Lucene search
K

162645 matches found

EUVD
EUVD
added 2026/06/02 10:35 p.m.10 views

EUVD-2026-34046

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, the Model Context Protocol MCP server integration resolves $VAR placeholders against the server's process.env during Zod schema validation of user-supplied MCP server URLs. Any...

9.6CVSS5.8AI score0.0294EPSS
Exploits1References1
CVE
CVE
added 2026/06/02 10:35 p.m.37 views

CVE-2026-32625

LibreChat vulnerability CVE-2026-32625 affects versions up to 0.8.3 where MCP server URL validation expands ${VAR} against process.env during Zod schema checks. An authenticated user can configure a malicious MCP URL to exfiltrate secrets (CREDS_KEY, CREDS_IV, JWT_SECRET, MONGO_URI) to an attacke...

9.6CVSS5.8AI score0.0294EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/02 10:3 p.m.14 views

CVE-2026-9096

Casdoor versions 2.362.0 and earlier do not enforce SAML assertion time bounds. The gosaml2 library reports all time-validation results, including NotOnOrAfter and NotBefore, in the assertionInfo.WarningInfo field. However, ParseSamlResponse never reads this field, meaning that time bounds are...

7.5CVSS5.8AI score0.0033EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/02 10:1 p.m.8 views

CVE-2026-27145 Inefficient candidate hostname parsing in crypto/x509

x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number...

5.9AI score0.0065EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/02 8:36 p.m.10 views

EUVD-2026-34032

CloudburstMC Protocol is a protocol library for Minecraft Bedrock Edition. Prior to version 3.0.0.Beta12-20260420.182526-15, CloudburstMC Protocol is partially missing validation for FULL type authentication tokens Cloudburst/Protocol. This vulnerability impacts publicly accessible software...

5.3CVSS5.8AI score0.0014EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/02 8:36 p.m.7 views

CVE-2026-45289 CloudburstMC Protocol: Partially missing validation for FULL type authentication tokens

CloudburstMC Protocol is a protocol library for Minecraft Bedrock Edition. Prior to version 3.0.0.Beta12-20260420.182526-15, CloudburstMC Protocol is partially missing validation for FULL type authentication tokens Cloudburst/Protocol. This vulnerability impacts publicly accessible software...

5.3CVSS5.8AI score0.0014EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/02 8:36 p.m.34 views

CVE-2026-45289 CloudburstMC Protocol: Partially missing validation for FULL type authentication tokens

CloudburstMC Protocol is a protocol library for Minecraft Bedrock Edition. Prior to version 3.0.0.Beta12-20260420.182526-15, CloudburstMC Protocol is partially missing validation for FULL type authentication tokens Cloudburst/Protocol. This vulnerability impacts publicly accessible software...

5.3CVSS0.0014EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/02 8:36 p.m.11 views

CVE-2026-45289

CloudburstMC Protocol is a protocol library for Minecraft Bedrock Edition. Prior to version 3.0.0.Beta12-20260420.182526-15, CloudburstMC Protocol is partially missing validation for FULL type authentication tokens Cloudburst/Protocol. This vulnerability impacts publicly accessible software...

5.3CVSS5.8AI score0.0014EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/02 8:36 p.m.25 views

CVE-2026-45289

CloudburstMC Protocol (Minecraft Bedrock Edition) has a vulnerability in the EncryptionUtils validation for FULL type auth tokens prior to version 3.0.0.Beta12-20260420.182526-15. Exploitation affects software depending on this protocol library by potentially weakening authentication payload vali...

5.3CVSS5.8AI score0.0014EPSS
Exploits0References1
NVD
NVD
added 2026/06/02 8:16 p.m.11 views

CVE-2026-8035

Improper input validation in the NI-PAL kernel driver may allow a local authenticated user to cause a denial of service by triggering a crash due to a NULL pointer dereference. This vulnerability affects NI-PAL 26.3.0 and prior versions on Windows and Linux...

7.1CVSS0.00096EPSS
Exploits0References1
NVD
NVD
added 2026/06/02 8:16 p.m.16 views

CVE-2026-8036

Improper input validation in NI-PAL may allow a local authenticated user to access arbitrary system memory, potentially leading to privilege escalation. This vulnerability affects NI-PAL 26.3.0 and prior versions on Windows and Linux...

8.4CVSS0.00107EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2026/06/02 6:26 p.m.15 views

USN-8282-2: Unbound vulnerabilities

USN-8282-1 fixed vulnerabilities in Unbound. This update provides the corresponding updates for CVE-2026-41292 in Ubuntu 18.04 LTS and Ubuntu 20.04 LTS and CVE-2026-42959, CVE-2026-42960 in Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: Andr...

10CVSS6.1AI score0.00779EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/06/02 5:26 p.m.7 views

CVE-2026-8036

Improper input validation in NI-PAL may allow a local authenticated user to access arbitrary system memory, potentially leading to privilege escalation. This vulnerability affects NI-PAL 26.3.0 and prior versions on Windows and Linux...

8.4CVSS5.9AI score0.00107EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/02 5:26 p.m.10 views

EUVD-2026-33992

Improper input validation in NI-PAL may allow a local authenticated user to access arbitrary system memory, potentially leading to privilege escalation. This vulnerability affects NI-PAL 26.3.0 and prior versions on Windows and Linux...

8.4CVSS5.9AI score0.00107EPSS
Exploits0References1
CVE
CVE
added 2026/06/02 5:26 p.m.17 views

CVE-2026-8036

NI-PAL is affected by improper input validation that may allow a local authenticated user to access arbitrary system memory, enabling privilege escalation. Affected: NI-PAL 26.3.0 and prior on Windows and Linux. Root cause: input validation weakness. Impact: local privilege escalation with potent...

8.4CVSS5.9AI score0.00107EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/02 5:26 p.m.7 views

CVE-2026-8036 Local privilege escalation in NI-PAL

Improper input validation in NI-PAL may allow a local authenticated user to access arbitrary system memory, potentially leading to privilege escalation. This vulnerability affects NI-PAL 26.3.0 and prior versions on Windows and Linux...

8.4CVSS5.9AI score0.00107EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/02 5:26 p.m.31 views

CVE-2026-8036 Local privilege escalation in NI-PAL

Improper input validation in NI-PAL may allow a local authenticated user to access arbitrary system memory, potentially leading to privilege escalation. This vulnerability affects NI-PAL 26.3.0 and prior versions on Windows and Linux...

8.4CVSS0.00107EPSS
Exploits0References1
CVE
CVE
added 2026/06/02 5:22 p.m.16 views

CVE-2026-8035

Technical details for CVE-2026-8035 are not publicly available in the provided documents. Monitor for updates from NI and security advisories.

7.1CVSS5.8AI score0.00096EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/02 5:22 p.m.10 views

EUVD-2026-33991

Improper input validation in the NI-PAL kernel driver may allow a local authenticated user to cause a denial of service by triggering a crash due to a NULL pointer dereference. This vulnerability affects NI-PAL 26.3.0 and prior versions on Windows and Linux...

7.1CVSS5.8AI score0.00096EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/02 5:22 p.m.8 views

CVE-2026-8035 NULL pointer dereference in NI-PAL

Improper input validation in the NI-PAL kernel driver may allow a local authenticated user to cause a denial of service by triggering a crash due to a NULL pointer dereference. This vulnerability affects NI-PAL 26.3.0 and prior versions on Windows and Linux...

7.1CVSS5.8AI score0.00096EPSS
Exploits0References1
Rows per page
Query Builder