Lucene search
K

2859798 matches found

Packet Storm News
Packet Storm News
added 2026/09/10 12:0 a.m.220 views

IServ Schoolserver User Enumeration

IServ Schoolserver suffers from a user enumeration vulnerability. The vendor does not feel this is an issue...

5.8AI score
Exploits0
Cvelist
Cvelist
added 39 minutes ago4 views

CVE-2026-15921 nvm path traversal via a malicious mirror's LTS codename writes outside the alias directory

Node Version Manager nvm is a POSIX-compliant shell function for managing multiple node.js versions. In versions 0.32.1 through 0.40.5, nvm ls-remote and other commands that refresh remote LTS aliases, such as nvm install --lts parse the node.js mirror's index.tab and use each release's LTS...

3.1CVSS
Exploits0References2
CVE
CVE
added 59 minutes ago3 views

CVE-2026-62361

listmonk is a standalone, self-hosted, newsletter and mailing list manager. Prior to 6.2.0, listmonk’s GET /api/subscribers/export endpoint injects the user-controlled query parameter into QuerySubscribersForExport in internal/core/subscribers.go without calling validateQueryTables, unlike GET...

5.5CVSS6.2AI score
Exploits0References3
NVD
NVD
added 1 hour ago3 views

CVE-2026-45738

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to 3.2.12, 3.3.10, and 3.4.2, Argo CD users with application write access can set link.argocd.argoproj.io/ annotations whose pipe-separated values are rendered by...

7.3CVSS0.00037EPSS
Exploits0References7
CVE
CVE
added 1 hour ago3 views

CVE-2026-52887

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to 2.0.61, NocoBase @nocobase/plugin-notification-in-app-message exposed GET /api/myInAppChannels:list, where the filterlatestMsgReceiveTimestamp$lt value was inserted into a...

10CVSS6.2AI score0.00048EPSS
Exploits0References3
CVE
CVE
added 2 hours ago13 views

CVE-2026-45738

CVE-2026-45738 : Argo CD contains a Stored XSS in link.argocd.argoproj.io/* annotations that can be rendered as anchor href values in the Summary tab, enabling javascript: execution for a higher-privileged user in the origin session when there is application write access. This is fixed in Argo CD...

7.3CVSS6.2AI score0.00037EPSS
Exploits0References7
CVE
CVE
added 2 hours ago7 views

CVE-2026-45320

DataEase (open source data visualization/analysis tool) is affected by an SQL injection in dashboard variables. Prior to version 2.10.23, dashboard SQL variables (e.g., ${deptId}) are processed by SqlparserUtils.transFilter(), whose final branch returns raw user input for non-in and non-between o...

8.7CVSS6.1AI score0.00062EPSS
Exploits0References3
CVE
CVE
added 2 hours ago5 views

CVE-2026-45533

DataEase prior to 2.10.23 contains a path traversal vulnerability in the export-center bulk delete API. Maliciously crafted identifiers can be passed to ExportCenterManage.delete using sequences like ../, enabling recursive deletion of arbitrary server directories during export task cleanup. Impa...

8.3CVSS6.2AI score0.00024EPSS
Exploits0References3
CVE
CVE
added 2 hours ago23 views

CVE-2026-49445

Cilium CVE-2026-49445 : When L7 is enabled, embedded or standalone Envoy creates a world-accessible admin.sock on cluster nodes, enabling a local attacker to access Envoy admin endpoints, potentially expose TLS secrets, disrupt traffic, or terminate Envoy. Affected are Cilium releases prior to 1....

9.2CVSS6.1AI score0.00017EPSS
Exploits0References6
EUVD
EUVD
added 3 hours ago3 views

EUVD-2026-44762

Strands Agents is an open-source Python SDK for building and running AI agents. The strands-agents-tools package provides pre-built tools for use with the SDK, including the elasticsearchmemory tool for agent memory storage. We identified CVE-2026-15746, a server-side request forgery SSRF issue i...

6.9CVSS6.1AI score
Exploits0References3
EUVD
EUVD
added 3 hours ago3 views

EUVD-2026-44761

The Gravity Forms plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.10.4 via the 'gformuploadedfiles' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain...

7.5CVSS6.2AI score
Exploits0References2
EUVD
EUVD
added 3 hours ago3 views

EUVD-2026-44760

Dashy is a self-hostable personal dashboard. From 1.9.4 until 3.2.0, the Dashy RSS Widget in src/components/Widgets/RssFeed.vue does not sanitize RSS item link values before rendering feed item titles and Read More links as anchor href attributes, allowing an attacker-controlled feed to provide a...

5.9CVSS6.1AI score
Exploits0References2
NVD
NVD
added 3 hours ago4 views

CVE-2026-61643

FastGPT is a knowledge-based AI application platform. From 4.14.17 until 4.15.0-beta5, an authenticated FastGPT user can save a workflow node that points to another user's private HTTP toolset by using a crafted saved tool id such as http-/. The normal toolset routes deny access, but the workflow...

5.9CVSS
Exploits0References2
NVD
NVD
added 3 hours ago4 views

CVE-2026-56687

Dell ThinOS 10, versions prior to 260510.2100, contain an Obsolete Feature in UI vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access...

7.8CVSS
Exploits0References1
NVD
NVD
added 3 hours ago4 views

CVE-2026-53514

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, and in 1.6.14 and later when invitation IDs can be obtained outside the invited mailbox and requireEmailVerificationOnInvitation: true is not enabled, the organization plugin's acceptInvitation,...

7.7CVSS0.00016EPSS
Exploits0References4
NVD
NVD
added 3 hours ago4 views

CVE-2026-53513

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, the @better-auth/sso plugin's POST /sso/register and POST /sso/update-provider endpoints accept attacker-controlled oidcConfig.userInfoEndpoint, tokenEndpoint, and jwksEndpoint URLs when skipDiscovery: tru...

9.6CVSS0.00025EPSS
Exploits0References4
NVD
NVD
added 3 hours ago4 views

CVE-2026-20298

In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.3.2512.15, 10.2.2510.18, and 10.1.2507.24, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could view stored credential hashes...

5.3CVSS
Exploits0References1
EUVD
EUVD
added 4 hours ago3 views

EUVD-2026-44756

OpenWrt is a Linux operating system targeting embedded devices. Prior to 25.12.5, the cgi-download handler in cgi-io authorizes the requested path against the caller's ubus session file ACL before canonicalization, and rpcd session.c uses fnmatch without FNMPATHNAME, allowing traversal such as an...

4.9CVSS6.1AI score
Exploits0References4
EUVD
EUVD
added 4 hours ago2 views

EUVD-2026-44746

The Zephyr ADIN2111/ADIN1110 10BASE-T1S/T1L Ethernet driver drivers/ethernet/ethadin2111.c reassembles received Ethernet frames in OPEN Alliance OA SPI mode by copying device-supplied 64-byte data chunks into a fixed static buffer ctx-buf of size CONFIGETHADIN2111BUFFERSIZE default 1524 bytes. In...

8.3CVSS6.2AI score
Exploits0References3
EUVD
EUVD
added 4 hours ago3 views

EUVD-2026-44744

Dell ThinOS 10, versions prior to 260510.2100, contain an Obsolete Feature in UI vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access...

7.8CVSS6.1AI score
Exploits0References1
Rows per page
Query Builder