Lucene search
K

257750 matches found

NVD
NVD
added 2 hours ago3 views

CVE-2026-45804

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, Diffusers' DiffusionPipeline.frompretrained flow can bypass the trustremotecode guard because download validates modelindex.json and custom pipeline code before later loading from a cached folder that can change, allowin...

7.5CVSS0.00048EPSS
Exploits0References5
CVE
CVE
added 2 hours ago5 views

CVE-2026-58659

Summary: CVE-2026-58659 affects PyTorch Lightning up to version 2.6.5. The vulnerability lies in the _load_state function, which can import and execute attacker-controlled module names from the checkpoint _instantiator hyperparameters, enabling remote code execution when LightningModule.load_from...

8.4CVSS6.6AI score
Exploits0References4
Cvelist
Cvelist
added 5 hours ago7 views

CVE-2026-60062 NGINX Agent Vulnerability

The NGINX Agent configdirs directive allows a low-privileged attacker to gain limited read and write access to files outside of the designated secure directory. The configdirs directive required for this issue can also be configured through NGINX Instance Manager. A successful exploit may allow a...

6.4CVSS
Exploits0References1
CVE
CVE
added 5 hours ago6 views

CVE-2026-60062

The CVE-2026-60062 affects the NGINX Agent via the config_dirs directive. A low-privileged, remotely authenticated attacker can gain limited read and write access to files outside the designated secure directory, potentially crossing a security boundary. The config_dirs requirement can also be co...

6.4CVSS5.8AI score
Exploits0References1
EUVD
EUVD
added 5 hours ago3 views

EUVD-2026-44678

FastGPT is a knowledge-based AI application platform. Prior to 4.15.0-beta5, FastGPT's shared SSRF guard validates only the initial request URL before handing the request to axios, and axios follows redirects by default. An authenticated workflow user can configure an HTTP request node to call an...

6.3CVSS6.1AI score
Exploits0References2
Circl
Circl
added 5 hours ago3 views

CVE-2026-53566

creationtimestamp| type| source ---|---|--- 2026-07-15 14:15:26+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mqovu3ew4h2c 2026-07-15 16:15:13+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/citrix-security-advisory-av26-702...

6.8CVSS6.1AI score
Exploits0References2
Circl
Circl
added 7 hours ago3 views

CVE-2026-56400

creationtimestamp| type| source ---|---|--- 2026-07-15 12:38:04+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqoqg5mume2p 2026-07-15 15:43:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqp2rmdoce2e...

9CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added 7 hours ago8 views

CVE-2026-58555

Permission bypass vulnerability in the card module. Impact: Successful exploitation of this vulnerability may affect availability...

6.6CVSS
Exploits0References2
Cvelist
Cvelist
added 7 hours ago5 views

CVE-2026-58550

Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

4CVSS
Exploits0References4
EUVD
EUVD
added 8 hours ago4 views

EUVD-2026-44644

PraisonAI Platform before 0.1.9 fails to properly authorize label and issue-label mutations, allowing workspace members to rename and recolor shared labels and add or remove labels on owner-created issues. Attackers with workspace member privileges can exploit PATCH and POST/DELETE endpoints to...

7.1CVSS6.1AI score
Exploits0References3
Cvelist
Cvelist
added 8 hours ago4 views

CVE-2026-60085 PraisonAI before 4.6.78 Unenforced Security Policy in Subprocess Sandbox

PraisonAI before 4.6.78 contains an unenforced security policy vulnerability in the default Subprocess Sandbox backend where blockedcommands, blockedpaths, blockedimports, allowsubprocess, and allowfilewrite restrictions are completely ignored. Attackers can execute arbitrary subprocess commands,...

8.7CVSS
Exploits0References2
OSV
OSV
added 8 hours ago6 views

ROOT-APP-MAVEN-CVE-2026-48043 CVE-2026-48043 in io.root.io.netty:netty-codec-http2 - Patched by Root

Root has patched CVE-2026-48043 in the io.root.io.netty:netty-codec-http2 package for Root:Maven. Multiple fixed versions available...

7.5CVSS5.9AI score0.00594EPSS
Exploits0
NVD
NVD
added 9 hours ago6 views

CVE-2026-58077

The Joomla extension 4Analytics is vulnerable to an unauthenticated stored XSS. A specially crafted unauthenticated request may result in website takeover under some circumstances...

8.7CVSS
Exploits0References1
Circl
Circl
added 11 hours ago5 views

CVE-2026-12281

creationtimestamp| type| source ---|---|--- 2026-07-15 08:23:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqoc76djrl22 2026-07-15 12:00:16+00:00| seen| https://bsky.app/profile/pulse-wp.com/post/3mqoockgock2y...

8.1CVSS6.1AI score
Exploits0References2
Circl
Circl
added 12 hours ago7 views

CVE-2026-57821

creationtimestamp| type| source ---|---|--- 2026-07-15 07:06:00+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mqo5ue577x22 2026-07-15 12:59:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqormusgsl2h...

8.1CVSS6.1AI score
Exploits0References2
OSV
OSV
added 13 hours ago5 views

ROOT-APP-MAVEN-CVE-2024-29857 CVE-2024-29857 in io.root.org.bouncycastle:bcprov-jdk18on - Patched by Root

Root has patched CVE-2024-29857 in the io.root.org.bouncycastle:bcprov-jdk18on package for Root:Maven. Multiple fixed versions available...

5.3CVSS6.7AI score0.011EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 13 hours ago4 views

CVE-2026-11580

The Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin before 2.4.17 does not perform a per-object capability check in its post-duplication AJAX action, allowing users with Contributor-level access or above to duplicate any post regardless of owner, post type, or status into a...

6.1AI score
Exploits0References1
OSV
OSV
added 13 hours ago4 views

ROOT-OS-DEBIAN-11-CVE-2025-14524 CVE-2025-14524 in rootio-curl - Patched by Root

Root has patched CVE-2025-14524 in the rootio-curl package for Root:Debian:11. Multiple fixed versions available...

5.3CVSS6AI score0.00611EPSS
Exploits1
OSV
OSV
added 13 hours ago4 views

ROOT-OS-DEBIAN-11-CVE-2023-46219 CVE-2023-46219 in rootio-curl - Patched by Root

Root has patched CVE-2023-46219 in the rootio-curl package for Root:Debian:11. Multiple fixed versions available...

5.3CVSS7.4AI score0.01133EPSS
Exploits1
OSV
OSV
added 14 hours ago14 views

ROOT-APP-NPM-CVE-2026-44488 CVE-2026-44488 in @rootio/axios - Patched by Root

Root has patched CVE-2026-44488 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

7.5CVSS5.4AI score0.0063EPSS
Exploits1
Rows per page
Query Builder