Lucene search
K

60403 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.5 views

CVE-2026-33286

Graphiti is a framework that sits on top of models and exposes them via a JSON:API-compliant interface. Versions prior to 1.10.2 have an arbitrary method execution vulnerability that affects Graphiti's JSONAPI write functionality. An attacker can craft a malicious JSONAPI payload with arbitrary...

9.1CVSS6.2AI score0.00632EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 2:59 p.m.2 views

CVE-2026-28793

Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI development server exposes media endpoints that are vulnerable to path traversal, allowing attackers to read and write arbitrary files on the filesystem outside the intended media directory. When running tinacms dev, th...

8.4CVSS6AI score0.00203EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 2:59 p.m.3 views

CVE-2026-28792

Tina is a headless content management system. Prior to 2.1.8 , the TinaCMS CLI dev server combines a permissive CORS configuration Access-Control-Allow-Origin: with the path traversal vulnerability previously reported to enable a browser-based drive-by attack. A remote attacker can enumerate the...

9.6CVSS6AI score0.00535EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 2:58 p.m.6 views

CVE-2026-4756

Out-of-bounds Write vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11...

7.8CVSS5.8AI score0.00113EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 2:57 p.m.4 views

CVE-2026-0957

There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted file in Digilent DASYLab. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted...

8.5CVSS6.1AI score0.00229EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 2:57 p.m.4 views

CVE-2026-0124

There is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS6AI score0.00136EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 2:57 p.m.3 views

CVE-2026-0898

An arbitrary file-write vulnerability in Pega Browser Extension PBE affects Pega Robot Studio developers who are automating Google Chrome and Microsoft Edge using either version 22.1 or R25. This vulnerability does not affect Robot Runtime users. A bad actor could create a website that includes...

9CVSS5.9AI score0.00321EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/03/26 2:51 p.m.10 views

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.1.6

Red Hat OpenShift Service Mesh 3.1.6 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift Service Mesh 3.1....

10CVSS7.3AI score0.01945EPSS
Exploits2References14
RedHat Linux
RedHat Linux
added 2026/03/26 2:31 p.m.14 views

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.0.9

Red Hat OpenShift Service Mesh 3.0.9 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift Service Mesh 3.0....

10CVSS7.3AI score0.01945EPSS
Exploits2References14
RedHat Linux
RedHat Linux
added 2026/03/26 2:9 p.m.2 views

cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive

A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the 'cgo pkg-config:' directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a '--log-file' argument to the pkg-config command...

8.6CVSS7.2AI score0.00532EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/03/26 2:9 p.m.7 views

Important: Red Hat Security Advisory: golang security update

An update for golang is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

8.6CVSS7.2AI score0.00728EPSS
Exploits0References3
CVE
CVE
added 2026/03/26 2:3 p.m.12 views

CVE-2026-27664

The CVE-2026-27664 affects CPCI85 Central Processing/Communication and SICORE Base system versions before V26.10 (CPCI85) and before V26.10.0 (SICORE Base). The issue is an out-of-bounds write encountered while parsing specially crafted XML inputs, enabling an unauthenticated attacker to trigger ...

8.7CVSS5.7AI score0.00358EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/03/26 1:53 p.m.5 views

cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive

A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the 'cgo pkg-config:' directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a '--log-file' argument to the pkg-config command...

8.6CVSS7.2AI score0.00532EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/03/26 1:53 p.m.18 views

Important: Red Hat Security Advisory: golang security update

An update for golang is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

8.6CVSS7.2AI score0.00728EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/03/26 1:47 p.m.5 views

cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive

A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the 'cgo pkg-config:' directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a '--log-file' argument to the pkg-config command...

8.6CVSS7.2AI score0.00532EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/03/26 1:47 p.m.8 views

Important: Red Hat Security Advisory: golang security update

An update for golang is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

8.6CVSS7.2AI score0.00728EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/03/26 1:40 p.m.4 views

cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive

A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the 'cgo pkg-config:' directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a '--log-file' argument to the pkg-config command...

8.6CVSS7.2AI score0.00532EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/03/26 1:40 p.m.5 views

Important: Red Hat Security Advisory: golang security update

An update for golang is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

8.6CVSS7.2AI score0.00728EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/26 12:30 p.m.3 views

EUVD-2026-16160

The VSL privileged helper does utilize NSXPC for IPC. The implementation of the "shouldAcceptNewConnection" function, which is used by the NSXPC framework to validate if a client should be allowed to connect to the XPC listener, does not validate clients at all. This means that any process can...

8.8CVSS5.9AI score0.00449EPSS
Exploits1References2
NVD
NVD
added 2026/03/26 11:16 a.m.4 views

CVE-2026-24068

The VSL privileged helper does utilize NSXPC for IPC. The implementation of the "shouldAcceptNewConnection" function, which is used by the NSXPC framework to validate if a client should be allowed to connect to the XPC listener, does not validate clients at all. This means that any process can...

8.8CVSS0.00449EPSS
Exploits1References2
Rows per page
Query Builder