc1259611. CVE-2026-3644: incomplete control character validation in http.cookies can lead to input...

8.2CVSS5.9AI score0.00621EPSS
Exploits0References16
EUVD
EUVD
added 2026/04/08 12:12 a.m.9 views

EUVD-2026-19728

Emissary has GitHub Actions Shell Injection via Workflow Inputs...

9.1CVSS5.9AI score0.00566EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/04/07 3:56 p.m.3 views

CVE-2026-35581

Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, the Executrix utility class constructed shell commands by concatenating configuration-derived values — including the PLACENAME parameter — with insufficient sanitization. Only spaces were replaced with underscores, allowing she...

7.2CVSS5.9AI score0.00563EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder