Lucene search
K

215086 matches found

CVE
CVE
added 1 hour ago5 views

CVE-2026-21379

CVE-2026-21379 describes a memory corruption (buffer over-read) issue in Windows Compute caused by allocating memory with sizes that exceed the maximum allowed value. The CVSS 3.1 metrics indicate a high impact on confidentiality, integrity, and availability (C:H, I:H, A:H) with a local attack ve...

7.8CVSS6AI score
Exploits0References1
Cvelist
Cvelist
added 1 hour ago3 views

CVE-2026-21379 Buffer Over-read in Windows Compute

Memory Corruption when allocating memory with sizes that exceed the maximum allowed value...

7.8CVSS
Exploits0References1
NVD
NVD
added 2 hours ago4 views

CVE-2026-55798

Pillow is a Python imaging library. Prior to 12.3.0, WindowsViewer.getcommand constructed a cmd.exe shell command by directly embedding a file path into an f-string without escaping and passed the result to subprocess.Popen..., shell=True, allowing shell metacharacters in the file path to inject...

4.5CVSS
Exploits0References5
OSV
OSV
added 6 hours ago2 views

BIT-PYTHON-MIN-2026-3298 Out-of-bounds write in Windows asyncio.ProacterEventLoop.sock_recvfrom_into() when using nbytes

The method "sockrecvfrominto" of "asyncio.ProacterEventLoop" Windows only was missing a boundary check for the data buffer when using nbytes parameter. This allowed for an out-of-bounds buffer write if data was larger than the buffer size. Non-Windows platforms are not affected...

8.8CVSS5.9AI score0.00374EPSS
Exploits0References7
OSV
OSV
added 6 hours ago3 views

BIT-PYTHON-2026-3298 Out-of-bounds write in Windows asyncio.ProacterEventLoop.sock_recvfrom_into() when using nbytes

The method "sockrecvfrominto" of "asyncio.ProacterEventLoop" Windows only was missing a boundary check for the data buffer when using nbytes parameter. This allowed for an out-of-bounds buffer write if data was larger than the buffer size. Non-Windows platforms are not affected...

8.8CVSS5.9AI score0.00374EPSS
Exploits0References7
OSV
OSV
added 6 hours ago8 views

BIT-PYTHON-MIN-2026-12003 CPython >3.11 Insecure Input Validation resulting in privilege escalation

To allow builds of Python to be run from an in-tree layout rather than an installed file layout, the VPATH variable is defined at build time and used to locate certain landmarks - specifically, Modules/setup.local. When this landmark is found relative to VPATH relative to the executable, Python...

5.3CVSS5.4AI score0.00136EPSS
Exploits0References9
OSV
OSV
added 6 hours ago5 views

BIT-PYTHON-2026-12003 CPython >3.11 Insecure Input Validation resulting in privilege escalation

To allow builds of Python to be run from an in-tree layout rather than an installed file layout, the VPATH variable is defined at build time and used to locate certain landmarks - specifically, Modules/setup.local. When this landmark is found relative to VPATH relative to the executable, Python...

5.3CVSS5.5AI score0.00136EPSS
Exploits0References9
OSV
OSV
added 6 hours ago4 views

BIT-LIBPYTHON-2026-3298 Out-of-bounds write in Windows asyncio.ProacterEventLoop.sock_recvfrom_into() when using nbytes

The method "sockrecvfrominto" of "asyncio.ProacterEventLoop" Windows only was missing a boundary check for the data buffer when using nbytes parameter. This allowed for an out-of-bounds buffer write if data was larger than the buffer size. Non-Windows platforms are not affected...

8.8CVSS5.9AI score0.00374EPSS
Exploits0References7
OSV
OSV
added 6 hours ago6 views

BIT-LIBPYTHON-2026-12003 CPython >3.11 Insecure Input Validation resulting in privilege escalation

To allow builds of Python to be run from an in-tree layout rather than an installed file layout, the VPATH variable is defined at build time and used to locate certain landmarks - specifically, Modules/setup.local. When this landmark is found relative to VPATH relative to the executable, Python...

5.3CVSS5.4AI score0.00136EPSS
Exploits0References9
BDU FSTEC
BDU FSTEC
added 9 hours ago10 views

The vulnerability of the Kerberos protocol for Windows operating systems allows attackers to increase their privileges.

The vulnerability of the Kerberos protocol for Windows operating systems is related to errors in the mechanism for handling relative pathnames to the directory. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...

9CVSS6.1AI score0.02593EPSS
Exploits1References2
The Hacker News
The Hacker News
added 13 hours ago5 views

New Java-Based QuimaRAT MaaS Built to Run on Windows, Linux, and macOS

Cybersecurity researchers have flagged a novel Java-based remote access trojan RAT called QuimaRAT that's capable of targeting Windows, Linux, and macOS environments. According to LevelBlue, the cross-platform malware is advertised under a malware-as-a-service MaaS model, costing anywhere between...

6.3AI score
Exploits0
Nuclei
Nuclei
added 18 hours ago38 views

ShokoServer System - Local File Inclusion (LFI)

ShokoServer is a media server which specializes in organizing anime. In affected versions the /api/Image/WithPath endpoint is accessible without authentication and is supposed to return default server images. The endpoint accepts the parameter serverImagePath, which is not sanitized in any way...

8.6CVSS7.3AI score0.08147EPSS
Exploits1References2
Nuclei
Nuclei
added 18 hours ago20 views

MPDV Mikrolab GmbH HYDRA X, MIP 2 & FEDRA 2 - Path Traversal

MPDV Mikrolab GmbH HYDRA X, MIP 2, and FEDRA 2 = Maintenance Pack 36 with Servicepack 8 week 36/2025 contain an unauthenticated local file disclosure vulnerability caused by improper validation of the "Filename" parameter in the public $SCHEMAS$ resource, letting attackers read arbitrary Windows ...

7.5CVSS7.2AI score0.03655EPSS
Exploits0References2
Nuclei
Nuclei
added 18 hours ago19 views

Gradio - Absolute Path Traversal

Gradio 6.7 on Windows with Python 3.13+ contains an absolute path traversal caused by incorrect path validation in path joining logic, letting unauthenticated attackers read arbitrary files from the server. id: CVE-2026-28414 info: name: Gradio - Absolute Path Traversal author: 0xAkoko severity:...

7.5CVSS7.3AI score0.03095EPSS
Exploits1References2
Nuclei
Nuclei
added 18 hours ago125 views

EasySpider 0.6.2 - Arbitrary File Read

A vulnerability classified as problematic was found in NaiboWang EasySpider 0.6.2 on Windows. Affected by this vulnerability is an unknown functionality of the file \EasySpider\resources\app\server.js of the component HTTP GET Request Handler. The manipulation with the input...

8.8CVSS5.5AI score0.03333EPSS
Exploits1References6
Nuclei
Nuclei
added 18 hours ago38 views

LOLLMS WebUI - Absolute Path Traversal

An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in the openfile endpoint of lollmsadvanced.py. The sanitizepath function with allowabsolutepath=True allows an attacker to access arbitrary files and directories on a Windows system. This vulnerability can...

7.5CVSS7.2AI score0.01957EPSS
Exploits1References3
Nuclei
Nuclei
added 18 hours ago72 views

Academy LMS 6.2 - Cross-Site Scripting

A vulnerability was found in Academy LMS 6.2 on Windows. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument...

6.1CVSS3.9AI score0.01835EPSS
Exploits4References2
Nuclei
Nuclei
added 18 hours ago91 views

WebIQ 2.15.9 - Directory Traversal

The Windows version of WebIQ 2.15.9 is affected by a directory traversal vulnerability that allows remote attackers to read any file on the system. id: CVE-2024-8752 info: name: WebIQ 2.15.9 - Directory Traversal author: s4e-io severity: high description: | The Windows version of WebIQ 2.15.9 is...

9.3CVSS7.3AI score0.11759EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday238 views

Splunk Enterprise - Local File Inclusion

In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows. id: CVE-2024-36991 info: name: Splunk...

7.5CVSS7.1AI score0.1311EPSS
Exploits10References3
Nuclei
Nuclei
added yesterday284 views

Qlik Sense Enterprise - Path Traversal

A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows an unauthenticated remote attacker to generate an anonymous...

8.2CVSS7.1AI score0.84966EPSS
Exploits0References5
Rows per page
Query Builder