Lucene search
K

866 matches found

Vulnrichment
Vulnrichment
added 2026/06/09 10:5 p.m.9 views

CVE-2026-9747 Crafted cross-shard merge aggregation crashes MongoDB Server

Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server...

7.1CVSS5.4AI score0.0027EPSS
Exploits0References1
MongoDB
MongoDB
added 2026/06/09 10:5 p.m.12 views

Crafted cross-shard merge aggregation crashes MongoDB Server

Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server...

7.1CVSS5.4AI score0.0027EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/09 5:34 p.m.12 views

MAL-2026-5450 Malicious code in o3forms (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d094d4429f1492bb6b99d802de86b97dc972e06d680a1287846e6d1635fe457 The package name impersonates the OpenMRS O3 forms ecosystem legitimate packages are published under the @openmrs/ scope. package.json declares an...

5.6AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.18 views

PT-2026-48293

Name of the Vulnerable Software and Affected Versions MongoDB Server affected versions not specified Description An issue exists where the use of fromRouter:true and runtimeConstants.userRoles can cause aggregations to crash the MongoDB server. Recommendations At the moment, there is no informati...

7.1CVSS5.2AI score0.0027EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.19 views

PT-2026-47804

Logseq exposes an IPC handler that allows the renderer process to execute shell commands. While an allowlist restricts the command name e.g. git, pandoc, grep, the argument string is concatenated with the command and passed to child process.spawn with the shell: true option, allowing shell...

8.7CVSS6.7AI score0.0027EPSS
Exploits0References3
OSV
OSV
added 2026/05/29 5:50 p.m.30 views

GHSA-M4WX-M65X-GHRR vm2 has a CVE-2023-37903 patch bypass: nesting:true without explicit require still allows full RCE

Summary The fix for GHSA-8hg8-63c5-gwmx CVE-2023-37903 introduced a check in nodevm.js line 263 that blocks the combination nesting: true + require: false. However, the check uses strict equality options.require === false, which is trivially bypassed by omitting the require option entirely. When...

10CVSS6.1AI score0.00382EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/05/29 5:50 p.m.19 views

vm2 has a CVE-2023-37903 patch bypass: nesting:true without explicit require still allows full RCE

Summary The fix for GHSA-8hg8-63c5-gwmx CVE-2023-37903 introduced a check in nodevm.js line 263 that blocks the combination nesting: true + require: false. However, the check uses strict equality options.require === false, which is trivially bypassed by omitting the require option entirely. When...

10CVSS6.3AI score0.0279EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2026/05/28 12:0 a.m.32 views

CVE-2026-42999

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforcecall unconditionally merges the raw JSON request body into the policy enforcement dictionary via policydict.updatejsoninput.copy, overwriting trusted target data that was previously set from...

6CVSS0.00329EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/05/27 10:51 p.m.19 views

FUXA's Unauthenticated Project Data Disclosure Exposes Server-Side Scripts and Device Configurations

Summary The GET /api/project endpoint exposes sensitive project configuration data to guest-context requests even when secureEnabled is enabled. Details File: server/api/projects/index.js javascript prjApp.get"/api/project", secureFnc, functionreq, res const permission = checkGroupsFncreq;...

5.9AI score0.00088EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, stemming from a memory leak in the weightedinterleaveautostore function. This vulnerability may cause state object...

5.8AI score0.00126EPSS
Exploits0References3
NVD
NVD
added 2026/05/26 9:16 p.m.14 views

CVE-2026-44708

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the mistune math plugin renders inline math $...$ and block math $$...$$ by concatenating the raw user-supplied content directly into the HTML output without any HTML escaping. This occurs even when the parser is...

6.1CVSS0.00228EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/26 8:39 p.m.11 views

CVE-2026-44708

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the mistune math plugin renders inline math $...$ and block math $$...$$ by concatenating the raw user-supplied content directly into the HTML output without any HTML escaping. This occurs even when the parser is...

6.1CVSS5.8AI score0.00228EPSS
Exploits1References3Affected Software1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: bpf: Fixed the exception exit lock checking for subprogs. The processbpfexitfull function passes checklock = !curframe to checkresourceleak, which results in a false negative when bpfthrow is called from a static subprog. This...

5.5CVSS5.8AI score0.001EPSS
Exploits0References1
Veracode
Veracode
added 2026/05/16 5:29 a.m.12 views

Authorization Bypass

Netmaker is vulnerable to Authorization Bypass. The vulnerability is due to improper authorization logic in the Authorize middleware, where a valid host JWT token is accepted when hostAllowed=true without verifying that the host is authorized to access the specific target resource, allowing acces...

8.6CVSS7.3AI score0.00366EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/05/15 8:16 p.m.36 views

CVE-2026-44554

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the POST /api/v1/retrieval/process/web endpoint accepts a user-supplied collectionname and an overwrite query parameter default: True. It performs no authorization check on whether t...

8.1CVSS0.00295EPSS
Exploits1References1
Snyk
Snyk
added 2026/05/14 9:22 p.m.6 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation due to the reliance on client-supplied IP address headers such as X-Forwarded-For, X-Real-IP, and True-Client-IP. An attacker can circumvent per-IP rate limiting by supplying arbitrary values in these headers, causing...

6.9CVSS5.7AI score0.0043EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/14 8:29 p.m.12 views

DeepSeek TUI: task_create Insecure Defaults Enable RCE via Prompt Injection in Project Files

Summary The taskcreate tool spawns durable sub-agents that inherit two insecure defaults: - allowshell defaults to true config.rs:1499: self.allowshell.unwraportrue - autoapprove defaults to true taskmanager.rs:297: autoapprove: Sometrue When a user approves a taskcreate call which requires...

9.6CVSS5.8AI score0.0026EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/05/14 1:13 p.m.7 views

GHSA-J8H8-75H3-JG53 Fleet has a rate limiting bypass via untrusted client IP headers

Impact Fleet trusted client-supplied IP address headers when determining the source IP for incoming requests. This allowed authenticated and unauthenticated clients to spoof their apparent IP address and bypass per-IP rate limiting controls. Fleet determines a client’s public IP address using HTT...

6.9CVSS6.6AI score0.0043EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/14 1:13 p.m.13 views

Fleet has a rate limiting bypass via untrusted client IP headers

Impact Fleet trusted client-supplied IP address headers when determining the source IP for incoming requests. This allowed authenticated and unauthenticated clients to spoof their apparent IP address and bypass per-IP rate limiting controls. Fleet determines a client’s public IP address using HTT...

6.9CVSS6.6AI score0.0043EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.13 views

PT-2026-40968

Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.80.1 Description Fleet trusted client-supplied IP address headers when determining the source IP for incoming requests. This allowed authenticated and unauthenticated clients to spoof their apparent IP address and...

6.9CVSS6AI score0.0043EPSS
Exploits0References6
Rows per page
Query Builder