Lucene search
K

304332 matches found

CVE
CVE
added 2 hours ago9 views

CVE-2025-71380

CVE-2025-71380 : The n8n Execute Command node is vulnerable to arbitrary command execution by authenticated users on the host running n8n. The issue allows user- or credential-compromised attackers to run commands that could exfiltrate data, disrupt services, or fully compromise the host. Concret...

8.8CVSS6.2AI score
Exploits0References2
CVE
CVE
added yesterday7 views

CVE-2026-58419

Technical details are not publicly available in the provided documents; monitor for updates.

5.9AI score
Exploits0References4
CVE
CVE
added yesterday6 views

CVE-2026-12481

The CVE-2026-12481 entry describes a vulnerability in keras-team/keras 3.14.0 where improper handling of deserialization in the Lambda layer can lead to arbitrary OS‑level code execution. The root cause is in _raise_for_lambda_deserialization(), which does not enforce the safe-mode guard when saf...

8.8CVSS7.7AI score
Exploits0References1
EUVD
EUVD
added yesterday6 views

EUVD-2026-41573

Relative path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally...

6.8CVSS5.8AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-56646

Exposure of sensitive information to an unauthorized actor in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...

6.5CVSS5.9AI score
Exploits0References2Affected Software1
EUVD
EUVD
added yesterday2 views

EUVD-2026-41633

Gitea versions before 1.25.5 allow draft release data or attachments to be accessed without the required write permission...

5.9AI score
Exploits0References4
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-27660

Gitea versions before 1.25.5 allow draft release data or attachments to be accessed without the required write permission...

5.9AI score
Exploits0References5
CVE
CVE
added yesterday7 views

CVE-2026-24451

CVE-2026-24451 (Gitea 1.26.2) : Fork synchronization remains allowed after the parent repository changes from public to private, exposing data to a fork that should no longer be authorized. Publicly available fixes are in Gitea v1.26.3 and v1.26.4 (see release notes and advisories). The connected...

7.2AI score
Exploits0References4
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-24451

Gitea 1.26.2 allows fork synchronization to continue after a parent repository changes from public to private, exposing data to a fork that should no longer be authorized...

5.9AI score
Exploits0References5Affected Software1
CVE
CVE
added yesterday6 views

CVE-2026-58379

The CVE-2026-58379 vulnerability affects GIMP 's Paint Shop Pro (PSP) file format parser. It is a heap buffer overflow caused by incorrect buffer size calculations when processing low bit-depth PSP images , which can lead to arbitrary code execution or DoS when a user opens a crafted image. The p...

7.3CVSS6.7AI score
Exploits0References4
RedhatCVE
RedhatCVE
added yesterday7 views

CVE-2026-56369

A vulnerability has been identified in ImageMagick, a software tool used to create, edit, and convert image files. This flaw allows a remote attacker to potentially decrypt and view images that were supposed to be securely encrypted by the software, leading to an unauthorized disclosure of...

6.3CVSS5.9AI score0.00229EPSS
Exploits0References5
EUVD
EUVD
added yesterday5 views

EUVD-2026-41556

A flaw was found in the ClientResource component of Keycloak's admin services when Fine-Grained Admin Permissions FGAP v2 is enabled. This issue allows a delegated administrator, who should only have limited control over specific clients, to attach or remove hidden client scopes that they are not...

5.4CVSS5.9AI score
Exploits0References2
RedhatCVE
RedhatCVE
added yesterday6 views

CVE-2026-14614

A flaw was found in the ClientResource component of Keycloak's admin services when Fine-Grained Admin Permissions FGAP v2 is enabled. This issue allows a delegated administrator, who should only have limited control over specific clients, to attach or remove hidden client scopes that they are not...

5.4CVSS5.9AI score
Exploits0References3
RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-55223

A flaw was found in c3p0, a JDBC Connection pooling library. This vulnerability allows a remote attacker to potentially execute arbitrary code by crafting a malicious data source object. When an application deserializes this object and automatically resolves its properties, it can trigger...

7.5CVSS6.3AI score0.00284EPSS
Exploits0References5
CVE
CVE
added yesterday8 views

CVE-2026-49813

Dell PowerProtect Data Domain is affected (versions 7.7.1.0–8.7, LTS2026 8.6.1.0–8.6.1.10, LTS2025 8.3.1.0–8.3.1.30, LTS2024 7.13.1.0–7.13.1.70) by an OS command injection vulnerability due to improper neutralization of special elements in commands. The issue can enable arbitrary command executio...

6.7CVSS6AI score
Exploits0References1
EUVD
EUVD
added yesterday8 views

EUVD-2026-41553

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command 'OS...

6.7CVSS6AI score
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-49814

CVE-2026-49814 affects Dell PowerProtect Data Domain, including versions 7.7.1.0–8.7 and several LTS releases (8.6.1.0–8.6.1.10, 8.3.1.0–8.3.1.30, 7.13.1.0–7.13.1.70). The vulnerability is an OS Command Injection due to improper neutralization of special elements, allowing a high-privilege, remot...

7.2CVSS6.1AI score
Exploits0References1
EUVD
EUVD
added yesterday5 views

EUVD-2026-41551

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Improper Neutralization of Special Elements used in an OS Command 'OS...

7.2CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-49815

Summary: Dell PowerProtect Data Domain (versions 7.7.1.0–8.7; LTS2026 8.6.1.0–8.6.1.10; LTS2025 8.3.1.0–8.3.1.30; LTS2024 7.13.1.0–7.13.1.70) contains an OS command injection vulnerability due to improper neutralization of special elements in OS commands. A high-privileged attacker with remote ac...

7.2CVSS6.2AI score
Exploits0References1
EUVD
EUVD
added yesterday4 views

EUVD-2026-41549

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special Elements used in an OS command 'OS...

7.2CVSS6.2AI score
Exploits0References1
Rows per page
Query Builder