Lucene search
+L

84 matches found

OSV
OSV
added 2026/05/12 12:0 a.m.6 views

OPENSUSE-SU-2026:10763-1 regclient-0.11.4-1.1 on GA media

These are all security issues fixed in the regclient-0.11.4-1.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS5.8AI score0.00781EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/07 1:56 p.m.49 views

CVE-2026-41422 Daptin vulnerable to SQL injection via unvalidated goqu.L() calls in aggregate API

Daptin is a GraphQL/JSON-API headless CMS. Prior to version 0.11.4, the /aggregate/:typename endpoint accepted column and group query parameters that were passed verbatim to goqu.L — a raw SQL literal expression builder — without any validation. This bypassed all parameterization and allowed...

8.3CVSS0.00345EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/07 1:56 p.m.8 views

CVE-2026-41422

Daptin is a GraphQL/JSON-API headless CMS. Prior to version 0.11.4, the /aggregate/:typename endpoint accepted column and group query parameters that were passed verbatim to goqu.L — a raw SQL literal expression builder — without any validation. This bypassed all parameterization and allowed...

8.3CVSS5.9AI score0.00345EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/05/07 1:56 p.m.20 views

CVE-2026-41422

Daptin (CVE-2026-41422) exposes SQL injection in the /aggregate/:typename endpoint via unvalidated user input passed to goqu.L() in server/resource/resource_aggregate.go. Root cause: user-controlled column/group parameters were inserted directly into SQL without validation, bypassing parameteriza...

8.3CVSS5.9AI score0.00345EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/07 1:56 p.m.9 views

CVE-2026-41422 Daptin vulnerable to SQL injection via unvalidated goqu.L() calls in aggregate API

Daptin is a GraphQL/JSON-API headless CMS. Prior to version 0.11.4, the /aggregate/:typename endpoint accepted column and group query parameters that were passed verbatim to goqu.L — a raw SQL literal expression builder — without any validation. This bypassed all parameterization and allowed...

8.3CVSS5.9AI score0.00345EPSS
Exploits0References2
OSV
OSV
added 2026/05/07 1:56 p.m.3 views

CVE-2026-41422 Daptin vulnerable to SQL injection via unvalidated goqu.L() calls in aggregate API

Daptin is a GraphQL/JSON-API headless CMS. Prior to version 0.11.4, the /aggregate/:typename endpoint accepted column and group query parameters that were passed verbatim to goqu.L — a raw SQL literal expression builder — without any validation. This bypassed all parameterization and allowed...

8.3CVSS6.1AI score0.00345EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.1 views

openSUSE 16 Security Update : libssh (openSUSE-SU-2026:20647-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20647-1 advisory. - Update to version 0.11.4: - CVE-2026-0964: SCP Protocol Path Traversal in sshscppullrequest bsc1258049 - CVE-2026-0965: Possible Denial of...

8.2CVSS5.8AI score0.00582EPSS
Exploits0References21
OSV
OSV
added 2026/04/30 9:40 a.m.6 views

SUSE-SU-2026:21428-1 Security update for libssh

This update for libssh fixes the following issues: - Update to version 0.11.4: - CVE-2026-0964: SCP Protocol Path Traversal in sshscppullrequest bsc1258049 - CVE-2026-0965: Possible Denial of Service when parsing unexpected configuration files bsc1258045 - CVE-2026-0966: Buffer underflow in...

8.2CVSS6.3AI score0.00582EPSS
Exploits0References15
OPENSUSE Linux
OPENSUSE Linux
added 2026/04/30 12:0 a.m.4 views

Security update for libssh (moderate)

openSUSE security update: security update for libssh ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20647-1 Rating: moderate References: bsc1246974 bsc1249375 bsc1258045 bsc1258049 bsc1258054 bsc1258080 bsc1258081 Cross-References: CVE-2025-8114...

6.5CVSS5.8AI score0.00582EPSS
Exploits0References7
vulnersOsv
vulnersOsv
added 2026/04/10 7:39 p.m.13 views

1claw-crewai-tools (=0.1.0), aacp-crewai (=0.1.0) +1044 more potentially affected by unknown CVE via uv (>=0.10.0 <=0.11.4)

uv PYPI version =0.10.0, =1.10.30, =1.10.30, =0.31.5, =1.3.0, =1.6.0, =1.6.0, =1.2.2, =1.2.4, =0.6.0, =0.1.0, =0.2.0 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-UV-15969260...

5.7AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/10 7:39 p.m.5 views

1claw-crewai-tools (=0.1.0), aacp-crewai (=0.1.0) +1044 more potentially affected by unknown CVE via uv (>=0.10.0 <=0.11.4)

uv PYPI version =0.10.0, =1.10.30, =1.10.30, =0.31.5, =1.3.0, =1.6.0, =1.6.0, =1.2.2, =1.2.4, =0.6.0, =0.1.0, =0.2.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-PJJW-68HJ-V9MW...

5.7AI score
Exploits0
Snyk
Snyk
added 2026/03/26 8:33 p.m.2 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the VideoProxy process due to a missing ownership check. An attacker can gain unauthorized access to other users' video content by sending crafted requests that bypass access controls...

7.1CVSS6.4AI score0.00274EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/25 12:25 a.m.6 views

SUSE CVE-2026-30832

Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.4, an authenticated SSH user can force the server to make HTTP requests to internal/private IP addresses by running repo import with a crafted --lfs-endpoint URL. The initial batch request is...

9.1CVSS5.8AI score0.00328EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/23 7:18 p.m.4 views

CVE-2026-30886

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.11.4-alpha.2, an Insecure Direct Object Reference IDOR vulnerability in the video proxy endpoint GET /v1/videos/:taskid/content allows any authenticated user to access video...

6.5CVSS5.8AI score0.00274EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/03/23 7:18 p.m.45 views

CVE-2026-30886

The CVE-2026-30886 entry describes an Insecure Direct Object Reference (IDOR) in the video proxy endpoint GET /v1/videos/:task_id/content of the New API LLM gateway/AI asset manager. Before version 0.11.4-alpha.2, any authenticated user could access video content owned by others due to a missing ...

6.5CVSS5.8AI score0.00274EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/23 7:18 p.m.4 views

CVE-2026-30886 New API: IDOR in VideoProxy allows cross-user video content access via missing ownership check

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.11.4-alpha.2, an Insecure Direct Object Reference IDOR vulnerability in the video proxy endpoint GET /v1/videos/:taskid/content allows any authenticated user to access video...

6.5CVSS6.4AI score0.00274EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.13 views

New API 安全漏洞

The New API is an interface software developed by QuantumNous. Versions of the New API prior to 0.11.4-alpha.2 contained a security vulnerability. This vulnerability stemmed from insecure direct object references in the video proxy endpoints, which could allow access to other users’ video content...

6.5CVSS6.4AI score0.00274EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.8 views

PT-2026-27197

Name of the Vulnerable Software and Affected Versions New API versions prior to 0.11.4-alpha.2 Description The software features an Insecure Direct Object Reference IDOR in the video proxy endpoint. Any authenticated user can access video content belonging to other users by exploiting a missing...

6.5CVSS5.8AI score0.00274EPSS
Exploits1References8
OSV
OSV
added 2026/03/20 2:24 p.m.4 views

OESA-2026-1656 libssh security update

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...

7.5CVSS5.5AI score0.00631EPSS
Exploits0References2
OSV
OSV
added 2026/03/20 2:24 p.m.3 views

OESA-2026-1655 libssh security update

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...

7.5CVSS5.5AI score0.00631EPSS
Exploits0References2
Rows per page
Query Builder