Lucene search
K

78 matches found

OSV
OSV
added 2026/07/06 9:16 p.m.5 views

DEBIAN-CVE-2026-50135

Hugo is a static site generator. From 0.123.0 to 0.161.1, a regression made RootMappingFs.statRoot use Stat follows symlinks instead of Lstat , so a direct resources.Get of a symlink pointing outside its mount returned the target's contents — letting a symlink planted in a local mount e.g. a...

5.5CVSS5.9AI score0.00275EPSS
Exploits0References1
NVD
NVD
added 2026/07/06 9:16 p.m.7 views

CVE-2026-50135

Hugo is a static site generator. From 0.123.0 to 0.161.1, a regression made RootMappingFs.statRoot use Stat follows symlinks instead of Lstat , so a direct resources.Get of a symlink pointing outside its mount returned the target's contents — letting a symlink planted in a local mount e.g. a...

6.9CVSS0.00275EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/06 7:52 p.m.7 views

CVE-2026-50135

Hugo is a static site generator. From 0.123.0 to 0.161.1, a regression made RootMappingFs.statRoot use Stat follows symlinks instead of Lstat , so a direct resources.Get of a symlink pointing outside its mount returned the target's contents — letting a symlink planted in a local mount e.g. a...

6.9CVSS5.9AI score0.00275EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.23 views

openSUSE 16 Security Update : python-pydata-sphinx-theme (openSUSE-SU-2026:21173-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:21173-1 advisory. Changes in python-pydata-sphinx-theme: - Refresh js dependencies: ws to 7.5.11 bsc1268957, CVE-2026-48779 - Refresh vendored tarball...

7.5CVSS7.3AI score0.00566EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/06/27 12:0 a.m.8 views

SUSE SLES12: libpython2_7-1_0 / libpython2_7-1_0-32bit / python / python-32bit / etc (SUSE-SU-2026:2664-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2664-1 advisory. This update for python, python-base, python-doc fixes the following issues Security fixes: - CVE-2026-1703: files may be extracted outside the...

9.1CVSS7.8AI score0.00579EPSS
Exploits2References23
OSV
OSV
added 2026/06/22 3:34 p.m.6 views

SUSE-SU-2026:2493-1 Security update for containerized-data-importer

This update for containerized-data-importer fixes the following issues: - Security: re-vendor Go dependencies to address CVEs tracked against containerized-data-importer backport of upstream PR 4110, post-v1.65.0. Fixed by this update: google.golang.org/grpc 1.65.0 - 1.79.3: bsc1260295...

9.1CVSS6.9AI score0.91969EPSS
Exploits7References20
OSV
OSV
added 2026/06/12 1:57 p.m.6 views

SUSE-SU-2026:2387-1 Security update for python

This update for python fixes the following issues - CVE-2026-1703: files may be extracted outside the installation directory when installing and extracting maliciously crafted wheel archives bsc1257599. - CVE-2026-3219: pip doesn't reject concatenated ZIP bsc1262429. - CVE-2026-4786: Incomplete...

9.1CVSS7AI score0.00579EPSS
Exploits2References14
RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.9 views

CVE-2026-43893

exiftool-vendored provides cross-platform Node.js access to ExifTool. Prior to 35.19.0, exiftool-vendored starts ExifTool in -stayopen True -@ - mode, where arguments are read from stdin one per line. In affected versions, several caller-supplied strings were interpolated into ExifTool arguments...

8.2CVSS6.2AI score0.00485EPSS
Exploits0References1
OSV
OSV
added 2026/06/03 2:19 p.m.15 views

SUSE-SU-2026:2255-1 Security update 5.0.8 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: - Security issues fixed: - CVE-2026-31958: tornado: Fixed parsing large multipart bodies with many parts can cause a denial of service bsc1259554 - CVE-2026-27459: pyOpenSSL: Fixed issue with large cookie value that can lead to a buffer...

9.8CVSS7AI score0.00704EPSS
Exploits0References13
SUSE Linux
SUSE Linux
added 2026/06/03 2:13 p.m.8 views

Security update 5.0.8 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2026-31958: tornado: Fixed parsing large multipart bodies with many parts can cause a denial of service bsc1259554 CVE-2026-27459: pyOpenSSL: Fixed issue with large cookie value that can lead to a buffer overflow...

8.7CVSS7.5AI score0.00704EPSS
Exploits0References26
SUSE Linux
SUSE Linux
added 2026/06/03 2:11 p.m.9 views

Security update 5.0.8 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2026-31958: tornado: Fixed parsing large multipart bodies with many parts can cause a denial of service bsc1259554 CVE-2026-27459: pyOpenSSL: Fixed issue with large cookie value that can lead to a buffer overflow...

8.7CVSS7.5AI score0.00704EPSS
Exploits0References26
Vulnrichment
Vulnrichment
added 2026/06/02 6:18 p.m.8 views

CVE-2026-42211 React Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCE

React Router is a router for React. In versions 7.0.0 through 7.14.1, when using Framework Mode, a combination of steps could potentially allow unauthorized remote code execution RCE through external requests. This attack requires the application code to have an existing prototype pollution...

8.1CVSS6.5AI score0.00416EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/01 12:0 a.m.16 views

openSUSE 16 Security Update : python-pytest-html (openSUSE-SU-2026:20839-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20839-1 advisory. Changes in python-pytest-html: - CVE-2026-9277: shell-quote: improper escaping of newlines bsc1266254 Update the vendored shell-quote to 1.8.4 nodemodul...

9.2CVSS5.8AI score0.00848EPSS
Exploits1References3
NVD
NVD
added 2026/05/11 10:22 p.m.18 views

CVE-2026-43893

exiftool-vendored provides cross-platform Node.js access to ExifTool. Prior to 35.19.0, exiftool-vendored starts ExifTool in -stayopen True -@ - mode, where arguments are read from stdin one per line. In affected versions, several caller-supplied strings were interpolated into ExifTool arguments...

8.2CVSS0.00485EPSS
Exploits0References1
CVE
CVE
added 2026/05/11 8:59 p.m.21 views

CVE-2026-43893

CVE-2026-43893 affects the node package exiftool-vendored , which starts ExifTool in -stay_open True -@ - mode and reads arguments from stdin. In affected versions prior to 35.19.0, attacker-controlled strings could contain line delimiters, causing a single argument to split into multiple ExifToo...

8.2CVSS6.4AI score0.00485EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/11 8:59 p.m.7 views

CVE-2026-43893 exiftool-vendored: Argument injection via newline characters in tag names

exiftool-vendored provides cross-platform Node.js access to ExifTool. Prior to 35.19.0, exiftool-vendored starts ExifTool in -stayopen True -@ - mode, where arguments are read from stdin one per line. In affected versions, several caller-supplied strings were interpolated into ExifTool arguments...

8.2CVSS6.4AI score0.00485EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/11 8:59 p.m.36 views

CVE-2026-43893 exiftool-vendored: Argument injection via newline characters in tag names

exiftool-vendored provides cross-platform Node.js access to ExifTool. Prior to 35.19.0, exiftool-vendored starts ExifTool in -stayopen True -@ - mode, where arguments are read from stdin one per line. In affected versions, several caller-supplied strings were interpolated into ExifTool arguments...

8.2CVSS0.00485EPSS
Exploits0References1
OSV
OSV
added 2026/05/11 8:59 p.m.2 views

CVE-2026-43893 exiftool-vendored: Argument injection via newline characters in tag names

exiftool-vendored provides cross-platform Node.js access to ExifTool. Prior to 35.19.0, exiftool-vendored starts ExifTool in -stayopen True -@ - mode, where arguments are read from stdin one per line. In affected versions, several caller-supplied strings were interpolated into ExifTool arguments...

8.2CVSS6.5AI score0.00485EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/05 7:53 p.m.7 views

Arbitrary Argument Injection

Overview exiftool-vendored is an Efficient, cross-platform access to ExifTool Affected versions of this package are vulnerable to Arbitrary Argument Injection via unsanitized input in tag names, filenames, or options passed to the ExifTool process. An attacker can manipulate file access or write...

8.8CVSS5.9AI score0.00485EPSS
Exploits0References2
OSV
OSV
added 2026/05/05 7:53 p.m.22 views

GHSA-CW26-7653-2RP5 exiftool-vendored vulnerable to argument injection via newline characters in tag names

Impact exiftool-vendored starts ExifTool in -stayopen True -@ - mode, where arguments are read from stdin one per line. In affected versions, several caller-supplied strings were interpolated into ExifTool arguments without rejecting line delimiters. A newline or carriage return inside one of tho...

8.2CVSS6.4AI score0.00485EPSS
Exploits0References5
Rows per page
Query Builder