Lucene search
K

4335 matches found

Nuclei
Nuclei
added yesterday12 views

Emerson Dixell XWEB-500 - Arbitrary File Write

Emerson Dixell XWEB-500 contains an arbitrary file write caused by unauthenticated access to /cgi-bin/logoextraupload.cgi, /cgi-bin/calsave.cgi, and /cgi-bin/loutils.cgi, letting attackers write any file on the system, exploit requires no authentication. id: CVE-2021-45420 info: name: Emerson...

10CVSS7.5AI score0.25955EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-13706

Improper input validation vulnerability in Wikimedia Foundation UrlShortener. This vulnerability is associated with program files includes/UrlShortenerUtils.Php...

5.8AI score0.00278EPSS
Exploits0References2
CVE
CVE
added 3 days ago7 views

CVE-2025-71350

CVE-2025-71350 concerns the Python package picklescan, with version pre-0.0.28 vulnerable. The issue arises because picklescan fails to detect malicious pickle payloads that leverage torch.utils.collect_env.run within reduce methods, enabling attackers to embed code in pickle files that may execu...

8.1CVSS5.9AI score0.00395EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 3 days ago3 views

RHEL 10 : cifs-utils (RHSA-2026:32990)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:32990 advisory. The SMB/CIFS protocol is a standard file sharing protocol widely deployed on Microsoft Windows machines. The cifs-utils packages contain tools for...

7.8CVSS5.7AI score0.0012EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 4 days ago8 views

CVE-2025-71379

A flaw was found in vLLM. Multiple regular expression denial of service ReDoS vulnerabilities exist in versions greater than or equal to 0.6.3 and less than 0.9.0. An attacker can exploit this by submitting crafted input with nested or repeated structures to specific regex patterns within vLLM,...

7.5CVSS5.8AI score0.00321EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-13507

A vulnerability was detected in volcengine OpenViking up to 0.3.21. This affects the function strtouint64 of the file openviking/storage/vectordb/utils/strtouint64.py of the component Local VectorDB Primary-key Label Handler. The manipulation of the argument ID results in insufficient verificatio...

5CVSS5.5AI score0.00138EPSS
Exploits0References8Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 2:46 p.m.6 views

Malicious code in react-simple-utils-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 038aa6bccd8008fec1f309d718e53dd4b89e4ca15a976c6a80652e0dd58a5b58 Package advertises itself as 'a simple date formatting utility for React projects' 3-function index.js, but ships a postinstall.js that runs on every...

5.9AI score
Exploits0References17
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 2:12 p.m.7 views

Malicious code in @outmarket/utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2cd90f0d706cda01a5740f120f6e8d22ae57d907a5000854439c201b3c53a8c0 package.json declares a postinstall lifecycle script that fires automatically on npm install. The inline node -e payload uses hex-encoded property...

5.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 2:10 p.m.8 views

Malicious code in kdrive-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e7d5af5ddf22d4481fca4847a45189e6160a723341b32dcbb6bf51b49f53943 package.json declares a preinstall lifecycle script that auto-executes on npm install and runs wget -q -O-...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/22 7:54 p.m.4 views

MAL-2026-6271 Malicious code in node-fetch-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 78aef0d64a7d761d2987d27aea462083425e5692475cd81332b7a3152c754308 On Windows, scripts/postinstall.js XOR-decodes a hardcoded C2 host node22.lunes.host:3258, authenticates with a 5-minute rolling HMAC-SHA256 token,...

5.8AI score
Exploits0References8
NVD
NVD
added 2026/06/20 7:16 p.m.12 views

CVE-2025-71379

vLLM versions = 0.6.3 and 0.9.0 contain multiple regular expression denial of service ReDoS vulnerabilities. Several regex patterns — in vllm/lora/utils.py, the phi4mini tool parser, and the OpenAI-compatible serving chat endpoint — are susceptible to catastrophic backtracking. An attacker...

7.5CVSS0.00321EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/20 6:27 p.m.7 views

CVE-2025-71379

vLLM versions = 0.6.3 and 0.9.0 contain multiple regular expression denial of service ReDoS vulnerabilities. Several regex patterns — in vllm/lora/utils.py, the phi4mini tool parser, and the OpenAI-compatible serving chat endpoint — are susceptible to catastrophic backtracking. An attacker...

5.3CVSS5.9AI score0.00321EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/06/20 6:27 p.m.10 views

EUVD-2025-210290

vLLM versions = 0.6.3 and 0.9.0 contain multiple regular expression denial of service ReDoS vulnerabilities. Several regex patterns — in vllm/lora/utils.py, the phi4mini tool parser, and the OpenAI-compatible serving chat endpoint — are susceptible to catastrophic backtracking. An attacker...

5.3CVSS5.9AI score0.00321EPSS
Exploits1References2
CVE
CVE
added 2026/06/20 6:27 p.m.15 views

CVE-2025-71379

CVE-2025-71379 affects vLLM versions 0.6.3 through 0.8.x (before 0.9.0). The vulnerability is a set of regular expression denial of service (ReDoS) flaws in multiple components: (1) regex patterns in vllm/lora/utils.py, (2) the phi4mini tool parser, and (3) the OpenAI-compatible serving chat endp...

7.5CVSS5.9AI score0.00321EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.7 views

RHEL 8 / 9 : Satellite 6.16.9 Async Update (Important) (RHSA-2026:27076)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:27076 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessi...

9.1CVSS7.3AI score0.01557EPSS
Exploits3References20
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in libraw

In LibRaw, there is an out-of-bounds read vulnerability within the “simpledecoderow” function libraw\src\x3f\x3futilspatched.cpp, which can be triggered by an image with a large rowstride field...

5.5CVSS5.5AI score0.00369EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in python-oslo.utils

A flaw was discovered in python-oslo-utils. Due to improper parsing, passwords that contain double quotes " cause incorrect masking in debug logs, resulting in any part of the password after the double quote being displayed as plain text...

4.9CVSS6.1AI score0.01335EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in maven-shared-utils

In Apache Maven’s maven-shared-utils before version 3.3.3, the Commandline class could generate double-quoted strings without proper escaping, allowing for shell injection attacks...

9.8CVSS7.2AI score0.04031EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in RustC

crossbeam-utils provides atomic operations, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. Prior to version 0.8.7, crossbeam-utils incorrectly assumed that the alignment of i,u64 was always the same as AtomicI,U64. However, the alignment of i,u...

8.1CVSS7.5AI score0.0122EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/06/18 3:34 a.m.7 views

CVE-2026-12505

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS6AI score0.0012EPSS
Exploits0References4
Rows per page
Query Builder