Lucene search
+L

4948 matches found

OSV
OSV
added 5 days ago7 views

ROOT-OS-DEBIAN-11-CVE-2026-46113 CVE-2026-46113 in rootio-linux - Patched by Root

Root has patched CVE-2026-46113 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...

5.5CVSS5.8AI score0.00126EPSS
Exploits0
OSV
OSV
added 5 days ago6 views

ROOT-OS-DEBIAN-11-CVE-2025-38572 CVE-2025-38572 in rootio-linux - Patched by Root

Root has patched CVE-2025-38572 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...

7.8CVSS7.2AI score0.0018EPSS
Exploits0
OSV
OSV
added 5 days ago5 views

ROOT-OS-DEBIAN-11-CVE-2024-49571 CVE-2024-49571 in rootio-linux - Patched by Root

Root has patched CVE-2024-49571 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...

5.5CVSS6.9AI score0.00214EPSS
Exploits0
OSV
OSV
added 5 days ago5 views

ROOT-OS-DEBIAN-11-CVE-2025-40139 CVE-2025-40139 in rootio-linux - Patched by Root

Root has patched CVE-2025-40139 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...

4.7CVSS7.3AI score0.00182EPSS
Exploits0
OSV
OSV
added 5 days ago6 views

ROOT-OS-DEBIAN-11-CVE-2026-46049 CVE-2026-46049 in rootio-linux - Patched by Root

Root has patched CVE-2026-46049 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...

5.5CVSS5.2AI score0.00123EPSS
Exploits0
Positive Technologies
Positive Technologies
added 5 days ago5 views

PT-2026-58090

Name of the Vulnerable Software and Affected Versions Pillow versions prior to 12.3.0 Description Public image coordinate APIs in the Pillow Python imaging library can trigger a native heap out-of-bounds write. This occurs when coordinates near the signed 32-bit integer limits are provided to the...

7.5CVSS6.1AI score0.0039EPSS
Exploits1References25
OSV
OSV
added 2026/07/10 9:28 p.m.4 views

CVE-2026-55852 Frappe: TarSlip RCE in Package Import

Frappe is a full-stack web application framework. Prior to 16.23.0 and 15.112.0, TarSlip RCE was possible in Package Import because tarfile members were not sufficiently checked before extraction. This issue is fixed in versions 16.23.0 and 15.112.0...

8.6CVSS6.1AI score0.00457EPSS
Exploits0References11
OSV
OSV
added 2026/07/10 6:36 p.m.5 views

CVE-2026-55472 Snipe-IT: API Location Creation Bypasses FMCS Parent-Child Company Boundary Validation

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, when Full Multiple Companies Support and scopelocationsfmcs are enabled, the API location creation endpoint detects an invalid parent-child company mismatch but does not return immediately, allowing creation of a child location...

4.3CVSS6.1AI score0.00197EPSS
Exploits0References5
CVE
CVE
added 2026/07/10 4:13 p.m.30 views

CVE-2026-55885

CVE-2026-55885 (Grav) : An authenticated admin with backup permissions can download a ZIP of the Grav installation via the backup/download endpoint, exposing sensitive data: admin.yaml with the administrator password hash and site configuration under user/config. The vulnerability stems from (1) ...

6.8CVSS6AI score0.00174EPSS
Exploits0References2
OSV
OSV
added 2026/07/09 5:4 p.m.6 views

CVE-2026-59212 Open WebUI: Model meta.knowledge read-only file access can be upgraded to file write/delete

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.6 before 0.10.0, verifyknowledgefileaccess only checked read access while file write and delete routes later trusted object-derived access through writable model meta.knowledge entries, allowing a user...

5.4CVSS6.1AI score0.00308EPSS
Exploits1References6
EUVD
EUVD
added 2026/07/09 4:55 p.m.7 views

EUVD-2026-42629

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.6.27 before 0.10.0, getallmodels handlers in routers/openai.py and routers/ollama.py passed a lambda to aiocache key instead of keybuilder, causing permission-filtered per-user model lists to share a stat...

3.5CVSS6AI score0.00273EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/07/09 2:57 a.m.4 views

SUSE CVE-2026-44662

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.0 to before 0.10.79, CipherCtxRef::cipherupdate, CipherCtxRef::cipherupdatevec, and symm::Crypter::update incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers EVPaes128,192,256wrappad...

4.8CVSS6.1AI score0.00172EPSS
Exploits0References19
EUVD
EUVD
added 2026/07/08 7:40 p.m.7 views

EUVD-2026-42369

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, an authenticated user with subscription deny permissions could bypass a plain subject deny rule by using a queue subscription, because queue-specific deny...

6.5CVSS6AI score0.00463EPSS
Exploits0References7
OSV
OSV
added 2026/07/08 4:13 p.m.7 views

CVE-2026-59930 Mistune toc / TableOfContents directive: heading IDs use predictable `toc_N` numbering with no slugification, allowing collision with attacker-controlled `id="toc_N"` content

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the toc plugin and TableOfContents directive generate heading IDs as predictable tocN values without slugifying the heading text, allowing attacker-controlled id="tocN" content to collide with generated anchors and...

4.3CVSS6.1AI score0.00128EPSS
Exploits1References5
OSV
OSV
added 2026/07/08 9:2 a.m.14 views

ROOT-APP-PYPI-CVE-2026-42311 CVE-2026-42311 in rootio-pillow - Patched by Root

Root has patched CVE-2026-42311 in the rootio-pillow package for Root:PyPI. Multiple fixed versions available...

7.8CVSS5.8AI score0.0015EPSS
Exploits0
OSV
OSV
added 2026/07/07 9:13 p.m.6 views

CVE-2026-58266 Anki: User scripts in iframes have access to the internal Anki API

Anki is a program for creating and reviewing flashcards. Prior to 25.09.4, Anki's webview-based pages communicate with the Rust backend using an internal localhost API, and user scripts included via iframes in the editor can access this API despite protections intended to block reviewer and edito...

6.5CVSS6AI score0.00169EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/07 8:48 p.m.6 views

CVE-2026-55592

Dashy is a self-hostable personal dashboard. Prior to 4.3.7, Dashy's workspace view trusts the url query parameter and assigns it directly to an iframe source without scheme validation. If a logged-in user opens a crafted workspace link containing a javascript: URL, JavaScript runs on the Dashy...

3.9CVSS6AI score0.00255EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/07/07 3:11 a.m.6 views

CVE-2026-34152 Coolify: Command Injection via Newline in Pre/Post Deployment Commands (Heredoc Transport)

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, pre-deployment and post-deployment commands are single-quote escaped but then sent through SSH heredoc transport that preserves newlines, allowing an authenticated user to...

8.8CVSS6.1AI score0.00372EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/07 3:5 a.m.6 views

CVE-2026-34168

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the LocalPersistentVolume.name field is interpolated directly into docker volume shell commands without shell argument escaping, allowing an authenticated user to set a...

8.8CVSS6AI score0.00403EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/07/07 2:56 a.m.5 views

EUVD-2026-41982

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, log drain secret and environment values were interpolated into shell commands without sufficient encoding, allowing an authenticated user to inject commands executed on the...

8.8CVSS6AI score0.0034EPSS
Exploits0References3
Rows per page
Query Builder