Lucene search
K

6451 matches found

CVE
CVE
added 2026/05/28 5:59 a.m.26 views

CVE-2026-44604

CVE-2026-44604 affects the RPM rpmuncompress utility. The vulnerability arises when extracting ZIP, 7z, or GEM archives to a destination directory: the archive’s top-level folder name is inserted into a shell command without proper sanitization, allowing a crafted archive with shell metacharacter...

7CVSS6AI score0.00547EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/28 5:59 a.m.40 views

CVE-2026-44604 Rpm: command injection in rpmuncompress dountar() via unescaped archive top-level directory name in popen() shell command

A command injection vulnerability was discovered in the rpmuncompress utility of RPM. When extracting certain archive formats ZIP, 7z, GEM to a specified destination directory, the tool inserts the archive's top-level folder name into a shell command without properly sanitizing it. A specially...

7CVSS0.00547EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/05/28 5:59 a.m.18 views

CVE-2026-44604

A command injection vulnerability was discovered in the rpmuncompress utility of RPM. When extracting certain archive formats ZIP, 7z, GEM to a specified destination directory, the tool inserts the archive's top-level folder name into a shell command without properly sanitizing it. A specially...

7CVSS6AI score0.00547EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/28 5:59 a.m.15 views

CVE-2026-44604 Rpm: command injection in rpmuncompress dountar() via unescaped archive top-level directory name in popen() shell command

A command injection vulnerability was discovered in the rpmuncompress utility of RPM. When extracting certain archive formats ZIP, 7z, GEM to a specified destination directory, the tool inserts the archive's top-level folder name into a shell command without properly sanitizing it. A specially...

7CVSS6AI score0.00547EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/28 5:59 a.m.12 views

CVE-2026-44604

A command injection vulnerability was discovered in the rpmuncompress utility of RPM. When extracting certain archive formats ZIP, 7z, GEM to a specified destination directory, the tool inserts the archive's top-level folder name into a shell command without properly sanitizing it. A specially...

7CVSS6AI score0.00547EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

rpm 操作系统命令注入漏洞

rpm is a powerful command-line-driven package management tool from the rpm organization. It is used for installing, uninstalling, verifying, querying, and updating software packages on Linux systems. rpm has a vulnerability related to operating system command injection. This vulnerability arises...

7CVSS6.1AI score0.00547EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.14 views

AnythingLLM 后置链接漏洞

AnythingLLM is an integrated AI application developed by Mintplex. Versions of AnythingLLM prior to 1.13.0 contained a post-link vulnerability. This vulnerability stemmed from the file system replication tool only verifying the top-level source and target paths. The recursive replication assistan...

2.5CVSS5.8AI score0.00193EPSS
Exploits1References2
OSV
OSV
added 2026/05/26 11:38 p.m.10 views

GHSA-9RFG-V8G9-9367 Fedify has an LD-Signature Bypass via JSON-LD Named-Graph Restructuring

As told on Discord earlier, multiple projects are affected, and we would like to coordinate. For now, we are aiming at a May 6th release date, but this is not set in stone yet. Summary An attacker can make use of JSON-LD features to restructure a JSON-LD document that would change how Fedify...

7CVSS5.4AI score0.00171EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/05/26 8:4 a.m.10 views

WordPress Top Dog theme <= 1.0.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Top Dog versions = 1.0.5...

5.8AI score0.00435EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/05/23 2:30 p.m.63 views

CVE-2026-9305

CVE-2026-9305 affects QuantumNous new-api self Endpoint up to version 0.12.1. The vulnerable element is the functions SearchUserTopUps and SearchAllTopUps in file model/topup.go, enabling a SQL injection via remote exposure. Public exploit availability is claimed. No remediation details are provi...

6.5CVSS6.4AI score0.00192EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2026/05/23 12:0 a.m.13 views

CyBOKClaw: Human-In-The-Loop CyBOK Mapping for Cybersecurity Curriculum

This paper presents CyBOKClaw, an interpretable human-in-the-loop retrieval framework for mapping cybersecurity keywords or phrases KWoPs to the Cyber Security Body of Knowledge CyBOK. Rather than treating the task as strict exact classification, the framework is designed as a top-k candidate...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.20 views

New API SQL注入漏洞

The New API is an interface software developed by QuantumNous. Versions of the New API prior to 0.12.1 have a SQL injection vulnerability. This vulnerability originates from the SearchUserTopUps/SearchAllTopUps function in the model/topup.go file of the self Endpoint component, which may lead to...

6.5CVSS6.7AI score0.00192EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: cpuset: Fixed the warning that occurs when disabling a remote partition. A warning was triggered as follows: WARNING: kernel/cgroup/cpuset.c:1651 at remotepartitiondisable+0xf7/0x110 RIP: 0010:remotepartitiondisable+0xf7/0x110 RS...

5.5CVSS5.4AI score0.00102EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: rtla: Avoid dereferencing a NULL pointer. Fixed the following null/derefnull.cocci errors: ./tools/tracing/rtla/src/osnoisehist.c:870:31-36: Error: The record is NULL, but it was dereferenced...

5.5CVSS6AI score0.00209EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Firefox and Thunderbird

Documents in deeply-nested cross-origin browsing contexts may have obtained permissions granted to the top-level origin, bypassing the existing prompts and wrongly inheriting the top-level permissions. This vulnerability affects Thunderbird 91.9, Firefox ESR 91.9, and Firefox 100...

8.8CVSS8.1AI score0.00848EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.11 views

Astra Linux – Vulnerability in Thunderbird

When receiving an email message signed with OpenPGP/MIME and containing an additional outer MIME message layer, such as a message footer added by a mailing list gateway, Thunderbird only considers the signed inner message for signature validity. This creates the false impression that the addition...

6.5CVSS6.6AI score0.00432EPSS
Exploits0References1
NVD
NVD
added 2026/05/19 10:16 p.m.17 views

CVE-2024-36343

Improper input validation in the System Management Mode SMM communications buffer could allow a privileged attacker to perform an out of bounds read or write to a limited section of the Top of Memory Segment TSEG memory region, potentially resulting in loss of confidentiality or integrity...

4.6CVSS0.00186EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/19 9:3 p.m.13 views

CVE-2024-36343

Improper input validation in the System Management Mode SMM communications buffer could allow a privileged attacker to perform an out of bounds read or write to a limited section of the Top of Memory Segment TSEG memory region, potentially resulting in loss of confidentiality or integrity...

4.6CVSS5.9AI score0.00186EPSS
Exploits0References2
CVE
CVE
added 2026/05/19 9:3 p.m.15 views

CVE-2024-36343

CVE-2024-36343 describes improper input validation in the System Management Mode (SMM) communications buffer, enabling a privileged attacker to perform an out-of-bounds read or write in a limited portion of the Top of Memory Segment (TSEG) on AMD platforms. The issue can impact confidentiality an...

4.6CVSS5.9AI score0.00186EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/05/19 5:24 a.m.102 views

owasp-web-pentest-tools

OWASP Web Pentest Tools CLI toolkit para suporte em testes de...

5.9AI score
Exploits0
Rows per page
Query Builder