Lucene search
+L

6904 matches found

Nuclei
Nuclei
added 17 hours ago7 views

9Router <= 0.4.36 - Unauthenticated RCE

9Router = 0.4.36 middleware only guards 8 explicitly listed routes, leaving /api/cli-tools/ and /api/mcp/ entirely unauthenticated. An attacker can POST to /api/cli-tools/cowork-settings to register a custom MCP plugin with attacker-controlled command and args stored verbatim into globalThis, the...

10CVSS5.8AI score0.04572EPSS
Exploits0References2
EUVD
EUVD
added yesterday7 views

EUVD-2026-45395

Stoat for Android exports the chat.stoat.activities.ShareTargetActivity component reachable to any process on the device via the android.intent.action.SEND intent and accepts the file to share as a URI supplied through the android.intent.extra.STREAM extra. The activity does not validate or filte...

6.8CVSS5.4AI score
Exploits0References3
EUVD
EUVD
added yesterday8 views

EUVD-2026-45390

A vulnerability has been found in princezuda SafestClaw up to 4.2.4. This vulnerability affects the function ShellAction.validatecommand of the file src/safestclaw/actions/shell.py of the component Built-in Web Interface. Such manipulation leads to incomplete blacklist. An attack has to be...

5.3CVSS5AI score
Exploits0References6
NVD
NVD
added 2 days ago9 views

CVE-2026-50273

Datadog .NET Tracer is a client library for Datadog APM for .NET applications. Prior to 3.43.0, Datadog tracing libraries that implement W3C baggage propagation parse incoming baggage HTTP headers without enforcing DDTRACEBAGGAGEMAXITEMS or DDTRACEBAGGAGEMAXBYTES on extraction, allowing a remote...

7.5CVSS0.00793EPSS
Exploits0References4
NVD
NVD
added 2 days ago10 views

CVE-2026-59695

Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet in a single request by naming an arbitrarily high gas price. When the mpp Elixir library is configured as fee payer feepayer: true,...

8.3CVSS0.00301EPSS
Exploits0References4
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-45159

Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to inflate the fee-payer's gas cost per payment by a large multiplier, degrading the sponsor's operating margin. When the mpp Elixir library is configured as fee payer feepayer: true,...

8.3CVSS5.5AI score0.00301EPSS
Exploits0References4
Cvelist
Cvelist
added 2 days ago38 views

CVE-2026-59694 Unbounded access list in mpp Tempo fee-payer inflates gas cost per payment

Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to inflate the fee-payer's gas cost per payment by a large multiplier, degrading the sponsor's operating margin. When the mpp Elixir library is configured as fee payer feepayer: true,...

8.3CVSS0.00301EPSS
Exploits0References4
CVE
CVE
added 2 days ago15 views

CVE-2026-59694

CVE-2026-59694 affects ZenHive mpp (Elixir library) when configured as the fee payer. The issue occurs in MPP.Tempo.Transaction.cosign_fee_payer/3, which re-signs client-supplied base fields of the 0x76 AASigned envelope verbatim, including the EIP-2930 access list, without validating length or c...

8.3CVSS5.6AI score0.00301EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2 days ago8 views

CVE-2026-59694 Unbounded access list in mpp Tempo fee-payer inflates gas cost per payment

Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to inflate the fee-payer's gas cost per payment by a large multiplier, degrading the sponsor's operating margin. When the mpp Elixir library is configured as fee payer feepayer: true,...

8.3CVSS5.5AI score0.00301EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2 days ago8 views

CVE-2026-59695

Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet in a single request by naming an arbitrarily high gas price. When the mpp Elixir library is configured as fee payer feepayer: true,...

8.3CVSS5.5AI score0.00301EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2 days ago7 views

CVE-2026-59695 Unbounded max_fee_per_gas in mpp Tempo fee-payer enables single-request wallet drain

Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet in a single request by naming an arbitrarily high gas price. When the mpp Elixir library is configured as fee payer feepayer: true,...

8.3CVSS5.5AI score0.00301EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2 days ago6 views

CVE-2026-9810

The AI Copilot WordPress plugin before 1.5.4 does not bind OAuth access tokens to a WordPress user, and accepts any valid token as an administrator session, allowing unauthenticated attackers who complete the public OAuth flow to execute privileged MCP tools as an administrator, including arbitra...

9.8CVSS5.6AI score0.00277EPSS
Exploits0References1
CVE
CVE
added 2 days ago9 views

CVE-2026-62208

CVE-2026-62208 affects prior to 2026.6.5. When MCP SSE redirects are used with the affected feature enabled, Authorization headers could be forwarded, allowing a lower-trust caller or configured input path to execute or persist actions beyond the caller’s intended authorization. Impact depends o...

6.5CVSS6.2AI score0.00258EPSS
Exploits0References2
OSV
OSV
added 3 days ago4 views

CVE-2026-63086 text-generation-inference 3.3.7 SSRF via fetch_image in multimodal chat completions

text-generation-inference through 3.3.7 contains a server-side request forgery SSRF vulnerability in the OpenAI-compatible multimodal chat completions endpoint that allows unauthenticated network attackers to coerce the server into issuing arbitrary HTTP GET requests by supplying a crafted imageu...

6.9CVSS6.2AI score0.00323EPSS
Exploits0References5
CVE
CVE
added 3 days ago12 views

CVE-2026-15099

The CVE-2026-15099 instance concerns the Delicious Recipes WordPress plugin (

6.4CVSS6.2AI score0.00193EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 3 days ago6 views

CVE-2026-23538

A vulnerability was identified in the Feast Feature Server's /ws/chat endpoint that allows remote attackers to establish persistent WebSocket connections without any authentication. By opening a large number of simultaneous connections, an attacker can exhaust server resources—such as memory, CPU...

7.5CVSS6.1AI score0.00748EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 4 days ago12 views

websocket-driver: Message corruption via abuse of protocol length headers

Impact The frame format in draft versions of the WebSocket protocol includes a length header that allows an arbitrarily large integer to be encoded as a sequence of bytes with the high bit set. By sending an indefinite sequence of bytes with values 0x80 or above, a client can make the server pars...

9.2CVSS6AI score0.00445EPSS
Exploits0References3Affected Software1
CVE
CVE
added 4 days ago19 views

CVE-2026-14960

CVE-2026-14960 concerns Pegatron tdeio64.sys exposing privileged hardware access via the .TdeIo device interface. Connected docs describe IOCTLs (TDE_IOCTL_INDEXIO_READ/WRITE) that allow unprivileged local users to perform arbitrary hardware I/O port operations without proper authorization, and,...

9.8CVSS6.2AI score0.00391EPSS
Exploits1References1
Cvelist
Cvelist
added 4 days ago36 views

CVE-2026-61646 FastGPT: Shared axios SSRF guard validates only the initial URL before following redirects

FastGPT is a knowledge-based AI application platform. Prior to 4.15.0-beta5, FastGPT's shared SSRF guard validates only the initial request URL before handing the request to axios, and axios follows redirects by default. An authenticated workflow user can configure an HTTP request node to call an...

6.3CVSS0.00248EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago11 views

EUVD-2026-44589

Untrusted Pointer Dereference in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager allows a local administrator to perform arbitrary physical memory read and write operations via crafted IOCTL requests to the driver, bypassing OS-enforced memory protection...

8.4CVSS6.2AI score0.00118EPSS
Exploits0References1
Rows per page
Query Builder