Lucene search
+L

617 matches found

vulnersOsv
vulnersOsv
added 2026/05/07 12:18 a.m.15 views

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +2921 more potentially affected by CVE-2026-42581 via io.netty:netty-codec-http (>=4.2.0.Alpha1 <=4.2.12.Final)

io.netty:netty-codec-http MAVEN version =4.2.0.Alpha1, =0.1.0, =0.1.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.2 and more Source cves: CVE-2026-42581 Source advisory: SNYK:JAVA-IONETTY-16438934...

9.8CVSS6.7AI score0.00607EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/05/07 12:13 a.m.16 views

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +2921 more potentially affected by CVE-2026-42580 via io.netty:netty-codec-http (>=4.2.0.Alpha1 <=4.2.12.Final)

io.netty:netty-codec-http MAVEN version =4.2.0.Alpha1, =0.1.0, =0.1.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.2 and more Source cves: CVE-2026-42580 Source advisory: SNYK:JAVA-IONETTY-16438926...

6.5CVSS6.7AI score0.00364EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/05/07 12:13 a.m.8 views

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +2921 more potentially affected by CVE-2026-42580 via io.netty:netty-codec-http (>=4.2.0.Alpha1 <=4.2.12.Final)

io.netty:netty-codec-http MAVEN version =4.2.0.Alpha1, =0.1.0, =0.1.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.2 and more Source cves: CVE-2026-42580 Source advisory: OSV:GHSA-M4CV-J2PX-7723...

6.5CVSS6.7AI score0.00364EPSS
Exploits1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.11 views

VMware Spring Cloud Config 路径遍历漏洞

VMware Spring Cloud Config is a configuration management solution for distributed systems developed by VMware, Inc. This product provides server and client support for external configurations in distributed systems. VMware Spring Cloud Config has a path traversal vulnerability, which stems from t...

9.1CVSS5.8AI score0.00727EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.13 views

PT-2026-36578

The Call for Price for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS6AI score0.00252EPSS
Exploits0References7
EUVD
EUVD
added 2026/04/21 11:58 p.m.7 views

EUVD-2026-24577

F´ F Prime is a framework that enables development and deployment of spaceflight and other embedded software applications. Prior to version 4.2.0, the bounds check byteOffset + dataSize fileSize uses U32 addition that wraps around on overflow. An attacker-crafted DataPacket with...

6.7AI score0.00428EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/21 11:58 p.m.33 views

CVE-2026-41144 F´ (F Prime) has Integer Overflow in FileUplink

F´ F Prime is a framework that enables development and deployment of spaceflight and other embedded software applications. Prior to version 4.2.0, the bounds check byteOffset + dataSize fileSize uses U32 addition that wraps around on overflow. An attacker-crafted DataPacket with...

0.00428EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/21 5:12 p.m.3 views

CVE-2026-40588 blueprintUE: Authenticated Password Change Does Not Verify Current Password

blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the password change form at /profile/slug/edit/ does not include a currentpassword field and does not verify the user's existing password before accepting a new one. Any attacker who obtains a valid authenticated session —...

8.1CVSS5.8AI score0.00215EPSS
Exploits0References1
CVE
CVE
added 2026/04/21 5:11 p.m.11 views

CVE-2026-40587

CVE-2026-40587 affects blueprintUE. Before 4.2.0, changing a password or completing a password reset does not invalidate existing sessions; server-side session store maps userID to sessions, and password updates modify only the users table, leaving active sessions usable. Result: an attacker with...

6.5CVSS5.8AI score0.00242EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/21 5:10 p.m.34 views

CVE-2026-40586 blueprintUE: Login Endpoint Has No Rate Limiting, Lockout, or Brute-Force Protection

blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the login form handler performs no throttling of any kind. Failed authentication attempts are processed at full network speed with no IP-based rate limiting, no per-account attempt counter, no temporary lockout, no progressiv...

7.5CVSS0.00301EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/21 5:9 p.m.4 views

CVE-2026-40585

blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, when a password reset is initiated, a 128-character CSPRNG token is generated and stored alongside a passwordresetat timestamp. However, the token redemption function findUserIDFromEmailAndToken queries only for a matching...

7.4CVSS5.8AI score0.00216EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/21 5:9 p.m.3 views

CVE-2026-40585 blueprintUE: Password Reset Tokens Have No Expiry Window

blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, when a password reset is initiated, a 128-character CSPRNG token is generated and stored alongside a passwordresetat timestamp. However, the token redemption function findUserIDFromEmailAndToken queries only for a matching...

7.4CVSS5.8AI score0.00216EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/04/07 4:14 p.m.4 views

admin-auth0 (>=0.1.1 <=0.1.5), aldryn-django (>=4.2.10.0 <=4.2.18.0) +126 more potentially affected by CVE-2026-4277 via django (>=4.2.0 <=4.2.3)

django PYPI version =4.2.0, =0.1.1, =4.2.10.0, =65.10.0, =7.5.1, =1.0.2, =0.0.1, =0.0.9, =1.3.9, =0.4.0, =0.0.1, =4.16.2, =4.8.0, =4.17.1 and more Source cves: CVE-2026-4277 Source advisory: SNYK:PYTHON-DJANGO-15923568...

9.8CVSS5.8AI score0.00458EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/07 4:13 p.m.3 views

admin-auth0 (>=0.1.1 <=0.1.5), aldryn-django (>=4.2.10.0 <=4.2.18.0) +126 more potentially affected by CVE-2026-4292 via django (>=4.2.0 <=4.2.3)

django PYPI version =4.2.0, =0.1.1, =4.2.10.0, =65.10.0, =7.5.1, =1.0.2, =0.0.1, =0.0.9, =1.3.9, =0.4.0, =0.0.1, =4.16.2, =4.8.0, =4.17.1 and more Source cves: CVE-2026-4292 Source advisory: SNYK:PYTHON-DJANGO-15923535...

2.7CVSS5.8AI score0.00294EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/07 3:30 p.m.2 views

admin-auth0 (>=0.1.1 <=0.1.5), aldryn-django (>=4.2.10.0 <=4.2.18.0) +126 more potentially affected by CVE-2026-3902 via django (>=4.2.0 <=4.2.3)

django PYPI version =4.2.0, =0.1.1, =4.2.10.0, =65.10.0, =7.5.1, =1.0.2, =0.0.1, =0.0.9, =1.3.9, =0.4.0, =0.0.1, =4.16.2, =4.8.0, =4.17.1 and more Source cves: CVE-2026-3902 Source advisory: OSV:GHSA-MVFQ-GGXM-9MC5...

7.5CVSS5.8AI score0.00436EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/07 3:30 p.m.2 views

admin-auth0 (>=0.1.1 <=0.1.5), aldryn-django (>=4.2.10.0 <=4.2.18.0) +126 more potentially affected by CVE-2026-33033 via django (>=4.2.0 <=4.2.3)

django PYPI version =4.2.0, =0.1.1, =4.2.10.0, =65.10.0, =7.5.1, =1.0.2, =0.0.1, =0.0.9, =1.3.9, =0.4.0, =0.0.1, =4.16.2, =4.8.0, =4.17.1 and more Source cves: CVE-2026-33033 Source advisory: OSV:GHSA-5MF9-H53Q-7MHQ...

6.5CVSS5.8AI score0.00879EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/04/07 3:17 p.m.7 views

admin-auth0 (>=0.1.1 <=0.1.5), aldryn-django (>=4.2.10.0 <=4.2.18.0) +126 more potentially affected by CVE-2026-4277 via django (>=4.2.0 <=4.2.3)

django PYPI version =4.2.0, =0.1.1, =4.2.10.0, =65.10.0, =7.5.1, =1.0.2, =0.0.1, =0.0.9, =1.3.9, =0.4.0, =0.0.1, =4.16.2, =4.8.0, =4.17.1 and more Source cves: CVE-2026-4277 Source advisory: OSV:PYSEC-2026-52...

9.8CVSS5.8AI score0.00458EPSS
Exploits0
Cvelist
Cvelist
added 2026/04/07 1:7 p.m.23 views

CVE-2026-35554 Apache Kafka Clients: Kafka Producer Message Corruption and Misrouting via Buffer Pool Race Condition

A race condition in the Apache Kafka Java producer client’s buffer pool management can cause messages to be silently delivered to incorrect topics. When a produce batch expires due to delivery.timeout.ms while a network request containing that batch is still in flight, the batch’s ByteBuffer is...

0.00328EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/04/06 3:17 p.m.134 views

Exploit for Incorrect Authorization in Pydio Cells

CVE-2023-32749 | Pydio Cells Unauthorised Role Assignment Exp...

8.8CVSS7.2AI score0.14197EPSS
Exploits6
Cvelist
Cvelist
added 2026/04/02 5:0 p.m.24 views

CVE-2026-5360 Free5GC aper type confusion

A vulnerability has been found in Free5GC 4.2.0. The affected element is an unknown function of the component aper. Such manipulation leads to type confusion. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is described as difficult. The...

6.3CVSS0.00427EPSS
Exploits0References8
Rows per page
Query Builder