Lucene search
K

6013 matches found

OSV
OSV
added 5 days ago3 views

CVE-2026-55780 NanaZip: Uncaught exception / unbounded allocation in NanaZip .NET single-file Extract() via unvalidated entry Size

NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's .NET single-file bundle handler in NanaZip.Codecs.Archive.DotNetSingleFile.cpp sizes its extraction buffer from the bundle entry Size field, which is only checked for sign and is not validat...

2.4CVSS6.2AI score0.00112EPSS
Exploits0References5
NVD
NVD
added 5 days ago4 views

CVE-2026-40008

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Apache IoTDB. The pipe processor reads a fully qualified Java class name and instantiates it using Class.forName.newInstance without any validation or allowlisting. This issue affects Apache IoTDB:...

9.8CVSS0.00332EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-55615 Langroid: Neo4jChatAgent executes LLM-generated Cypher without validation (prompt-to-Cypher injection; config-conditional RCE), mirroring the SQLChatAgent bug fixed in CVE-2026-25879

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.5, Neo4jChatAgent passes LLM-generated Cypher queries straight to the Neo4j driver with no validation, no statement-type allowlist, and no opt-out gate. The query text is influenceable by prompt...

9.2CVSS0.00461EPSS
Exploits0References2
CVE
CVE
added 6 days ago27 views

CVE-2026-55615

Langroid CVE-2026-55615 affects the Neo4jChatAgent path, where LLM-generated Cypher queries are sent unvalidated to the Neo4j driver prior to version 0.65.5. Connected docs describe a prompt-injection risk enabling read/write/destroy of graph data and, with APOC or dbms.security, potential OS com...

9.2CVSS6AI score0.00461EPSS
Exploits0References2
OSV
OSV
added 6 days ago2 views

CVE-2026-55615 Langroid: Neo4jChatAgent executes LLM-generated Cypher without validation (prompt-to-Cypher injection; config-conditional RCE), mirroring the SQLChatAgent bug fixed in CVE-2026-25879

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.5, Neo4jChatAgent passes LLM-generated Cypher queries straight to the Neo4j driver with no validation, no statement-type allowlist, and no opt-out gate. The query text is influenceable by prompt...

9.2CVSS6.1AI score0.00461EPSS
Exploits0References4
EUVD
EUVD
added 6 days ago13 views

EUVD-2026-33938

mint has potential CRLF injection in its HTTP request line via unvalidated method/target...

2.1CVSS5.9AI score0.00166EPSS
Exploits0References5
NVD
NVD
added 6 days ago7 views

CVE-2026-39245

decompress before 4.2.2 contains an improper path containment check that enables directory traversal and arbitrary file write. The safeMakeDir function index.js line 29 and the extraction path validation index.js line 106 use String.indexOf to verify the resolved path is within the output...

6.2CVSS0.00268EPSS
Exploits1References4
CVE
CVE
added 6 days ago11 views

CVE-2026-59216

Open WebUI prior to 0.10.0 is vulnerable to cross-user code execution via unvalidated Socket.IO event-caller session_id. The get_event_call path delivers execute:python and execute:tool events to a client-supplied session_id after only confirming the session is connected, enabling an attacker who...

9CVSS6AI score0.00308EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-59216 Open WebUI: Cross-user code-interpreter and tool execution via unvalidated Socket.IO event-caller session_id

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, geteventcall delivered execute:python and execute:tool Socket.IO events to a client-supplied sessionid after checking only that the session was connected, allowing authenticated users who learne...

7.7CVSS0.00308EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 6 days ago2 views

net-imap: Net::IMAP: Arbitrary IMAP command injection via CRLF sequences in unvalidated input

A flaw was found in Net::IMAP before 0.4.24, 0.5.14, and 0.6.4. Several commands accept raw string arguments sent to the server without validation or escaping; if derived from user-controlled input, CRLF sequences allow injection of arbitrary IMAP commands...

9.8CVSS6.1AI score0.00429EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-56968

Name of the Vulnerable Software and Affected Versions decompress versions prior to 4.2.2 Description An issue exists during archive extraction where arbitrary hardlink creation is possible. When processing hardlink entries type === 'link', the x.linkname field from the archive is passed directly ...

5.5CVSS6.2AI score0.00248EPSS
Exploits1References6
EUVD
EUVD
added last week6 views

EUVD-2026-42298

repomix contains a server-side request forgery vulnerability in the POST /api/pack endpoint that allows unauthenticated attackers to make arbitrary outbound requests. The endpoint fails to properly validate http://, https://, and file:// URLs before passing them to git clone, enabling attackers t...

9.3CVSS6.1AI score0.00324EPSS
Exploits0References4
Cvelist
Cvelist
added last week33 views

CVE-2026-59702 repomix - Server-Side Request Forgery via Unvalidated Repository URLs in POST /api/pack

repomix contains a server-side request forgery vulnerability in the POST /api/pack endpoint that allows unauthenticated attackers to make arbitrary outbound requests. The endpoint fails to properly validate http://, https://, and file:// URLs before passing them to git clone, enabling attackers t...

9.3CVSS0.00324EPSS
Exploits0References4
CVE
CVE
added last week13 views

CVE-2026-59702

Summary: CVE-2026-59702 affects repomix. A server-side request forgery exists in POST /api/pack, where unauthenticated attackers can cause the server to fetch arbitrary URLs without proper validation. The endpoint accepts http://, https://, and file:// URLs and passes them to git clone, enabling ...

9.3CVSS6.1AI score0.00324EPSS
Exploits0References4
OSV
OSV
added last week2 views

CVE-2026-59702 repomix - Server-Side Request Forgery via Unvalidated Repository URLs in POST /api/pack

repomix contains a server-side request forgery vulnerability in the POST /api/pack endpoint that allows unauthenticated attackers to make arbitrary outbound requests. The endpoint fails to properly validate http://, https://, and file:// URLs before passing them to git clone, enabling attackers t...

9.2CVSS6.2AI score0.00324EPSS
Exploits0References6
NVD
NVD
added last week8 views

CVE-2026-57255

The application opens a PDF containing an abnormal color space whose attributes reference a valid but semantically malformed function. The function's output is not validated; when subsequently read, it produces an illegal pointer that accesses an out-of-bounds region, crashing the application...

6.1CVSS0.00107EPSS
Exploits0References1
EUVD
EUVD
added last week7 views

EUVD-2026-42198

The application opens a PDF containing an abnormal color space whose attributes reference a valid but semantically malformed function. The function's output is not validated; when subsequently read, it produces an illegal pointer that accesses an out-of-bounds region, crashing the application...

6.1CVSS6AI score0.00107EPSS
Exploits0References1
OSV
OSV
added 2026/07/08 12:10 a.m.6 views

CVE-2026-55431 Coder's session token leaked to arbitrary hosts via `coder open app` for external workspace apps

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, coder open app opens external workspace-app URLs without validating the scheme or host. When an external app URL contains the $SESSIONTOKEN placeholder the...

7.7CVSS6AI score0.00336EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.11 views

PT-2026-56354

Name of the Vulnerable Software and Affected Versions Foxit PDF Editor/Reader affected versions not specified Description The application crashes when opening a PDF containing an abnormal color space. This occurs because the attributes reference a valid but semantically malformed function whose...

6.1CVSS6.1AI score0.00107EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/07/07 4:24 p.m.4 views

CVE-2026-58371

A flaw was found in SeaweedFS. This vulnerability allows a remote attacker to disclose sensitive information by exploiting an unvalidated JSONP JavaScript Object Notation with Padding callback parameter. The system reflects the callback parameter directly into responses without proper validation ...

3.1CVSS5.8AI score0.0021EPSS
Exploits0References8
Rows per page
Query Builder