Lucene search
+L

790 matches found

EUVD
EUVD
added 2 days ago7 views

EUVD-2026-45324

cssparser is a Ruby CSS parser. From 2.2.0 until 3.0.0, CssParser::Parserreadremotefile in lib/cssparser/parser.rb, and therefore loaduri! and the @import-following branch of addblock!, issued HTTP and HTTPS requests against any host, port, and URI without a scheme allowlist, host or IP filtering...

8.9CVSS5.5AI score0.00489EPSS
Exploits0References4
Qualys Blog
Qualys Blog
added 5 days ago16 views

Microsoft and Adobe Patch Tuesday, July 2026 Security Update Review

Microsoft's July 2026 Patch Tuesday delivers security updates for a broad range of products and services, including several vulnerabilities that pose significant risks to enterprise environments. As attackers continue to target unpatched systems, the timely deployment of these updates remains one...

9.8CVSS7.5AI score0.20346EPSS
Exploits1
OSV
OSV
added 5 days ago3 views

ROOT-OS-UBUNTU-2204-CVE-2026-23085 CVE-2026-23085 in rootio-linux - Patched by Root

Root has patched CVE-2026-23085 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

5.5CVSS5.4AI score0.00123EPSS
Exploits0
CVE
CVE
added 6 days ago10 views

CVE-2026-15522

The CVE-2026-15522 entry concerns the tugcantopaloglu godot-mcp package, version 2.0.0. Affected is the function validatePath in build/index.js (component run_project); manipulating the argument projectPath enables path traversal. Exploitation requires local access, and a public exploit has been ...

5.3CVSS5.9AI score0.00137EPSS
Exploits0References8
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-51541

OpENer 2.3.0 commit 76b95cf has an out-of-bounds read issue in CIP message parsing when handling malformed explicit requests with a forged EPath size. An attacker can send a valid ENIP SendRRData frame carrying a very short CIP payload whose pathsize field claims that many more path words are...

0.00379EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/07/10 3:12 a.m.6 views

SUSE CVE-2026-59927

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the Include directive in src/mistune/directives/include.py detects only direct self-includes and not indirect cycles, allowing two markdown files that include each other to trigger unbounded recursion, raise...

5.3CVSS6.1AI score0.00307EPSS
Exploits1References3
EUVD
EUVD
added 2026/07/10 12:31 a.m.8 views

EUVD-2026-42721

An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine PFE of Juniper Networks Junos OS on MX Series allows adjacent subscribers to bypass configured firewall filters. On MX Series devices with MPC10/11, LC4800/9600, and MX304 with subscribers...

5.3CVSS6AI score0.00238EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/09 4:30 p.m.27 views

CVE-2026-15192 mettle sendportal APIv1 Webhooks mailjet missing authentication

A vulnerability has been found in mettle sendportal up to 3.0.1. This issue affects the function sendgrid/postmark/postal/mailjet of the component APIv1 Webhooks. The manipulation leads to missing authentication. The attack is possible to be carried out remotely. The exploit has been disclosed to...

6.9CVSS0.00572EPSS
Exploits0References6
OSV
OSV
added 2026/07/09 9:26 a.m.2 views

CLEANSTART-2026-OV19069 Security fixes for CVE-2026-25680, CVE-2026-25681, CVE-2026-27136, CVE-2026-27140, CVE-2026-27143, CVE-2026-27144, CVE-2026-27145, CVE-2026-32280, CVE-2026-32282, CVE-2026-32283, CVE-2026-32288, CVE-2026-32289, CVE-2026-33186, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39821, CVE-2026-39823, CVE-2026-39824, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, CVE-2026-42502, CVE-2026-42504, CVE-2026-42506, CVE-2026-42507, ghsa-p77j-4mvh-x3m3 applied in versions: 2.3.0-r1

Multiple security vulnerabilities affect the mountpoint-s3-csi-driver package. These issues are resolved in later releases. See references for individual vulnerability details...

9.8CVSS6.8AI score0.01557EPSS
Exploits1References64
NVD
NVD
added 2026/07/08 5:17 p.m.9 views

CVE-2026-59928

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a Markdown document containing many repeated or distinct reference-link definitions causes quadratic work in src/mistune/blockparser.py and the reflinks environment dictionary handling, allowing denial of service...

7.5CVSS0.00366EPSS
Exploits1References3
OSV
OSV
added 2026/07/08 11:34 a.m.7 views

BIT-PILLOW-2026-55379 Pillow BdfFontFile`: `Image.new()` called without `_decompression_bomb_check()` — bomb protection bypass via font loading

Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdfchar read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new without calling Image.decompressionbombcheck, bypassing Pillow's documented decompression bomb protection...

7.5CVSS5.9AI score0.00364EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/07/07 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-54059

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py loadbitmaps read glyph dimensions from the PCF METRICS section and passed them directly ...

7.5CVSS6.4AI score0.00354EPSS
Exploits1References4
EUVD
EUVD
added 2026/07/06 6:52 p.m.6 views

EUVD-2026-41902

Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdfchar read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new without calling Image.decompressionbombcheck, bypassing Pillow's documented decompression bomb protection...

7.5CVSS6AI score0.00364EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/07/06 6:52 p.m.5 views

CVE-2026-55379

Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdfchar read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new without calling Image.decompressionbombcheck, bypassing Pillow's documented decompression bomb protection...

7.5CVSS6AI score0.00364EPSS
Exploits1References4Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/03 11:50 p.m.10 views

Malicious code in bytekit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0bbaea22b635a4a8425964572b733b806f45714a9090492d1c39d545088fe336 The package was found to contain malicious code or consuming dependency that contains malicious code Source: kam193...

6.1AI score
Exploits0References4
EUVD
EUVD
added 2026/07/02 11:15 a.m.9 views

EUVD-2026-41302

Subscriber Broken Access Control in Booked = 3.0.0 versions...

7.1CVSS5.8AI score0.00235EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 2:25 p.m.21 views

CVE-2026-58399

The CVE affects @acastellon/auth (authentication control for microservices). Versions

8.7CVSS5.8AI score0.00543EPSS
Exploits0References3
CVE
CVE
added 2026/06/30 8:34 p.m.20 views

CVE-2025-12530

IBM watsonx.data intelligence CVE-2025-12530 affects 5.2.2, 5.3.0, 5.3.1, and 5.3.1 through patch-1, where data is transmitted in clear text, enabling potential MITM access to sensitive information. The connected sources provide the affected versions and the clear-text transmission root cause; no...

5.9CVSS5.8AI score0.00203EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/30 8:19 p.m.36 views

CVE-2025-36321 Vulnerabilities found in Watson Data Intelligence

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

5.7CVSS0.00407EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 8:18 p.m.8 views

EUVD-2025-210379

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 s vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

4.3CVSS5.8AI score0.0027EPSS
Exploits0References1
Rows per page
Query Builder