Lucene search
K

16557 matches found

Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-13501 antlr ANTLR4 gofmt GoTarget.java GoTarget command injection

A security vulnerability has been detected in antlr ANTLR4 up to 4.13.2. Affected by this vulnerability is the function GoTarget of the file tool/src/org/antlr/v4/codegen/target/GoTarget.java of the component gofmt. The manipulation leads to command injection. The attack can only be performed fro...

5.3CVSS0.00678EPSS
Exploits0References5
EUVD
EUVD
added 6 days ago10 views

EUVD-2026-36598

Nezha Monitoring: Pre-auth path traversal via /dashboard.. prefix confusion leaks jwtsecretkey...

9.1CVSS5.8AI score0.00451EPSS
Exploits1References2
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-36600

Nezha Monitoring: Stored future DDNS profile ID allows unauthorized use of another user's DDNS profile context...

6.4CVSS5.8AI score0.00227EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago10 views

EUVD-2026-38069

YARD static cache reads raw traversal paths before router sanitization...

5.3CVSS5.8AI score0.00273EPSS
Exploits0References3
NVD
NVD
added 6 days ago5 views

CVE-2026-55441

mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.4, mise's trust feature gates config files mise.toml, .tool-versions through trustcheck, but task-include files are loaded on a path that never reaches it. When a directory has a task-include dir mise-tasks/,...

8.6CVSS0.00184EPSS
Exploits0References1
NVD
NVD
added 6 days ago6 views

CVE-2026-55448

mise manages dev tools like node, python, cmake, and terraform. From 2026.3.15 until 2026.6.4, mise loads github.credentialcommand from local project config before any trust decision, then executes that value with sh -c when resolving a GitHub token. An attacker who can place a .mise.toml in a...

6.3CVSS0.00159EPSS
Exploits0References1
NVD
NVD
added 6 days ago10 views

CVE-2026-54557

mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.1, the mise HTTP backend builds its install symlink destination from the raw resolved version string for non-latest versions. Normal tool install paths use the sanitized version pathname, but the HTTP backend's symlin...

5.5CVSS0.00175EPSS
Exploits0References1
NVD
NVD
added 6 days ago10 views

CVE-2026-33646

mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.3.10, mise processes .tool-versions files through the Tera template engine during parsing, with the exec function registered, enabling arbitrary command execution. Unlike .mise.toml files, .tool-versions files are not...

9.6CVSS0.00685EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago7 views

CVE-2026-33646

mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.3.10, mise processes .tool-versions files through the Tera template engine during parsing, with the exec function registered, enabling arbitrary command execution. Unlike .mise.toml files, .tool-versions files are not...

9.6CVSS6AI score0.00685EPSS
Exploits0References2Affected Software1
CVE
CVE
added 6 days ago29 views

CVE-2026-33646

CVE-2026-33646 affects Mise: prior to 2026.3.10, Processed .tool-versions with Tera where exec() is registered, allowing arbitrary code execution when a malicious .tool-versions file is parsed during shell CD hooks. Unlike .mise.toml, .tool-versions is not trusted in non-paranoid mode, so an atta...

9.6CVSS6AI score0.00685EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-33646 mise: Arbitrary Code Execution via Tera Templates in .tool-versions Files (Trust Bypass)

mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.3.10, mise processes .tool-versions files through the Tera template engine during parsing, with the exec function registered, enabling arbitrary command execution. Unlike .mise.toml files, .tool-versions files are not...

9.6CVSS0.00685EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-55441

mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.4, mise's trust feature gates config files mise.toml, .tool-versions through trustcheck, but task-include files are loaded on a path that never reaches it. When a directory has a task-include dir mise-tasks/,...

8.6CVSS5.9AI score0.00184EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 6 days ago36 views

CVE-2026-55441 mise: Arbitrary command execution via task-include files in an untrusted, config-less repository

mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.4, mise's trust feature gates config files mise.toml, .tool-versions through trustcheck, but task-include files are loaded on a path that never reaches it. When a directory has a task-include dir mise-tasks/,...

8.6CVSS0.00184EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago7 views

CVE-2026-54557

mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.1, the mise HTTP backend builds its install symlink destination from the raw resolved version string for non-latest versions. Normal tool install paths use the sanitized version pathname, but the HTTP backend's symlin...

5.5CVSS5.8AI score0.00175EPSS
Exploits0References2Affected Software1
CVE
CVE
added 6 days ago17 views

CVE-2026-55448

CVE-2026-55448 is confirmed across multiple sources as a local command-exécution vulnerability in the mise tool. An attacker who can place a repository-local .mise.toml can have mise load github.credential_command from local project config and execute its value via sh -c when resolving a GitHub t...

6.3CVSS6AI score0.00159EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-55448

mise manages dev tools like node, python, cmake, and terraform. From 2026.3.15 until 2026.6.4, mise loads github.credentialcommand from local project config before any trust decision, then executes that value with sh -c when resolving a GitHub token. An attacker who can place a .mise.toml in a...

6.3CVSS6AI score0.00159EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 6 days ago30 views

CVE-2026-3472 Markdown image rendering bypass in AI bot tool result posts in Mattermost

Mattermost versions 10.11.x = 10.11.18, 11.6.x = 11.6.3, 11.5.x = 11.5.6 fail to properly apply markdown image rendering restrictions to AI bot tool result posts, which allows an authenticated attacker to exfiltrate data to an attacker-controlled server via injecting markdown image syntax into to...

3.5CVSS0.00194EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago6 views

Malicious code in sqligen (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de59ac5884f286d69e42a71ba0cb7b99aa06d2b1f0e28a279a84d3db86eb3196 setup.py contains an obfuscated install-time dropper that fires on Windows. Two functions with diagnostic-sounding names 'GetDefaultSystemPolicy' /...

6.5AI score
Exploits0References7
OSV
OSV
added 6 days ago4 views

MAL-2026-6515 Malicious code in sqligen (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de59ac5884f286d69e42a71ba0cb7b99aa06d2b1f0e28a279a84d3db86eb3196 setup.py contains an obfuscated install-time dropper that fires on Windows. Two functions with diagnostic-sounding names 'GetDefaultSystemPolicy' /...

6.5AI score
Exploits0References7
Cvelist
Cvelist
added 2026/06/25 9:41 p.m.21 views

CVE-2025-71340 picklescan - Remote Code Execution via idlelib.pyshell.ModifiedInterpreter.runcode

picklescan through 0.0.26 fails to detect malicious pickle files that invoke idlelib.pyshell.ModifiedInterpreter.runcode in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when the file is loaded via pickle.load, enabling supply chain attacks o...

8.1CVSS0.003EPSS
Exploits0References2
Rows per page
Query Builder