Lucene search
K

2863 matches found

Cvelist
Cvelist
added yesterday23 views

CVE-2026-13014 Remote Code Execution vulnerability in "Suspicious" application

A vulnerability in Thales CERT "Suspicious" application = 1.3.4 allows a remote and unauthenticated attacker to execute arbitrary code and arbitrarily overwrite writable application files—including Python modules, configuration files, cron inputs, and runtime artifacts—leading to a persistent...

9.2CVSS0.00704EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/06 9:54 a.m.6 views

EUVD-2026-41869

Apache Airflow's Google provider operators GCSToSFTPOperator and GCSTimeSpanFileTransformOperator joined GCS object names returned by the bucket listing API directly to a destination filesystem path without normalisation or containment check. A user with write access to the source GCS bucket...

8.1CVSS6.1AI score0.01058EPSS
Exploits1References2
OSV
OSV
added 2026/07/02 8:19 p.m.6 views

GHSA-322X-V876-G883 @asymmetric-effort/nogginlessdom's Path Traversal in matchFileSnapshot allows arbitrary file write

Summary The matchFileSnapshot function in src/assertions/snapshots.ts accepted a filePath parameter with zero validation. When snapshot update mode was active UPDATESNAPSHOTS=1 or setUpdateMode'all', an attacker who controls test input could write arbitrary content to any filesystem path the...

8.7CVSS6AI score
Exploits0References3
NVD
NVD
added 2026/07/01 8:17 p.m.6 views

CVE-2026-54164

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. In versions prior to 4.1.30, 4.2.26 and 4.3.12, the serializer's AbstractItemNormalizer does not validate the resource type returned when resolving relation IRIs, allowing type confusion where a resource of an...

6.5CVSS0.00195EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/01 7:14 p.m.33 views

CVE-2026-54164 API Platform Core: Missing IRI type check enables resource type confusion

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. In versions prior to 4.1.30, 4.2.26 and 4.3.12, the serializer's AbstractItemNormalizer does not validate the resource type returned when resolving relation IRIs, allowing type confusion where a resource of an...

6.5CVSS0.00195EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/01 7:14 p.m.6 views

CVE-2026-54164

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. In versions prior to 4.1.30, 4.2.26 and 4.3.12, the serializer's AbstractItemNormalizer does not validate the resource type returned when resolving relation IRIs, allowing type confusion where a resource of an...

6.5CVSS5.7AI score0.00195EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/07/01 3:36 p.m.18 views

CVE-2026-58454

Affected product : JAIOTlink C492A-W6 Wi‑Fi IP cameras running firmware 4.8.30.57701411. Vulnerability : remote code execution via the authenticated /Anyka/config HTTP endpoint. Root cause / vector : attackers with authentication can write to writable persistent JFFS2 storage, stage a malicious s...

7.7CVSS6.6AI score0.00523EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/01 3:36 p.m.33 views

CVE-2026-58454 JAIOTlink C492A-W6 4.8.30.57701411 RCE via /Anyka/config Endpoint

JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a remote code execution vulnerability that allows authenticated attackers to execute arbitrary shell scripts by writing to the writable persistent JFFS2 storage path and triggering execution through the authenticated HTT...

7.7CVSS0.00523EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 3:36 p.m.9 views

EUVD-2026-41050

JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a remote code execution vulnerability that allows authenticated attackers to execute arbitrary shell scripts by writing to the writable persistent JFFS2 storage path and triggering execution through the authenticated HTT...

7.7CVSS6.6AI score0.00523EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/30 8:50 p.m.21 views

CVE-2026-54515

A flaw was found in jackson-databind. This vulnerability occurs in the data-binding functionality where properties intended to be ignored are incorrectly restored and become writable again. An attacker could potentially exploit this by providing input that modifies data through these supposedly...

5.3CVSS5.6AI score0.00345EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/06/30 5:47 p.m.8 views

Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux for NVIDIA. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

7.8CVSS7.2AI score0.00321EPSS
Exploits11References3
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.7 views

PT-2026-53998

Name of the Vulnerable Software and Affected Versions txtai versions prior to 9.10.1 Description The software exposes an API endpoint '/reindex' where the function body parameter is processed by txtai.util.Resolver. This resolver performs import and getattr on a dotted path provided by the user...

9.8CVSS6.5AI score0.00725EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/06/29 7:59 p.m.6 views

kernel: net/sched: act_pedit: extend the writable skb range per key

A flaw was found in the Linux kernel's traffic control packet editing pedit subsystem. In tcfpeditact, the copy-on-write COW range for skbensurewritable is computed once before iterating over edit keys, but the calculation does not account for runtime header offsets added by typed keys. This can...

7.8CVSS6.1AI score0.00321EPSS
Exploits11References6
RedHat Linux
RedHat Linux
added 2026/06/29 7:54 p.m.5 views

kernel: net/sched: act_pedit: extend the writable skb range per key

A flaw was found in the Linux kernel's traffic control packet editing pedit subsystem. In tcfpeditact, the copy-on-write COW range for skbensurewritable is computed once before iterating over edit keys, but the calculation does not account for runtime header offsets added by typed keys. This can...

7.8CVSS6.1AI score0.00321EPSS
Exploits11References6
RedHat Linux
RedHat Linux
added 2026/06/29 7:44 p.m.9 views

kernel: net/sched: act_pedit: extend the writable skb range per key

A flaw was found in the Linux kernel's traffic control packet editing pedit subsystem. In tcfpeditact, the copy-on-write COW range for skbensurewritable is computed once before iterating over edit keys, but the calculation does not account for runtime header offsets added by typed keys. This can...

7.8CVSS6.1AI score0.00321EPSS
Exploits11References6
RedhatCVE
RedhatCVE
added 2026/06/29 1:39 p.m.6 views

CVE-2026-53266

A flaw was found in the Linux kernel's netfilter bridge ebtables SNAT Source Network Address Translation module. This vulnerability allows a local attacker on a system configured with specific bridge netfilter rules to improperly modify underlying memory pages during an ARP Address Resolution...

8.8CVSS5.9AI score0.00129EPSS
Exploits0References4
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-299 BoxLite: Permission Bypass Allows Modification of Read-Only Files

Summary Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. One of the core security features claimed by Boxlite is the ability to mount host directories in read-only mode readonly=True into the V...

10CVSS6.2AI score0.00289EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.5 views

TencentOS Server 3: kernel (TSSA-2026:0544)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0544 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

7.8CVSS6.4AI score0.00321EPSS
Exploits11References2
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.24 views

Linux Distros Unpatched Vulnerability : CVE-2026-53266

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: bridge: make ebtsnat ARP rewrite writable The ebtables SNAT target keeps the Ethernet source address rewrite behind skbensurewritableskb, 0. This is...

8.8CVSS6AI score0.00129EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:6 a.m.6 views

netfilter: bridge: make ebt_snat ARP rewrite writable

...

8.8CVSS5.8AI score0.00129EPSS
Exploits0
Rows per page
Query Builder