Lucene search
K

13 matches found

RedhatCVE
RedhatCVE
added 2026/07/02 12:22 p.m.6 views

CVE-2026-55153

A flaw was found in mchange-commons-java, a Java utility library. This vulnerability allows a remote attacker to achieve arbitrary code execution through Java Naming and Directory Interface JNDI injection. The library's JNDI ObjectFactory can construct objects of arbitrary classes and initialize...

7.5CVSS6.5AI score0.00327EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/27 5:0 p.m.4 views

CVE-2026-7142 Wooey API Endpoint scripts.py add_or_update_script improper authorization

A vulnerability was determined in Wooey up to 0.13.2. The impacted element is the function addorupdatescript of the file wooey/api/scripts.py of the component API Endpoint. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has...

6.5CVSS6AI score0.00214EPSS
Exploits0References8
EUVD
EUVD
added 2026/04/27 5:0 p.m.6 views

EUVD-2026-25893

A vulnerability was determined in Wooey up to 0.13.2. The impacted element is the function addorupdatescript of the file wooey/api/scripts.py of the component API Endpoint. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has...

6.5CVSS6.2AI score0.00214EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/04/27 5:0 p.m.6 views

CVE-2026-7142

A vulnerability was determined in Wooey up to 0.13.2. The impacted element is the function addorupdatescript of the file wooey/api/scripts.py of the component API Endpoint. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has...

6.5CVSS5.1AI score0.00214EPSS
Exploits0References8
Snyk
Snyk
added 2026/02/17 6:44 p.m.2 views

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the UploadIssueAttachment and UploadReleaseAttachment functions, over the /issues/attachments and /releases/attachments endpoints. This is only exploitable if the RequireSigninView setting is disabled, which it...

9.8CVSS5.5AI score0.00618EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/17 6:40 p.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the DeleteComment function, accessible via the /:owner/:repo/issues/comments/:id/delete endpoint. A user can delete comments from other users' repositories by sending POST requests for known comment IDs...

5.3CVSS5.5AI score0.00271EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/17 6:40 p.m.1 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the DeleteComment function, accessible via the /:owner/:repo/issues/comments/:id/delete endpoint. A user can delete comments from other users' repositories by sending POST requests for known comment IDs...

5.3CVSS5.5AI score0.00271EPSS
Exploits1References2
Snyk
Snyk
added 2026/01/21 4:12 p.m.4 views

Arbitrary Code Injection

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Arbitrary Code Injection via the automap process during model initialization, even when trustremotecode is false. An attacker can execute arbitrary...

9.8CVSS6.3AI score0.00737EPSS
Exploits1References2
Snyk
Snyk
added 2025/12/02 6:28 a.m.5 views

Incorrect Default Permissions

Overview caffeinated-whale-cli is an A CLI tool to help manage Frappe Docker instances. Affected versions of this package are vulnerable to Incorrect Default Permissions due to insecure file permissions. The cache directory and database file are created without enforcing restrictive access...

6.3CVSS6.8AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/10/13 8:19 p.m.8 views

tracexec has `env` command argument injection via environment variables starting with dash in traced exec events

Impact For tracexec's command line reconstruction feature, when a traced process executes another process with a environment variable where the key starts with a dash, tracexec incorrectly shows its commandline where such environment variables could cause argument injection for the env command...

7.4AI score
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/08/22 12:0 a.m.5 views

PT-2025-34495

Name of the Vulnerable Software and Affected Versions: gnark versions prior to 0.14.0 Description: gnark is a zero-knowledge proof system framework. The Verify function in eddsa.go and ecdsa.go used the S value from a signature without asserting that 0 ≤ S order, leading to a signature malleabili...

9.1CVSS6.4AI score0.00198EPSS
Exploits1References14
Snyk
Snyk
added 2024/12/01 6:38 a.m.3 views

Race Condition

Overview pyFFTW is an A pythonic wrapper around FFTW, the FFT library, presenting a unified interface for all the supported transforms. Affected versions of this package are vulnerable to Race Condition due to improper synchronization when accessing shared resources. This can lead to memory...

8.3CVSS7.5AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/08/09 12:0 a.m.4 views

PT-2022-23211

Name of the Vulnerable Software and Affected Versions Apache Avro Rust SDK versions prior to 0.14.0 Description The issue allows a Reader to consume memory beyond the allowed constraints, leading to out of memory on the system. This affects Rust applications using the Apache Avro Rust SDK...

7.5CVSS7.1AI score0.01276EPSS
Exploits0References11
Rows per page
Query Builder