Lucene search
K

4586 matches found

Nuclei
Nuclei
added 3 days ago162 views

Apache Log4j2 - Remote Code Injection

Apache Log4j2 Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations. id: CVE-2021-45046 info: name: Apache Log4j2 - Remote Code Injection author: ImNightmaree severity: critical description: Apache Log4j2 Thread Context Lookup Pattern is...

9CVSS7.2AI score0.99977EPSS
Exploits40References5
EUVD
EUVD
added 5 days ago10 views

EUVD-2026-38358

pypdf: Possible infinite loop when processing threads/articles in writer...

6.9CVSS5.9AI score0.00111EPSS
Exploits0References4
NVD
NVD
added 5 days ago8 views

CVE-2026-59215

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, channel thread parent and reply handling did not bind parentid to the channel in the URL, allowing an authenticated user to reference a message from another private or DM channel and disclose...

3.1CVSS0.00257EPSS
Exploits0References4
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-59215 Open WebUI: Private channel messages can be disclosed through cross-channel thread parent_id binding

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, channel thread parent and reply handling did not bind parentid to the channel in the URL, allowing an authenticated user to reference a message from another private or DM channel and disclose...

3.1CVSS0.00257EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-59215

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, channel thread parent and reply handling did not bind parentid to the channel in the URL, allowing an authenticated user to reference a message from another private or DM channel and disclose...

3.1CVSS5.9AI score0.00257EPSS
Exploits0References5Affected Software1
CVE
CVE
added 5 days ago8 views

CVE-2026-59215

Open WebUI prior to 0.10.0 contains a cross-channel thread context exposure bug: channel thread parent_id binding did not bind to the URL, allowing an authenticated user to reference a message from another private or DM channel and disclose thread context across channels. The issue is fixed in ve...

3.1CVSS5.9AI score0.00257EPSS
Exploits0References4Affected Software1
CVE
CVE
added 5 days ago36 views

CVE-2025-58146

CVE-2025-58146 affects Xen/XAPI: three issues in UTF-8 handling and input sanitisation of XAPI database. (1) Unsanitised input used for notifications can terminate the database event thread and stop processing. (2) UTF-8 encoder aligns with Unicode v3.0 while libraries use v3.1, allowing strings ...

9.4CVSS5.9AI score0.00137EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 5 days ago5 views

Moderate: Red Hat Security Advisory: perl:5.32 security update

An update for the perl:5.32 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common...

5.9CVSS6AI score0.0037EPSS
Exploits0References2
OSV
OSV
added last week4 views

PYSEC-2026-1563 LlamaIndex Improper Handling of Exceptional Conditions vulnerability

A vulnerability in the LangChainLLM class of the run-llama/llamaindex repository, version v0.12.5, allows for a Denial of Service DoS attack. The streamcomplete method executes the llm using a thread and retrieves the result via the getresponsegen method of the StreamingGeneratorCallbackHandler...

7.5CVSS7.2AI score0.00761EPSS
Exploits1References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 6:53 p.m.6 views

Malicious code in log-format-thread (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e034e855661cc792a14908c613b0d3ae31917a99927ddf0db29b1ae173df0cd Package advertises itself as a log formatter but exposes an undocumented threadContent option on createLogger that is forwarded to a worker thread...

6.3AI score
Exploits0References3
OSV
OSV
added 2026/07/06 6:53 p.m.5 views

MAL-2026-6848 Malicious code in log-format-thread (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e034e855661cc792a14908c613b0d3ae31917a99927ddf0db29b1ae173df0cd Package advertises itself as a log formatter but exposes an undocumented threadContent option on createLogger that is forwarded to a worker thread...

6.4AI score
Exploits0References3
OSV
OSV
added 2026/07/06 8:48 a.m.5 views

USN-8508-1 linux-nvidia-6.17 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - S390 architecture; - Block layer subsystem; - Cryptographic API; - DMA engine subsystem; - GP...

9.8CVSS6.2AI score0.00817EPSS
Exploits9References85
NVD
NVD
added 2026/07/04 2:16 p.m.10 views

CVE-2026-14629

A flaw has been found in RT-Thread up to 5.2.2. Affected is the function read/write/sysioctl of the file components/lwp/lwpsyscall.c of the component Parameter Handler. Executing a manipulation can lead to divide by zero. The attack may be launched remotely. The exploit has been published and may...

5.3CVSS0.00309EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/07/04 1:15 p.m.28 views

CVE-2026-14629 RT-Thread Parameter lwp_syscall.c sys_ioctl divide by zero

A flaw has been found in RT-Thread up to 5.2.2. Affected is the function read/write/sysioctl of the file components/lwp/lwpsyscall.c of the component Parameter Handler. Executing a manipulation can lead to divide by zero. The attack may be launched remotely. The exploit has been published and may...

5.3CVSS0.00309EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/07/04 1:15 p.m.8 views

CVE-2026-14629

A flaw has been found in RT-Thread up to 5.2.2. Affected is the function read/write/sysioctl of the file components/lwp/lwpsyscall.c of the component Parameter Handler. Executing a manipulation can lead to divide by zero. The attack may be launched remotely. The exploit has been published and may...

5.3CVSS5.5AI score0.00309EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/04 1:15 p.m.8 views

EUVD-2026-41674

A flaw has been found in RT-Thread up to 5.2.2. Affected is the function read/write/sysioctl of the file components/lwp/lwpsyscall.c of the component Parameter Handler. Executing a manipulation can lead to divide by zero. The attack may be launched remotely. The exploit has been published and may...

5.3CVSS5.5AI score0.00309EPSS
Exploits0References7
CVE
CVE
added 2026/07/04 1:15 p.m.17 views

CVE-2026-14629

RT-Thread up to 5.2.2 contains a vulnerability in the Parameter Handler’s lwp_syscall.c, affecting the read/write/sys_ioctl functions. The root cause is a divide-by-zero condition, exploitable remotely. The exploit has been published, and a patch is pending acceptance via a pull request. No remed...

5.3CVSS5.5AI score0.00309EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/04 12:0 a.m.14 views

PT-2026-55706

Name of the Vulnerable Software and Affected Versions RT-Thread versions prior to 5.2.3 Description A flaw in the Parameter Handler component allows a remote attacker to cause a divide by zero error. This issue occurs within the read, write, and sys ioctl functions located in the components/lwp/l...

5.3CVSS6AI score0.00309EPSS
Exploits0References13
NVD
NVD
added 2026/07/03 8:16 p.m.11 views

CVE-2026-14605

A vulnerability was identified in RT-Thread up to 5.0.2. Affected by this vulnerability is the function recvmsg in the library bsp/loongson/ls1cdev/libraries/ls1ccan.h of the component ls1c CAN Handler. Such manipulation leads to stack-based buffer overflow. Local access is required to approach...

8.5CVSS0.00141EPSS
Exploits0References6
NVD
NVD
added 2026/07/03 8:16 p.m.8 views

CVE-2026-14606

A security flaw has been discovered in RT-Thread up to 5.0.2. Affected by this issue is the function CANReceive in the library bsp/synwit/libraries/SWM341CSL/CMSIS/DeviceSupport/SWM341.h of the component SWM341 CAN Handler. Performing a manipulation results in stack-based buffer overflow. The...

8.5CVSS0.00141EPSS
Exploits0References6
Rows per page
Query Builder