Lucene search
K

9292 matches found

Packet Storm News
Packet Storm News
added 2026/03/23 12:0 a.m.15 views

Auditing MCP Servers for Over-Privileged Tool Capabilities

The Model Context Protocol MCP has emerged as a standard for connecting Large Language Models LLMs to external tools and data. However, MCP servers often expose privileged capabilities, such as file system access, network requests, and command execution that can be exploited if not properly...

6AI score
Exploits0
GithubExploit
GithubExploit
added 2026/03/21 3:47 p.m.168 views

Exploit for CVE-2026-21994

CVE-2026-21994 Summary Oracle OKIT oci-designer-tool...

9.8CVSS5.8AI score0.00448EPSS
Exploits1
Snyk
Snyk
added 2026/03/20 8:46 p.m.3 views

Improper Cleanup on Thrown Exception

Overview Affected versions of this package are vulnerable to Improper Cleanup on Thrown Exception when cleaning up tmp files. Temporary storage can be exhausted during the scanning process by an attacker providing large or highly compressed artifacts, leading to the accumulation of temporary file...

6.9CVSS5.8AI score0.00408EPSS
Exploits0References2
OSV
OSV
added 2026/03/20 6:10 p.m.7 views

SUSE-SU-2026:0950-1 Security update for docker

This update for docker rebuilds it against the current go 1.25 security release...

5.8AI score
Exploits0References1
The Hacker News
The Hacker News
added 2026/03/20 5:47 p.m.6 views

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy, a popular open-source vulnerability scanner maintained by Aqua Security, was compromised a second time within the span of a month to deliver malware capable of stealing sensitive CI/CD secrets. The latest incident impacted GitHub Actions "aquasecurity/trivy-action" and...

6AI score
Exploits0
NVD
NVD
added 2026/03/20 9:16 a.m.8 views

CVE-2026-33075

FastGPT is an AI Agent building platform. In versions 4.14.8.3 and below, the fastgpt-preview-image.yml workflow is vulnerable to arbitrary code execution and secret exfiltration by any external contributor. It uses pullrequesttarget which runs with access to repository secrets but checks out cod...

9.4CVSS0.00297EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/20 8:37 a.m.6 views

CVE-2026-33075 FastGPT has Arbitrary Code Execution in GitHub Actions via pull_request_target in fastgpt-preview-image.yml

FastGPT is an AI Agent building platform. In versions 4.14.8.3 and below, the fastgpt-preview-image.yml workflow is vulnerable to arbitrary code execution and secret exfiltration by any external contributor. It uses pullrequesttarget which runs with access to repository secrets but checks out cod...

9.4CVSS6.4AI score0.00297EPSS
Exploits1References1
OSV
OSV
added 2026/03/20 8:37 a.m.8 views

CVE-2026-33075 FastGPT has Arbitrary Code Execution in GitHub Actions via pull_request_target in fastgpt-preview-image.yml

FastGPT is an AI Agent building platform. In versions 4.14.8.3 and below, the fastgpt-preview-image.yml workflow is vulnerable to arbitrary code execution and secret exfiltration by any external contributor. It uses pullrequesttarget which runs with access to repository secrets but checks out cod...

9.4CVSS6.4AI score0.00297EPSS
Exploits1References3
NVD
NVD
added 2026/03/20 6:16 a.m.27 views

CVE-2026-33037

WWBN AVideo is an open source video platform. In versions 25.0 and below, the official Docker deployment files docker-compose.yml, env.example ship with the admin password set to "password", which is automatically used to seed the admin account during installation, meaning any instance deployed...

8.1CVSS0.00672EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/20 5:25 a.m.4 views

EUVD-2026-13575

WWBN AVideo is an open source video platform. In versions 25.0 and below, the official Docker deployment files docker-compose.yml, env.example ship with the admin password set to "password", which is automatically used to seed the admin account during installation, meaning any instance deployed...

8.1CVSS6.3AI score0.00672EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/20 5:25 a.m.3 views

CVE-2026-33037

WWBN AVideo is an open source video platform. In versions 25.0 and below, the official Docker deployment files docker-compose.yml, env.example ship with the admin password set to "password", which is automatically used to seed the admin account during installation, meaning any instance deployed...

8.1CVSS6.3AI score0.00672EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/20 5:25 a.m.8 views

CVE-2026-33037 WWBN AVideo has predictable default admin credentials in official Docker deployment path

WWBN AVideo is an open source video platform. In versions 25.0 and below, the official Docker deployment files docker-compose.yml, env.example ship with the admin password set to "password", which is automatically used to seed the admin account during installation, meaning any instance deployed...

8.1CVSS6.5AI score0.00672EPSS
Exploits1References2
CVE
CVE
added 2026/03/20 5:25 a.m.22 views

CVE-2026-33037

The CVE concerns WWBN AVideo. In versions ≤25.0, the official Docker deployment files ship with the admin password set to “password,” which is used to seed the admin account during installation unless SYSTEM_ADMIN_PASSWORD is overridden. This creates immediate administrative takeover risk, with f...

8.1CVSS6.3AI score0.00672EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/03/20 5:25 a.m.21 views

CVE-2026-33037 WWBN AVideo has predictable default admin credentials in official Docker deployment path

WWBN AVideo is an open source video platform. In versions 25.0 and below, the official Docker deployment files docker-compose.yml, env.example ship with the admin password set to "password", which is automatically used to seed the admin account during installation, meaning any instance deployed...

8.1CVSS0.00672EPSS
Exploits1References2
OSV
OSV
added 2026/03/20 5:25 a.m.3 views

CVE-2026-33037 WWBN AVideo has predictable default admin credentials in official Docker deployment path

WWBN AVideo is an open source video platform. In versions 25.0 and below, the official Docker deployment files docker-compose.yml, env.example ship with the admin password set to "password", which is automatically used to seed the admin account during installation, meaning any instance deployed...

8.1CVSS6.3AI score0.00672EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.5 views

PT-2026-26590

FastGPT is an AI Agent building platform. In versions 4.14.8.3 and below, the fastgpt-preview-image.yml workflow is vulnerable to arbitrary code execution and secret exfiltration by any external contributor. It uses pull request target which runs with access to repository secrets but checks out...

9.4CVSS6.4AI score0.00297EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.7 views

PT-2026-26565

WWBN AVideo is an open source video platform. In versions 25.0 and below, the official Docker deployment files docker-compose.yml, env.example ship with the admin password set to "password", which is automatically used to seed the admin account during installation, meaning any instance deployed...

8.1CVSS6.5AI score0.00672EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.10 views

Stirling-PDF 安全漏洞

Stirling-PDF is a powerful, locally hosted web-based PDF manipulation tool developed by Stirling Tools and open source using Docker. Versions of Stirling-PDF prior to 2.5.2 contained a security vulnerability due to the lack of path checking in the/api/v1/convert/markdown/pdf endpoint, which could...

8.1CVSS5.8AI score0.00462EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.13 views

PT-2026-41141

Name of the Vulnerable Software and Affected Versions Portainer Community Edition versions 2.33.0 through 2.33.7 Portainer Community Edition versions 2.39.0 through 2.39.1 Portainer Community Edition versions prior to 2.41.0 Description Portainer supports deploying stacks from Git repositories...

9.9CVSS5.9AI score0.00416EPSS
Exploits2References13
NVD
NVD
added 2026/03/19 10:16 p.m.3 views

CVE-2026-32038

OpenClaw before 2026.2.24 contains a sandbox network isolation bypass vulnerability that allows trusted operators to join another container's network namespace. Attackers can configure the docker.network parameter with container: values to reach services in target container namespaces and bypass...

9.8CVSS0.00265EPSS
Exploits0References2
Rows per page
Query Builder