Lucene search
K

13484 matches found

EUVD
EUVD
added 10 hours ago5 views

EUVD-2026-43547

9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to retrieve plaintext API keys for all connected AI provider accounts by sending a single unauthenticated request to the /api/usage/stats endpoint. Attackers can exploit the...

9.3CVSS6.1AI score
Exploits0References3
OSV
OSV
added yesterday8 views

MAL-2026-10452 Malicious code in markdown-editable-table (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6b15669732f3eaec42e12c5f8d41a8f74d595fc04f709804de9768cb1719a94 The package's package.json declares a preinstall hook node index.d.js that runs automatically on npm install. The script in index.d.js base64-decodes...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday6 views

Malicious code in markable-table (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd358271f202636f12507f09da4e8f00c900ba46c9dca25a5a0526d35b75bf1d [email protected] declares scripts.preinstall = 'node index.d.js'. index.d.js base64-decodes an embedded payload and invokes it through an...

6.5AI score
Exploits0References10
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-57906

Name of the Vulnerable Software and Affected Versions 9Router versions prior to 0.4.42 Description An unauthenticated information disclosure issue exists where remote attackers can retrieve plaintext API keys for all connected AI provider accounts. This occurs due to missing authentication...

9.3CVSS6.2AI score
Exploits0References4
Cvelist
Cvelist
added 2 days ago37 views

CVE-2026-10665 Heap buffer overflow on WireGuard receive path via unbounded incoming packet length

In Zephyr's WireGuard subsystem subsys/net/lib/wireguard, wgprocessdatamessage in wgcrypto.c linearizes an inbound transport-data payload into a fixed pool buffer of CONFIGWIREGUARDBUFLEN bytes before decryption. The call netbuflinearizebuf-data, datalen, pkt-buffer, ..., datalen passed the...

7.4CVSS0.00367EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago5 views

Malicious code in jupiter-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8e0901ca45da110106c60f288b0166fc51c348a44569d7e7ff22af3d19deafe On import jupitersdk, the package's top-level init.py fetches a payload over HTTPS from a public IPFS gateway...

6.6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago5 views

Malicious code in eth-agent (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3131490d64c4ae90de2926ca90f6fce23e6a113d1e6538db5ce98ffcf06983d1 The top-level ethagent/init.py performs an outbound HTTP fetch to a hardcoded IPFS gateway URL...

6.3AI score
Exploits0References3
OSV
OSV
added 3 days ago2 views

CVE-2026-56240 Capgo - Billing Authorization Bypass via Exhausted Usage Credits

Capgo before 12.128.12 contains a billing authorization bypass vulnerability in the planvalid calculation that allows organizations with exhausted or expired usage credit grants to bypass billing gates. Attackers can exploit the divergence between the plugin hot-path planvalid expression and the...

5.3CVSS6.1AI score0.00182EPSS
Exploits0References4
CVE
CVE
added 4 days ago7 views

CVE-2026-55213

CVE-2026-55213 (h2o HTTP server) – Affected component: lib/http3/qpack.c, invoked while processing a QPACK instruction over HTTP/3. Root cause: on-stack allocation of a large buffer (up to ~800 KB) via alloca, exceeding default musl libc pthread stack size, leading to a segmentation fault when to...

7.5CVSS6.2AI score0.00343EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-55213 h2o: musl libc stack overflow (QPACK)

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1, when h2o processes a QPACK instruction sent from the peer over HTTP/3, lib/http3/qpack.c might allocate an on-stack buffer as large as approximately 800 KB by calling...

7.5CVSS0.00343EPSS
Exploits0References2
NVD
NVD
added 4 days ago9 views

CVE-2026-59161

Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the streaming worksheet reader used by Rows and GetRows does not enforce the TotalRows limit on the row r attribute, allowing a small XLSX file with a row number above 1048576 and no cell...

8.7CVSS0.00524EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 4 days ago7 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS : libsoup vulnerabilities (USN-8523-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8523-1 advisory. Eric Su and Samuel Dainard discovered that libsoup incorrectly handled content with zero-leng...

9.1CVSS6.7AI score0.0042EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-57305

Name of the Vulnerable Software and Affected Versions RabbitMQ versions prior to 4.2.6 Description The RabbitMQ stream listener fails to enforce the configured stream frame-size limit when assembling frames during authentication and before Tune negotiation. This allows an unauthenticated remote...

7.5CVSS6.1AI score0.00429EPSS
Exploits1References8
NVD
NVD
added 5 days ago7 views

CVE-2026-55605

DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting in version 1.4.2 and prior to version 1.8.0, the self-hosted HTTP transport of @arikusi/deepseek-mcp-server exposes POST /mcp without any authentication: createMcpExpressApp is called without an authProvider and no middleware guards t...

5.3CVSS0.00429EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 5 days ago7 views

CVE-2026-39197

A flaw was found in Vector. A remote attacker could send a specially crafted compressed request to Vector's HTTP ingest sources, causing unbounded memory allocation during decompression and leading to a Denial of Service DoS. Mitigation Restrict network access to Vector's HTTP and gRPC ingest...

7.5CVSS6AI score0.00289EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-55605

DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting in version 1.4.2 and prior to version 1.8.0, the self-hosted HTTP transport of @arikusi/deepseek-mcp-server exposes POST /mcp without any authentication: createMcpExpressApp is called without an authProvider and no middleware guards t...

5.3CVSS5.9AI score0.00429EPSS
Exploits0References4Affected Software1
CVE
CVE
added 5 days ago10 views

CVE-2026-55605

Summary: CVE-2026-55605 affects the self-hosted HTTP transport of @arikusi/deepseek-mcp-server used with DeepSeek V4. starting in 1.4.2 and before 1.8.0, the POST /mcp endpoint is exposed without authentication due to createMcpExpressApp being called without an authProvider and missing route guar...

5.3CVSS5.9AI score0.00429EPSS
Exploits0References3
CVE
CVE
added 5 days ago17 views

CVE-2026-33803

CVE-2026-33803 (Junos OS Evolved) : A wrong initialization allows a process that should be internal to be reachable over the network via an open port, exposing the device and increasing CPU usage from ingress processing. Affects Junos OS Evolved releases prior to the following: 23.2R2-S7-EVO, 23....

6.9CVSS5.9AI score0.00354EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 5 days ago7 views

CVE-2026-58471

A flaw was found in GNU Wget. A remote attacker can exploit a heap buffer overflow vulnerability in the convertfname function. This occurs when processing a server-supplied filename that requires character set conversion, leading to memory corruption due to incorrect buffer reallocation. This can...

7.1CVSS6.2AI score0.00221EPSS
Exploits0References5
NVD
NVD
added 5 days ago5 views

CVE-2026-23556

When oxenstored is tearing a domain down, the node data is cleaned up but the usage counts are leaked. When the domain ID is eventually reused, the new domain can create fewer nodes before beeing deemed to be over quota...

9.4CVSS0.00137EPSS
Exploits0References3
Rows per page
Query Builder