Lucene search
K

14246 matches found

RedHat Linux
RedHat Linux
added 2026/05/19 1:35 p.m.12 views

python: Quadratic complexity in os.path.expandvars() with user-controlled template

A vulnerability in Python’s os.path.expandvars function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denia...

5.5CVSS6.8AI score0.00136EPSS
Exploits0References6
OSV
OSV
added 2026/05/18 8:16 a.m.7 views

SUSE-SU-2026:1970-1 Security update for php-composer2

This update for php-composer2 fixes the following issues - CVE-2026-40176: command injection via malicious Perforce repository definition bsc1262254. - CVE-2026-40261: command injection via malicious Perforce source reference/url bsc1262255. Changes for php-composer2: - version update to 2.2.27...

8.8CVSS6.6AI score0.03255EPSS
Exploits4References11
RedhatCVE
RedhatCVE
added 2026/05/15 1:57 a.m.12 views

CVE-2026-44217

sse-channel is an SSE-implementation which can be used to any node.js http request/response stream. Prior to 4.0.1, implementations that allow user-provided values to be passed to event, retry or id fields are susceptible to event spoofing, where an attacker could inject arbitrary messages into t...

8.7CVSS5.9AI score0.0041EPSS
Exploits0References1
OSV
OSV
added 2026/05/14 8:55 p.m.5 views

GHSA-X7Q7-FCHV-8H2J @ranfdev/deepobj has a Prototype Pollution vulnerability

Impact Prototype pollution is possible when property paths contain proto/constructor/prototype. The property path must not be exposed as user input...

8.2CVSS5.4AI score0.00316EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/14 8:55 p.m.13 views

@ranfdev/deepobj has a Prototype Pollution vulnerability

Impact Prototype pollution is possible when property paths contain proto/constructor/prototype. The property path must not be exposed as user input...

8.2CVSS5.4AI score0.00316EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/05/14 8:29 p.m.10 views

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.npm:svelte is a package for building web applications. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS through the svelte:element tag validation process. An attacker can cause significant performance degradation by supplying...

7.5CVSS5.8AI score0.00421EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.11 views

PT-2026-41216

Name of the Vulnerable Software and Affected Versions deepobj versions prior to 1.0.3 Description Prototype pollution occurs when property paths contain proto , constructor, or prototype. This issue arises when property paths are exposed as user input, allowing an attacker to modify the prototype...

8.2CVSS5.8AI score0.00316EPSS
Exploits0References4
OSV
OSV
added 2026/05/12 10:24 p.m.7 views

GHSA-CCFQ-2454-F5XW SillyTavern has a SSRF vulnerability in the CORS proxy middleware

Resolution SillyTavern 1.18.0 added a generic server-side request filter Private Request Whitelisting. Since we expect users to use the application in a trusted environment, the filter is disabled by default, however it is strongly advised to be enabled and properly configured when an instance is...

6.9CVSS5.8AI score0.00375EPSS
Exploits0References4
NVD
NVD
added 2026/05/12 10:16 p.m.21 views

CVE-2026-44262

Scramble generates API documentation for Laravel project. From 0.13.2 to before 0.13.22, when documentation endpoints are publicly accessible and validation rules reference user-controlled input, request supplied data may be evaluated during documentation generation, leading to execution of...

9.4CVSS0.0586EPSS
Exploits3References2
Vulnrichment
Vulnrichment
added 2026/05/12 8:56 p.m.8 views

CVE-2026-44262 Scramble: Remote code execution via evaluation of user-controlled input in validation rules

Scramble generates API documentation for Laravel project. From 0.13.2 to before 0.13.22, when documentation endpoints are publicly accessible and validation rules reference user-controlled input, request supplied data may be evaluated during documentation generation, leading to execution of...

9.4CVSS6.1AI score0.0586EPSS
Exploits3References2
Cvelist
Cvelist
added 2026/05/12 8:56 p.m.67 views

CVE-2026-44262 Scramble: Remote code execution via evaluation of user-controlled input in validation rules

Scramble generates API documentation for Laravel project. From 0.13.2 to before 0.13.22, when documentation endpoints are publicly accessible and validation rules reference user-controlled input, request supplied data may be evaluated during documentation generation, leading to execution of...

9.4CVSS0.0586EPSS
Exploits3References2
CVE
CVE
added 2026/05/12 8:56 p.m.48 views

CVE-2026-44262

CVE-2026-44262 affects dedoc/scramble (Laravel API documentation generator) versions 0.13.2–0.13.21. The vulnerability arises when publicly accessible docs endpoints evaluate user-controlled input via NodeRulesEvaluator::doEvaluateExpression(), which may evaluate request data and execute arbitrar...

9.4CVSS6.1AI score0.0586EPSS
Exploits3References2
ATTACKERKB
ATTACKERKB
added 2026/05/12 8:3 p.m.7 views

CVE-2026-34668

CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitatio...

6.2CVSS5.8AI score0.00193EPSS
Exploits0References2
NVD
NVD
added 2026/05/12 2:17 p.m.11 views

CVE-2026-6865

CWE-22: Improper Limitation of a Pathname to a Restricted Directory “Path Traversal” vulnerability that could cause unauthorized access to sensitive files when user-supplied input is improperly handled during server-side file path processing...

7.1CVSS0.00303EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 12:29 p.m.5 views

CVE-2026-6865

CWE-22: Improper Limitation of a Pathname to a Restricted Directory “Path Traversal” vulnerability that could cause unauthorized access to sensitive files when user-supplied input is improperly handled during server-side file path processing...

7.1CVSS5.8AI score0.00303EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2026/05/12 12:29 p.m.27 views

CVE-2026-6865

CVE-2026-6865 corresponds to a path traversal vulnerability (CWE-22) arising from improper handling of user-supplied input during server-side file path processing. The connected records describe the issue as allowing unauthorized access to sensitive files due to pathname limitations, with a CVSSv...

7.1CVSS5.8AI score0.00303EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 8:21 a.m.36 views

CVE-2026-41551

A vulnerability has been identified in ROS All versions V2.2.2. Affected versions contain a path traversal vulnerability because user input is not properly sanitized. This could allow a remote attacker to access arbitrary files on the device...

9.3CVSS0.00487EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 2:20 a.m.9 views

CVE-2026-40131 SQL Injection vulnerability in SAP HANA Deployment Infrastructure (HDI) deploy library

SQL injection vulnerability exists in @sap/hdi-deploy package, where SQL queries are dynamically constructed using user input without proper parameterization or prepared statements. Successful exploitation could allow the high privileged users to alter the SELECT statements impacting...

3.4CVSS5.9AI score0.00173EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/12 2:20 a.m.9 views

CVE-2026-34260

SAP S/4HANA SAP Enterprise Search for ABAP contains a SQL injection vulnerability that allows an authenticated attacker to inject malicious SQL statements through user-controlled input. The application directly concatenates this malicious user input into SQL queries, which are then passed to the...

9.6CVSS5.9AI score0.00466EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

SAP S/4HANA SQL注入漏洞

SAP S/4HANA is a enterprise resource management software developed by SAP, a German company, based on the SAP HANA memory database system. SAP S/4HANA has a SQL injection vulnerability. This vulnerability allows authenticated attackers to inject malicious SQL statements through user-controlled...

9.6CVSS6.1AI score0.00466EPSS
Exploits0References1
Rows per page
Query Builder