Lucene search
+L

4883 matches found

nuclei
nuclei
added 13 hours ago16 views

MagicMirror <= 2.35.0 - Server-Side Request Forgery

An unauthenticated Server-Side Request Forgery SSRF vulnerability in the /cors endpoint allows any remote attacker to force the MagicMirror² server to perform arbitrary HTTP requests to internal networks, cloud metadata services, and localhost services. The endpoint also expands environment...

9.2CVSS6.2AI score0.01623EPSS
Exploits1References4
nuclei
nuclei
added 13 hours ago133 views

Vendure - Arbitrary File Read

Vendure is an open-source headless commerce platform. Prior to versions 3.0.5 and 2.3.3, a vulnerability in Vendure's asset server plugin allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of arbitrary files, including sensitive data...

9.1CVSS7.1AI score0.59798EPSS
Exploits1References5
nuclei
nuclei
added 13 hours ago302 views

OwnCloud - Phpinfo Configuration

An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment phpinfo. This information...

10CVSS7.1AI score0.78428EPSS
Exploits5References6
redhatcve
redhatcve
added 14 hours ago5 views

CVE-2026-14380

A flaw was found in the DBI component for Perl. This vulnerability allows an attacker to inject and execute arbitrary code by manipulating the Profile attribute of a DBI handle. When a string is assigned to this attribute, the component processes it without proper validation, enabling the executi...

8.8CVSS6.5AI score0.00498EPSS
Exploits0References6
nvd
nvd
added yesterday4 views

CVE-2026-15809

A flaw was found in CRI-O. The fix for a previous vulnerability CVE-2022-4318 was incorrect, allowing it to be bypassed. An attacker capable of setting environment variables on a container can inject a newline character into the HOME environment variable. This issue allows the addition of arbitra...

7.8CVSS
Exploits0References4
redhatcve
redhatcve
added yesterday9 views

CVE-2026-15809

A flaw was found in CRI-O. The fix for a previous vulnerability CVE-2022-4318 was incorrect, allowing it to be bypassed. An attacker capable of setting environment variables on a container can inject a newline character into the HOME environment variable. This issue allows the addition of arbitra...

7.8CVSS6.1AI score
Exploits0References5
ossf
ossf
added 2 days ago8 views

Malicious code in motion-pull (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4e50d15810c044b3b0355460fdeacea42d89944d351e74bcce9fd976f91915ea [email protected] impersonates the pino logger exports module.exports.pino = middleware, uses logger-themed keywords, ships a ./pino require target...

6.5AI score
Exploits0References2
nvd
nvd
added 3 days ago7 views

CVE-2026-62199

OpenClaw versions before 2026.6.6 contain a flaw in host exec environment filtering that can miss interpreter startup variables. When the affected feature is enabled and reachable, a lower-trust caller or configured input path can supply crafted environment variables to execute or persist actions...

8.8CVSS0.00295EPSS
Exploits0References2
ossf
ossf
added 3 days ago8 views

Malicious code in n8n-nodes-rce-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c735b8bb20a784446d7a0a4c49369ca3f2696bfe2e8a004799c763fc0a064aca On require by n8n module-load, top-level code in dist/RceNode.node.js, the package runs a shell command via execSync'/bin/sh',.... The command is tak...

6.2AI score
Exploits0References2
osv
osv
added 3 days ago5 views

MAL-2026-10503 Malicious code in n8n-nodes-rce-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c735b8bb20a784446d7a0a4c49369ca3f2696bfe2e8a004799c763fc0a064aca On require by n8n module-load, top-level code in dist/RceNode.node.js, the package runs a shell command via execSync'/bin/sh',.... The command is tak...

6.2AI score
Exploits0References2
cve
cve
added 3 days ago24 views

CVE-2026-62199

Summary (based on provided documents): OpenClaw versions prior to 2026.6.6 contain a flaw in host execution environment filtering that can miss interpreter startup variables. When the affected feature is enabled and reachable, a lower-trust caller or configured input path may supply crafted envir...

8.8CVSS6.2AI score0.00295EPSS
Exploits0References2Affected Software1
osv
osv
added 3 days ago2 views

CVE-2026-62199 OpenClaw < 2026.6.6 Authentication Bypass via Environment Filtering

OpenClaw versions before 2026.6.6 contain a flaw in host exec environment filtering that can miss interpreter startup variables. When the affected feature is enabled and reachable, a lower-trust caller or configured input path can supply crafted environment variables to execute or persist actions...

8.7CVSS6.2AI score0.00295EPSS
Exploits0References5
pypa
pypa
added 3 days ago6 views

PraisonAI: Coarse-Grained Tool Approval Cache Bypasses Per-Invocation Consent for Shell Commands

SummaryThe approval system in PraisonAI Agents caches tool approval decisions by tool name only, not by invocation arguments. Once a user approves executecommand for any command e.g., ls -la, all subsequent executecommand calls in that execution context bypass the approval prompt entirely. Combin...

6.8CVSS6.3AI score0.00116EPSS
Exploits0References7Affected Software1
osv
osv
added 3 days ago3 views

PYSEC-2026-2946 PraisonAI: Coarse-Grained Tool Approval Cache Bypasses Per-Invocation Consent for Shell Commands

Summary The approval system in PraisonAI Agents caches tool approval decisions by tool name only, not by invocation arguments. Once a user approves executecommand for any command e.g., ls -la, all subsequent executecommand calls in that execution context bypass the approval prompt entirely...

5.5CVSS6.3AI score0.00116EPSS
Exploits0References7
rocky
rocky
added 3 days ago4 views

container-tools:rhel8 security update

An update is available for module.netavark, module.runc, slirp4netns, module.libslirp, criu, module.udica, module.oci-seccomp-bpf-hook, udica, toolbox, netavark, container-selinux, module.python-podman, module.crun, python-podman, module.containers-common, module.conmon, oci-seccomp-bpf-hook,...

7.5CVSS6.5AI score0.00813EPSS
Exploits0
redhat
redhat
added 3 days ago5 views

podman: Podman: Information disclosure via malicious container image environment variables

A flaw was found in Podman, a tool for managing OCI containers and pods. A malicious container image can be crafted with an environment variable that has a key but no value, or an asterisk , to trick Podman. This vulnerability causes Podman to pass host environment variables into the container...

7.5CVSS6AI score0.0026EPSS
Exploits0References6
ossf
ossf
added 3 days ago6 views

Malicious code in kuaishou (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd1d5daf09cc7bfff164e60bf5abd0a1b374b5bb616f0a78cac8f6c6ea613608 The package's prepare lifecycle script, which runs automatically on npm install, collects host, user, and platform identifiers along with the full...

6.1AI score
Exploits0References4
nessus
nessus
added 3 days ago7 views

RHEL 8 : container-tools:rhel8 (RHSA-2026:38504)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:38504 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: net:...

7.5CVSS6.5AI score0.00813EPSS
Exploits0References8
ossf
ossf
added 4 days ago11 views

Malicious code in fast-dotenv (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da3250a4b69ccce49128d2e75ffb9e577746de4fb3afe0e0d242fbe5d094d02d The package presents itself as a.env loader but on load/config spawns a background thread that, after a 72–96 hour activation delay jittered by...

6.2AI score
Exploits0References6
ossf
ossf
added 4 days ago15 views

Malicious code in polymarket-kelly-math-stake (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f2cf5ba9cd75b1a773e3a04e6eb45778894e04fd1d55b2e8ad03ae97deb41d16 [email protected] runs a postinstall script scripts/install-check.cjs that fetches a JSON config from...

6.3AI score
Exploits0References2
Rows per page
Query Builder