Lucene search
+L

255731 matches found

Cvelist
Cvelist
added 33 minutes ago2 views

CVE-2026-8481 Remote Code Execution via Code Validation Endpoint

IBM Langflow OSS 1.0.0 through 1.10.0 contain a critical remote code execution vulnerability in the code validation API endpoint. The POST /api/v1/validate/code endpoint accepts user-supplied Python code and executes it directly using Python's built-in exec function without sandboxing, input...

9.9CVSS
Exploits0References1
CVE
CVE
added 54 minutes ago21 views

CVE-2026-45162

Pimcore is an Open Source Data & Experience Management Platform. Prior to 11.5.17 LTS and 12.3.7, multiple Pimcore locations call PHP's unserialize on data from database columns and filesystem files without the allowedclasses restriction, including lib/Tool/Authentication.php, models/Site/Dao.php...

8CVSS6.3AI score0.00202EPSS
Exploits0References4
NVD
NVD
added 1 hour ago5 views

CVE-2026-9198

IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated attackers to chain /api/v1/autologin mints SUPERUSER tokens to any network caller with /api/v1/validate/code executes user code via exec to achieve full RCE on default Langflow deployments...

9.8CVSS
Exploits0References1
NVD
NVD
added 1 hour ago5 views

CVE-2026-9202

IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated attackers to create unlimited user accounts on any Langflow instance; when NEWUSERISACTIVE=true documented deployment option, newly created accounts are immediately active and can authenticate to reach RCE endpoints, bypassing the need...

9.8CVSS
Exploits0References1
Cvelist
Cvelist
added 2 hours ago6 views

CVE-2026-9198 Unauthenticated Remote Code Execution via Auto-Login Bypass and Code Validation

IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated attackers to chain /api/v1/autologin mints SUPERUSER tokens to any network caller with /api/v1/validate/code executes user code via exec to achieve full RCE on default Langflow deployments...

9.8CVSS
Exploits0References1
Cvelist
Cvelist
added 2 hours ago8 views

CVE-2026-9202 Unauthenticated User Registration Could Lead to Remote Code Execution

IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated attackers to create unlimited user accounts on any Langflow instance; when NEWUSERISACTIVE=true documented deployment option, newly created accounts are immediately active and can authenticate to reach RCE endpoints, bypassing the need...

9.8CVSS
Exploits0References1
CVE
CVE
added 2 hours ago13 views

CVE-2026-9202

CVE-2026-9202 affects IBM Langflow OSS versions 1.0.0–1.10.0. Unauthenticated attackers can create unlimited user accounts; if NEW_USER_IS_ACTIVE is true, new accounts are immediately active and can authenticate to reach RCE endpoints, bypassing AUTO_LOGIN. IBM CVSS v3.1 base score 9.8 (CRITICAL)...

9.8CVSS5.3AI score
Exploits0References1
CVE
CVE
added 2 hours ago11 views

CVE-2026-9762

CVE-2026-9762 affects IBM Db2 Client components: the IBM Data Server Driver for JDBC and SQLJ. A remote code execution (RCE) exists when the JDBC URL is under user control. Affected products/versions: Db2 client 11.5.0–11.5.9 and 12.1.0–12.1.4. Root cause identified as CWE-94 (Improper Code Gener...

7.8CVSS6.2AI score
Exploits0References1
NVD
NVD
added 2 hours ago5 views

CVE-2026-9586

An unauthenticated SQL injection vulnerability exists in Sangoma Switchvox SMB Edition 8.3 104997. The /pa endpoint processes XML content beginning with and directly concatenates the user-controlled PhoneIP value into PostgreSQL queries without sanitization or parameterization. An unauthenticated...

9.3CVSS
Exploits0References2
Vulnrichment
Vulnrichment
added 3 hours ago5 views

CVE-2026-9586 Unauthenticated SQL Injection Leading to Remote Code Execution in Switchvox SMB

An unauthenticated SQL injection vulnerability exists in Sangoma Switchvox SMB Edition 8.3 104997. The /pa endpoint processes XML content beginning with and directly concatenates the user-controlled PhoneIP value into PostgreSQL queries without sanitization or parameterization. An unauthenticated...

9.3CVSS6.7AI score
Exploits0References2
Cvelist
Cvelist
added 3 hours ago7 views

CVE-2026-9586 Unauthenticated SQL Injection Leading to Remote Code Execution in Switchvox SMB

An unauthenticated SQL injection vulnerability exists in Sangoma Switchvox SMB Edition 8.3 104997. The /pa endpoint processes XML content beginning with and directly concatenates the user-controlled PhoneIP value into PostgreSQL queries without sanitization or parameterization. An unauthenticated...

9.3CVSS
Exploits0References2
CVE
CVE
added 3 hours ago5 views

CVE-2026-9586

CVE-2026-9586 describes an unauthenticated SQL injection in Sangoma Switchvox SMB Edition 8.3. The vulnerable component is the /pa endpoint, which processes XML beginning with and directly concatenates the user-controlled PhoneIP value into PostgreSQL queries, enabling arbitrary SQL execution an...

9.3CVSS6.7AI score
Exploits0References2
NVD
NVD
added 4 hours ago6 views

CVE-2026-63093

Cursor for Windows version 3.2.16 contains a binary planting vulnerability that allows remote attackers to achieve arbitrary code execution by placing a malicious git.exe file in the repository root directory. When a developer clones and opens a crafted repository, Cursor automatically resolves a...

8.8CVSS
Exploits0References3
Cvelist
Cvelist
added 5 hours ago8 views

CVE-2026-63093 Cursor for Windows 3.2.16 RCE via Malicious git.exe in Workspace

Cursor for Windows version 3.2.16 contains a binary planting vulnerability that allows remote attackers to achieve arbitrary code execution by placing a malicious git.exe file in the repository root directory. When a developer clones and opens a crafted repository, Cursor automatically resolves a...

8.8CVSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 7 hours ago30 views

The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.

The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the lack of security measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

10CVSS7AI score0.00412EPSS
Exploits0References11Affected Software9
NVD
NVD
added 14 hours ago8 views

CVE-2026-13352

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 4.16.18 via the allowedmimetypes function. This is due to the unconditional...

8.8CVSS
Exploits0References8
Nuclei
Nuclei
added 14 hours ago14 views

Scramble Laravel - Remote Code Execution

Scramble for Laravel = 0.13.2 and = 0.13.2 and 0.13.22 contains a remote code execution caused by evaluation of user-controlled input in validation rules during documentation generation, letting remote attackers execute arbitrary PHP code, exploit requires publicly accessible documentation...

9.4CVSS6.7AI score0.0586EPSS
Exploits3References3
Nuclei
Nuclei
added 14 hours ago85 views

Shirne CMS 1.2.0 - Local File Inclusion

Shirne CMS 1.2.0 is vulnerable to local file inclusion which could cause arbitrary file read via /static/ueditor/php/controller.php. id: CVE-2022-37299 info: name: Shirne CMS 1.2.0 - Local File Inclusion author: pikpikcu severity: medium description: Shirne CMS 1.2.0 is vulnerable to local file...

6.5CVSS6.6AI score0.02998EPSS
Exploits1References5
Nuclei
Nuclei
added 14 hours ago163 views

Apache Struts2 S2-057 - Remote Code Execution

Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible remote code execution when alwaysSelectFullNamespace is true either by user or a plugin like Convention Plugin and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace...

9.3CVSS9.2AI score0.99993EPSS
Exploits41References5
Nuclei
Nuclei
added 14 hours ago35 views

Joomla! Harmis Messenger 1.2.2 - Local File Inclusion

Joomla! Harmis Messenger 1.2.2 is vulnerable to local file inclusion which could give an attacker read access to arbitrary files. id: CVE-2019-9922 info: name: Joomla! Harmis Messenger 1.2.2 - Local File Inclusion author: 0xAkoko severity: high description: Joomla! Harmis Messenger 1.2.2 is...

7.5CVSS6.5AI score0.1059EPSS
Exploits0References5
Rows per page
Query Builder