Lucene search
K

254 matches found

OSV
OSV
added 5 days ago5 views

PYSEC-2026-508 Compromise of PyTorch Lightning PyPi Package Versions

Security Advisory: Compromise of PyTorch Lightning PyPI Package Versions Published: 2026-04-30 Last Updated: 2026-05-12 Github Advisory: CVE-2026-44484 We have identified a security incident affecting certain versions of one of our PyPI packages. What happened We have determined that one or more...

9.8CVSS5.9AI score0.00392EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 a.m.10 views

CVE-2026-44983

smallbitvec is a growable bit-vector for Rust, optimized for size. From 1.0.1 to 2.6.0, an integer overflow in the internal capacity calculation of smallbitvec can lead to an undersized heap allocation, resulting in a heap buffer overflow through safe APIs only. This allows memory corruption...

7.3CVSS5.9AI score0.00151EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/28 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-44983

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smallbitvec is a growable bit-vector for Rust, optimized for size. From 1.0.1 to 2.6.0, an integer overflow in the internal capacity calculation of smallbitvec...

7.3CVSS6.1AI score0.00151EPSS
Exploits0References3
OSV
OSV
added 2026/05/26 10:16 p.m.6 views

DEBIAN-CVE-2026-44983

smallbitvec is a growable bit-vector for Rust, optimized for size. From 1.0.1 to 2.6.0, an integer overflow in the internal capacity calculation of smallbitvec can lead to an undersized heap allocation, resulting in a heap buffer overflow through safe APIs only. This allows memory corruption...

7.3CVSS6.1AI score0.00151EPSS
Exploits0References1
CVE
CVE
added 2026/05/26 9:38 p.m.40 views

CVE-2026-44983

Summary of CVE-2026-44983 (smallbitvec): An integer overflow in the internal capacity calculation (cap + bits_per_storage() - 1) can produce an undersized heap allocation, enabling a heap buffer overflow through safe APIs in versions 1.0.1–2.6.0 of the Rust crate smallbitvec. This can cause memor...

7.3CVSS6.1AI score0.00151EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/26 9:38 p.m.10 views

CVE-2026-44983 smallbitvec: Safe API Triggered Heap Buffer Overflow via Integer Overflow

smallbitvec is a growable bit-vector for Rust, optimized for size. From 1.0.1 to 2.6.0, an integer overflow in the internal capacity calculation of smallbitvec can lead to an undersized heap allocation, resulting in a heap buffer overflow through safe APIs only. This allows memory corruption...

7.3CVSS6.1AI score0.00151EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/26 9:38 p.m.15 views

EUVD-2026-32015

smallbitvec is a growable bit-vector for Rust, optimized for size. From 1.0.1 to 2.6.0, an integer overflow in the internal capacity calculation of smallbitvec can lead to an undersized heap allocation, resulting in a heap buffer overflow through safe APIs only. This allows memory corruption...

7.3CVSS6.1AI score0.00151EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/12 5:22 p.m.7 views

Deserialization of Untrusted Data

Overview pytorch-lightning is a lightweight PyTorch wrapper for ML researchers. Scale your models. Write less boilerplate. Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the LightningModule.loadfromcheckpoint function. Any workflow that calls this functio...

9.8CVSS6.2AI score0.00385EPSS
Exploits1References2
OSV
OSV
added 2026/05/05 6:35 p.m.7 views

GHSA-7WC8-WVC4-M498 Microdot has HTTP response splitting in Response.set_cookie()

Impact The Response.setcookie method does not sanitize its string arguments, and in particular will not detect the presence of the \r\n sequence in them. This can be a potential source of header injection attacks. For a header injection attack through this issue to be possible, an attacker must...

3.7CVSS5.8AI score0.00215EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/05 6:35 p.m.6 views

Microdot has HTTP response splitting in Response.set_cookie()

Impact The Response.setcookie method does not sanitize its string arguments, and in particular will not detect the presence of the \r\n sequence in them. This can be a potential source of header injection attacks. For a header injection attack through this issue to be possible, an attacker must...

3.7CVSS5.8AI score0.00215EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/04/12 12:45 a.m.7 views

CVE-2026-6107

Affected product: 1Panel-dev MaxKB (

5.1CVSS4.5AI score0.00212EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/04/08 8:30 a.m.4 views

CVE-2026-39702

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wealcoder Animation Addons for Elementor animation-addons-for-elementor allows DOM-Based XSS.This issue affects Animation Addons for Elementor: from n/a through = 2.6.1...

6.5CVSS5.9AI score0.00133EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/08 8:30 a.m.22 views

CVE-2026-39702 WordPress Animation Addons for Elementor plugin <= 2.6.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wealcoder Animation Addons for Elementor animation-addons-for-elementor allows DOM-Based XSS.This issue affects Animation Addons for Elementor: from n/a through = 2.6.1...

6.5CVSS0.00133EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/03/15 4:21 a.m.123 views

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

CVE-2021-44228 Log4Shell POC Overview Proof of Concept for...

10CVSS6.2AI score0.99999EPSS
Exploits349
CBLMariner
CBLMariner
added 2026/03/09 2:32 p.m.5 views

CVE-2025-30204 affecting package influxdb for versions less than 2.6.1-30

CVE-2025-30204 affecting package influxdb for versions less than 2.6.1-30. A patched version of the package is available...

7.5CVSS7.3AI score0.00693EPSS
Exploits0
NVD
NVD
added 2026/02/20 4:22 p.m.9 views

CVE-2025-69383

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Agence web Eoxia - Montpellier WP shop wpshop allows PHP Local File Inclusion.This issue affects WP shop: from n/a through = 2.6.1...

7.5CVSS0.00339EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/20 3:46 p.m.2 views

CVE-2025-69383 WordPress WP shop plugin <= 2.6.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Agence web Eoxia - Montpellier WP shop wpshop allows PHP Local File Inclusion.This issue affects WP shop: from n/a through = 2.6.1...

5.5AI score0.00339EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/10 4:25 p.m.27 views

CVE-2025-32452

Uncontrolled search path for some AI Playground before version 2.6.1 beta within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may...

6.7CVSS0.0009EPSS
Exploits0References1
Intel
Intel
added 2026/02/10 12:0 a.m.6 views

AI Playground Software Advisory

Summary: A potential security vulnerability for some AI Playground software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2025-32452 Description: Uncontrolled search path for some AI Playground...

6.7CVSS5.3AI score0.0009EPSS
Exploits0
EUVD
EUVD
added 2026/01/12 10:5 p.m.10 views

EUVD-2026-1995

Emlog is an open source website building system. emlog v2.6.1 and earlier exposes a REST API endpoint /index.php?rest-api=upload for media file uploads. The endpoint fails to implement proper validation of file types, extensions, and content, allowing authenticated attackers with a valid API key ...

9.3CVSS7.5AI score0.00627EPSS
Exploits1References2
Rows per page
Query Builder