Lucene search
K

363836 matches found

NVD
NVD
•added 2026/06/24 7:17 p.m.•7 views

CVE-2026-13027

Use after free in FileSystem in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS0.00195EPSS
Exploits0References2
NVD
NVD
•added 2026/06/24 7:17 p.m.•10 views

CVE-2026-13022

Inappropriate implementation in Autofill in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

6.5CVSS0.00138EPSS
Exploits0References2
NVD
NVD
•added 2026/06/24 7:17 p.m.•11 views

CVE-2025-60471

A use-after-free in the gffilterpidreconfiguretaskdiscard function /filtercore/filterpid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted media file...

5.5CVSS0.00136EPSS
Exploits1References6
NVD
NVD
•added 2026/06/24 6:17 p.m.•8 views

CVE-2026-54686

Warp is an agentic development environment. From 0.2021.04.25.23.05.stable00 until 0.2026.05.06.15.42.stable01, Warp accepted certain state-mutating terminal lifecycle hooks from the PTY stream without verifying that the hooks were emitted by Warp's shell integration for the active session. An...

4.3CVSS0.00278EPSS
Exploits1References3
NVD
NVD
•added 2026/06/24 6:17 p.m.•6 views

CVE-2026-54699

Warp is an agentic development environment. From 0.2024.03.12.08.02.stable01 until 0.2026.05.06.15.42.stable01, Warp contains an OS command injection vulnerability in the WSL URL-opening fallback. When Warp is running under WSL and cannot open a URL through wslview, it falls back to a Windows...

7.7CVSS0.00436EPSS
Exploits0References2
NVD
NVD
•added 2026/06/24 6:17 p.m.•9 views

CVE-2026-55611

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. From 1.11.1 until 1.14.1, userId/workspaceId scoping to the parsed-files read/delete paths was added. However, the POST /api/workspace/:slug/embed-parsed-file/:fileId flow...

0.00236EPSS
Exploits0References3
NVD
NVD
•added 2026/06/24 6:17 p.m.•7 views

CVE-2026-48725

Warp is an agentic development environment. From 0.2021.04.25.23.05.stable00 until 0.2026.05.06.15.42.stable01, Warp allows terminal output to request access to the local system clipboard. A malicious remote host, remote program, or other attacker-controlled terminal output source can trigger...

8.1CVSS0.00213EPSS
Exploits0References2
NVD
NVD
•added 2026/06/24 6:17 p.m.•7 views

CVE-2026-48731

Warp is an agentic development environment. From 0.2024.02.20.08.01.stable01 until 0.2026.05.06.15.42.stable01, Warp contains a command injection issue in the Linux external editor launcher. Warp expanded freedesktop .desktop Exec templates for affected editor integrations and executed the expand...

7.8CVSS0.00496EPSS
Exploits0References2
NVD
NVD
•added 2026/06/24 6:17 p.m.•7 views

CVE-2026-48789

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, on Windows, the document folder listing route can accept an encoded absolute Windows path that resolves outside the intended documents directory. The shared...

4.3CVSS0.00231EPSS
Exploits0References1
NVD
NVD
•added 2026/06/24 6:17 p.m.•6 views

CVE-2026-48721

Warp is an agentic development environment. From 0.2025.10.08.08.12.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command execution permission-check bypass in the default unsandboxed CLI agent profile. The CLI profile is non-interactive and relies on a command denylist as a safety...

8.6CVSS0.00145EPSS
Exploits0References2
NVD
NVD
•added 2026/06/24 6:17 p.m.•6 views

CVE-2026-48732

Warp is an agentic development environment. From 0.2023.03.21.08.02.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command injection issue in the legacy SSH background command path. Warp used the remote working directory reported by the session when building helper commands for...

8.8CVSS0.01007EPSS
Exploits1References2
NVD
NVD
•added 2026/06/24 6:17 p.m.•9 views

CVE-2026-48720

Warp is an agentic development environment. From 0.2025.03.05.08.02.stable00 until 0.2026.05.06.15.42.stable01, Warp accepts non-inline OSC 1337;File payloads from terminal output and materialize the decoded payload as a local file without an additional confirmation step. This vulnerability is...

8.8CVSS0.00247EPSS
Exploits0References2
NVD
NVD
•added 2026/06/24 6:17 p.m.•16 views

CVE-2026-49851

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Mistune is vulnerable to a CPU exhaustion DoS due to superlinear approximately On² behavior in parselinktext. When parsing Markdown containing many consecutive characters, parselinktext repeatedly scans the input usin...

8.7CVSS0.0035EPSS
Exploits0References4
NVD
NVD
•added 2026/06/24 6:17 p.m.•8 views

CVE-2026-48719

Warp is an agentic development environment. From 0.2025.08.06.08.12.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command injection in the prompt branch selector. A user who can publish a branch to a Git repository opened in Warp can cause a crafted branch name to be interpreted by...

8CVSS0.00948EPSS
Exploits0References2
NVD
NVD
•added 2026/06/24 6:17 p.m.•10 views

CVE-2026-44020

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.13.0 until 2.74.0, the USPTO patent XML parser used the standard xml.sax.parseString without protection against XML External Entity XXE attacks. An attacker could...

9.4CVSS0.00334EPSS
Exploits0References4
NVD
NVD
•added 2026/06/24 6:17 p.m.•10 views

CVE-2026-48703

Warp is an agentic development environment. From 0.2025.04.09.08.11.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command execution policy bypass in Agent code search tools. The affected Grep and FileGlob actions are authorized as read/search operations, but their implementations...

7.8CVSS0.00177EPSS
Exploits0References2
NVD
NVD
•added 2026/06/24 6:17 p.m.•8 views

CVE-2026-44017

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.91.0, the EasyOCR model download functionality extracted ZIP archives without validating member paths, enabling Zip Slip attacks. If an attacker could compromi...

8.3CVSS0.00478EPSS
Exploits0References5
NVD
NVD
•added 2026/06/24 6:17 p.m.•7 views

CVE-2026-48704

Warp is an agentic development environment. From 0.2023.10.24.08.03.stable00 until 0.2026.05.06.15.42.stable01, Warp may open executable local files through the operating system default file handler. A malicious Markdown document or project can contain a local-file link that appears as normal...

8.8CVSS0.00255EPSS
Exploits0References2
NVD
NVD
•added 2026/06/24 6:17 p.m.•9 views

CVE-2026-44022

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.73.0 until 2.91.0, he LaTeX backend's handling of \includegraphics, \input, and \include commands lacked path containment validation. Attackers could craft malicio...

5.5CVSS0.00163EPSS
Exploits0References2
NVD
NVD
•added 2026/06/24 6:17 p.m.•9 views

CVE-2026-44016

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. FIn versions = 2.82.0, 2.91.0, if the HTML backend was explicitly configured for rendering rendering option by default deactivated, then the Playwright-based rendering...

8.2CVSS0.00384EPSS
Exploits0References5
NVD
NVD
•added 2026/06/24 5:17 p.m.•7 views

CVE-2026-54906

concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::ReadWriteLockreleasewritelock does not verify that the calling thread acquired the write lock. Any thread with access to the lock object can release an active write lock held by another thread. A second writer can...

9.8CVSS0.0016EPSS
Exploits0References1
NVD
NVD
•added 2026/06/24 5:17 p.m.•8 views

CVE-2026-54297

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. From 1.0.0 until 1.10.6 and 2.14.3, Faraday::NestedParamsEncoder, the default nested query parameter encoder/decoder in Faraday, decodes nested query strings without enforcing a maximum nestin...

7.5CVSS0.00391EPSS
Exploits1References4
NVD
NVD
•added 2026/06/24 5:17 p.m.•8 views

CVE-2026-54905

concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::ReentrantReadWriteLock can incorrectly grant a write lock after one thread acquires the read lock 32,768 times. The lock stores a thread's local read and write hold counts in one integer. The low 15 bits are used...

5.5CVSS0.00106EPSS
Exploits0References1
NVD
NVD
•added 2026/06/24 5:17 p.m.•8 views

CVE-2026-54904

concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::AtomicReferenceupdate can enter a permanent busy retry loop when the current value is Float::NAN. The issue is caused by the interaction between AtomicReferenceupdate, which retries until compareandsetoldvalue,...

8.2CVSS0.00278EPSS
Exploits1References1
NVD
NVD
•added 2026/06/24 5:17 p.m.•9 views

CVE-2026-53127

In the Linux kernel, the following vulnerability has been resolved: block: fix zonescond memory leak on zone revalidation error paths When blkrevalidatediskzones fails after diskrevalidatezoneresources has allocated args.zonescond, the memory is leaked because no error path frees it...

0.00145EPSS
Exploits0References2
NVD
NVD
•added 2026/06/24 5:17 p.m.•11 views

CVE-2026-53130

In the Linux kernel, the following vulnerability has been resolved: fs/omfs: reject ssysblocksize smaller than OMFSDIRSTART omfsfillsuper rejects oversized ssysblocksize values PAGESIZE, but it does not reject values smaller than OMFSDIRSTART 0x1b8 = 440. Later, omfsmakeempty uses sbi-ssysblocksi...

7.8CVSS0.0013EPSS
Exploits0References8
NVD
NVD
•added 2026/06/24 5:17 p.m.•8 views

CVE-2026-53129

In the Linux kernel, the following vulnerability has been resolved: fs/mbcache: cancel shrink work before destroying the cache mbcachedestroy calls shrinkerfree and then frees all cache entries and the cache itself, but it does not cancel the pending cshrinkwork work item first. If...

7.8CVSS0.00117EPSS
Exploits0References4
NVD
NVD
•added 2026/06/24 5:17 p.m.•10 views

CVE-2026-53128

In the Linux kernel, the following vulnerability has been resolved: drbd: Balance RCU calls in drbdadmdumpdevices Make drbdadmdumpdevices call rcureadlock before rcureadunlock is called. This has been detected by the Clang thread-safety analyzer...

5.5CVSS0.00117EPSS
Exploits0References8
NVD
NVD
•added 2026/06/24 5:17 p.m.•20 views

CVE-2026-53125

In the Linux kernel, the following vulnerability has been resolved: md: fix arraystate=clear sysfs deadlock When "clear" is written to arraystate, mdattrstore breaks sysfs active protection so the array can delete itself from its own sysfs store method. However, mdattrstore currently drops the...

0.00169EPSS
Exploits0References3
NVD
NVD
•added 2026/06/24 5:17 p.m.•10 views

CVE-2026-53124

In the Linux kernel, the following vulnerability has been resolved: ublk: reset per-IO canceled flag on each fetch If a ublk server starts recovering devices but dies before issuing fetch commands for all IOs, cancellation of the fetch commands that were successfully issued may never complete. Th...

0.00145EPSS
Exploits0References2
NVD
NVD
•added 2026/06/24 5:17 p.m.•10 views

CVE-2026-53126

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix disk reference leak in blkcgmaybethrottlecurrent Add the missing putdisk on the error path in blkcgmaybethrottlecurrent. When blkcg lookup, blkg lookup, or blkgtryget fails, the function jumps to the out label whi...

0.00157EPSS
Exploits0References5
NVD
NVD
•added 2026/06/24 5:17 p.m.•15 views

CVE-2026-53119

In the Linux kernel, the following vulnerability has been resolved: platform/wmi: use generic driveroverride infrastructure When a driver is probed through driverattach, the bus' match callback is called without the device lock held, thus accessing the driveroverride field without a lock, which c...

0.00157EPSS
Exploits0References4
NVD
NVD
•added 2026/06/24 5:17 p.m.•9 views

CVE-2026-53120

In the Linux kernel, the following vulnerability has been resolved: PCI: use generic driveroverride infrastructure When a driver is probed through driverattach, the bus' match callback is called without the device lock held, thus accessing the driveroverride field without a lock, which can cause ...

0.00157EPSS
Exploits0References4
NVD
NVD
•added 2026/06/24 5:17 p.m.•13 views

CVE-2026-53117

In the Linux kernel, the following vulnerability has been resolved: s390/cio: use generic driveroverride infrastructure When a driver is probed through driverattach, the bus' match callback is called without the device lock held, thus accessing the driveroverride field without a lock, which can...

0.00171EPSS
Exploits0References5
NVD
NVD
•added 2026/06/24 5:17 p.m.•9 views

CVE-2026-53121

In the Linux kernel, the following vulnerability has been resolved: amd-pstate: Fix memory leak in amdpstateeppcpuinit On failure to set the epp, the function amdpstateeppcpuinit returns with an error code without freeing the cpudata object that was allocated at the beginning of the function...

0.00155EPSS
Exploits0References3
NVD
NVD
•added 2026/06/24 5:17 p.m.•8 views

CVE-2026-53122

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock between reflink and transaction commit when using flushoncommit When using the flushoncommit mount option, we can have a deadlock between a transaction commit and a reflink operation that copied an inline exte...

0.00179EPSS
Exploits0References4
NVD
NVD
•added 2026/06/24 5:17 p.m.•8 views

CVE-2026-53123

In the Linux kernel, the following vulnerability has been resolved: md: wake raid456 reshape waiters before suspend During raid456 reshape, direct IO across the reshape position can sleep in raid5makerequest waiting for reshape progress while still holding an activeio reference. If userspace then...

0.00171EPSS
Exploits0References4
NVD
NVD
•added 2026/06/24 5:17 p.m.•7 views

CVE-2026-53118

In the Linux kernel, the following vulnerability has been resolved: vdpa: use generic driveroverride infrastructure When a driver is probed through driverattach, the bus' match callback is called without the device lock held, thus accessing the driveroverride field without a lock, which can cause...

0.00155EPSS
Exploits0References3
NVD
NVD
•added 2026/06/24 5:17 p.m.•13 views

CVE-2026-53109

In the Linux kernel, the following vulnerability has been resolved: powerpc/pgtable-frag: Fix bad page state in ptefragdestroy powerpc uses ptfragrefcount as a reference counter for tracking it's pte and pmd page table fragments. For PTE table, in case of Hash with 64K pagesize, we have 16...

0.00161EPSS
Exploits0References3
NVD
NVD
•added 2026/06/24 5:17 p.m.•8 views

CVE-2026-53111

In the Linux kernel, the following vulnerability has been resolved: bpf: testrun: Fix the null pointer dereference issue in bpflwtxmitpushencap The bpflwtxmitpushencap helper needs to access skbdstskb-dev to calculate the needed headroom: err = skbcowheadskb, len + LLRESERVEDSPACEskbdstskb-dev; B...

0.00176EPSS
Exploits0References6
NVD
NVD
•added 2026/06/24 5:17 p.m.•8 views

CVE-2026-53116

In the Linux kernel, the following vulnerability has been resolved: s390/ap: use generic driveroverride infrastructure When the AP masks are updated via apmaskstore or aqmaskstore, apbusrevisebindings is called after apattrmutex has been released. This calls aprevisereserved, which accesses the...

0.00145EPSS
Exploits0References2
NVD
NVD
•added 2026/06/24 5:17 p.m.•10 views

CVE-2026-53113

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix memory leaks in beacon template setup The functions ath11kmacsetupbcntmplema and ath11kmacsetupbcntmplmbssid allocate memory for beacon templates but fail to free it when parameter setup returns an error. Since...

0.00159EPSS
Exploits0References2
NVD
NVD
•added 2026/06/24 5:17 p.m.•9 views

CVE-2026-53110

In the Linux kernel, the following vulnerability has been resolved: s390/bpf: Zero-extend bpf prog return values and kfunc arguments s390x ABI requires callers to zero-extend unsigned arguments and sign-extend signed arguments, and callees to zero-extend unsigned return values and sign-extend...

7.8CVSS0.0012EPSS
Exploits0References5
NVD
NVD
•added 2026/06/24 5:17 p.m.•10 views

CVE-2026-53115

In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc: use generic driveroverride infrastructure When a driver is probed through driverattach, the bus' match callback is called without the device lock held, thus accessing the driveroverride field without a lock, which ca...

0.00157EPSS
Exploits0References4
NVD
NVD
•added 2026/06/24 5:17 p.m.•10 views

CVE-2026-53112

In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: pci: fix possible use-after-free caused by unfinished irqpreparebcntasklet The irqpreparebcntasklet is initialized in rtlpciinit and scheduled when RTLIMRBCNINT interrupt is triggered by hardware. But it is never...

0.00164EPSS
Exploits0References8
NVD
NVD
•added 2026/06/24 5:17 p.m.•10 views

CVE-2026-53108

In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Fix unmap race with PMD migration entries The following race is possible with migration swap entries or device-private THP entries. e.g. when movepages is called on a PMD THP page, then there maybe an intermediate...

0.00151EPSS
Exploits0References2
NVD
NVD
•added 2026/06/24 5:17 p.m.•8 views

CVE-2026-53114

In the Linux kernel, the following vulnerability has been resolved: perf/amd/ibs: Avoid calling perfallowkernel from the IBS NMI handler Calling perfallowkernel from the NMI context is unsafe and could be fatal. Capture the permission at event-initialization time by storing it in event-hw.flags,...

0.00154EPSS
Exploits0References3
NVD
NVD
•added 2026/06/24 5:17 p.m.•10 views

CVE-2026-53107

In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: don't kill URBs in interrupt context Serialization for the TX path was enforced by calling usbkillurb/usbkillanchoredurbs, to prevent transmission before a previous URB was completed. usbtxblock can be called from...

0.00155EPSS
Exploits0References3
NVD
NVD
•added 2026/06/24 5:17 p.m.•11 views

CVE-2026-53103

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: fix potential deadlock in mt7925rocabortsync rocabortsync can deadlock with rocwork. rocwork holds dev-mt76.mutex, while cancelworksync waits for rocwork to finish. If the caller already owns the same mutex,...

0.00166EPSS
Exploits0References3
NVD
NVD
•added 2026/06/24 5:17 p.m.•9 views

CVE-2026-53105

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: prevent NULL vif dereference in mt7925macwritetxwi Check for a NULL vif before accessing ieee80211vifismldvif to avoid a potential kernel panic in scenarios where vif might not be initialized...

0.00168EPSS
Exploits0References4
Total number of security vulnerabilities363836