Lucene search
K

14240 matches found

NVD
NVD
added 2026/05/28 7:16 p.m.13 views

CVE-2026-43979

Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.0, PDFService.markdowntohtml constructs an HTML document by interpolating user-controlled values — specifically title sourced from research.title or research.query and metadata key-value pairs —...

5CVSS0.00263EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/27 7:32 p.m.7 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the output option in server mode. An attacker can create or append to arbitrary files on the host filesystem by sending crafted requests to the REST API, as the file path is taken directly from...

8.8CVSS5.9AI score0.00243EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.19 views

PT-2026-44164

Name of the Vulnerable Software and Affected Versions Basket versions prior to 2.1.17 Description The Basket module, which provides e-commerce and checkout functionality for Drupal sites, fails to sufficiently sanitize user-supplied data before it is processed by the PHP unserialize function. Thi...

5.9AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/26 8:46 p.m.9 views

CVE-2026-44209

Banks generates meaningful LLM prompts using a template language that makes sense. Prior to 2.4.2, banks uses jinja2.Environment unsandboxed to render prompt templates. Applications that pass user-supplied strings as the template argument to Prompt are vulnerable to Server-Side Template Injection...

7.5CVSS5.9AI score0.00539EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/05/26 5:16 p.m.18 views

CVE-2026-40383

An improper validation of user-supplied input leads to a local file inclusion vulnerability...

9.8CVSS0.00482EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/26 4:45 p.m.14 views

EUVD-2026-31888

An improper validation of user-supplied input leads to a local file inclusion vulnerability...

7.5CVSS5.8AI score0.00482EPSS
Exploits0References1
OSV
OSV
added 2026/05/21 10:51 p.m.14 views

MAL-2026-4755 Malicious code in mathepy (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 268eeb8db2d704a5b34b2007a25477fdd9f2de3525462f3dd78192aa5d2f95a1 Package metadata advertises mathepy as a 'Module for Quick Calculations', but the package's importable init.py exposes 13 top-level functions askllm,...

5.9AI score
Exploits0References14
EUVD
EUVD
added 2026/05/20 6:0 a.m.14 views

EUVD-2026-31068

The Email Encoder WordPress plugin before 2.4.7 does not escape email addresses retrieved via user input, allowing unauthenticated attackers to perform Stored XSS attacks...

6.1CVSS5.8AI score0.00213EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/20 6:0 a.m.6 views

CVE-2026-5776

The Email Encoder WordPress plugin before 2.4.7 does not escape email addresses retrieved via user input, allowing unauthenticated attackers to perform Stored XSS attacks...

5.8AI score0.00213EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/20 6:0 a.m.43 views

CVE-2026-5776 Email Encoder < 2.4.7 - Unauthenticated Stored XSS

The Email Encoder WordPress plugin before 2.4.7 does not escape email addresses retrieved via user input, allowing unauthenticated attackers to perform Stored XSS attacks...

0.00213EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Staging: ks7010 – potential buffer overflow in kswlansetencodeext. “exc-keylen” is a u16 value provided by the user. If this value exceeds IWENCODINGTOKENMAX 64, it could lead to memory corruption...

7.8CVSS5.6AI score0.00169EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.13 views

PT-2026-42111

The Email Encoder WordPress plugin before 2.4.7 does not escape email addresses retrieved via user input, allowing unauthenticated attackers to perform Stored XSS attacks...

5.8AI score0.00213EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.6 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021620)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021620 advisory. In the Linux kernel, the following vulnerability has been resolved: RDMA/uverbs: Prevent integer overflow issue In the expression cmd.wqesize cmd.wrcount, both...

5.5CVSS5.9AI score0.00207EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/05/19 6:28 p.m.11 views

python: Quadratic complexity in os.path.expandvars() with user-controlled template

A vulnerability in Python’s os.path.expandvars function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denia...

5.5CVSS6.8AI score0.00136EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/05/19 1:35 p.m.12 views

python: Quadratic complexity in os.path.expandvars() with user-controlled template

A vulnerability in Python’s os.path.expandvars function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denia...

5.5CVSS6.8AI score0.00136EPSS
Exploits0References6
OSV
OSV
added 2026/05/18 8:16 a.m.7 views

SUSE-SU-2026:1970-1 Security update for php-composer2

This update for php-composer2 fixes the following issues - CVE-2026-40176: command injection via malicious Perforce repository definition bsc1262254. - CVE-2026-40261: command injection via malicious Perforce source reference/url bsc1262255. Changes for php-composer2: - version update to 2.2.27...

8.8CVSS6.6AI score0.03255EPSS
Exploits4References11
RedhatCVE
RedhatCVE
added 2026/05/15 1:57 a.m.12 views

CVE-2026-44217

sse-channel is an SSE-implementation which can be used to any node.js http request/response stream. Prior to 4.0.1, implementations that allow user-provided values to be passed to event, retry or id fields are susceptible to event spoofing, where an attacker could inject arbitrary messages into t...

8.7CVSS5.9AI score0.0041EPSS
Exploits0References1
OSV
OSV
added 2026/05/14 8:55 p.m.5 views

GHSA-X7Q7-FCHV-8H2J @ranfdev/deepobj has a Prototype Pollution vulnerability

Impact Prototype pollution is possible when property paths contain proto/constructor/prototype. The property path must not be exposed as user input...

8.2CVSS5.4AI score0.00316EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/14 8:55 p.m.12 views

@ranfdev/deepobj has a Prototype Pollution vulnerability

Impact Prototype pollution is possible when property paths contain proto/constructor/prototype. The property path must not be exposed as user input...

8.2CVSS5.4AI score0.00316EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/05/14 8:29 p.m.10 views

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.npm:svelte is a package for building web applications. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS through the svelte:element tag validation process. An attacker can cause significant performance degradation by supplying...

7.5CVSS5.8AI score0.00421EPSS
Exploits0References2
Rows per page
Query Builder