Lucene search
K

580 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/24 12:0 a.m.13 views

Oracle GoldenGate for Big Data 19.1.x < 19.1.0.0.23 (April 2026 CPU)

According to its self-reported version number, the Oracle GoldenGate for Big Data application located on the remote host is affected by a vulnerability: - Vulnerability in the Oracle GoldenGate Big Data and Application Adapters product of Oracle GoldenGate component: Third Party Apache Avro...

7.3CVSS7.3AI score0.00602EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/24 12:0 a.m.10 views

Oracle GoldenGate for Big Data Multiple Vulnerabilities 23.x < 23.26.2.0.0 (April 2026 CPU)

According to its self-reported version number, the Oracle GoldenGate for Big Data application located on the remote host is affected by multiple vulnerabilities: - Vulnerability in the Oracle GoldenGate Big Data and Application Adapters product of Oracle GoldenGate component: Third Party Google...

8.7CVSS5.9AI score0.02772EPSS
Exploits2References7
CVE
CVE
added 2026/04/21 9:0 p.m.140 views

CVE-2026-40933

Flowise: Authenticated RCE via MCP adapters. Prior to 3.1.0, unsafe serialization of stdio commands in the MCP adapter allows an authenticated attacker to add an MCP stdio server and run arbitrary OS commands, due to a bug in input sanitization in the Custom MCP configuration (http://localhost:30...

9.9CVSS6.6AI score0.01987EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/21 9:0 p.m.5 views

CVE-2026-40933 Flowise: Authenticated RCE Via MCP Adapters

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, due to unsafe serialization of stdio commands in the MCP adapter, an authenticated attacker can add an MCP stdio server with an arbitrary command, achieving command execution. The vulnerabilit...

9.9CVSS6.6AI score0.01987EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/20 5:5 a.m.6 views

Security Bulletin: Security vulnerability has been found in IBM Security Verify Directory (Container) used by IBM Security Verify Governance Identity Manager Adapters

Summary IBM Security Verify Governance Identity Manager Adapters uses IBM Security Verify Directory Container. Information about security vulnerability affecting IBM Security Verify Directory Container has been published in security bulletin. Vulnerability Details Refer to the security bulletins...

7.2CVSS5.6AI score0.0034EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/18 1:0 a.m.13 views

Nhost Vulnerable to Account Takeover via OAuth Email Verification Bypass

Summary Nhost automatically links an incoming OAuth identity to an existing Nhost account when the email addresses match. This is only safe when the email has been verified by the OAuth provider. Nhost's controller trusts a profile.EmailVerified boolean that is set by each provider adapter. The...

9.8CVSS5.7AI score0.00809EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/18 12:0 a.m.14 views

PT-2026-37128

Name of the Vulnerable Software and Affected Versions Nhost versions prior to 0.49.1 Description Nhost automatically links incoming OAuth identities to existing accounts when email addresses match, provided the email is marked as verified. Several provider adapters fail to correctly populate the...

9.8CVSS5.9AI score0.00809EPSS
Exploits1References9
vulnersOsv
vulnersOsv
added 2026/04/16 10:45 p.m.10 views

@paperclipai/adapter-claude-local (>=2026.3.17-canary.0 <=2026.411.0-canary.8), @paperclipai/adapter-codex-local (>=2026.3.17-canary.0 <=2026.411.0-canary.8) +12 more potentially affected by unknown CVE via @paperclipai/adapter-utils (>=2026.318.0-canary.0 <=2026.416.0-canary.1)

@paperclipai/adapter-utils NPM version =2026.318.0-canary.0, =2026.3.17-canary.0, =2026.3.17-canary.0, =2026.3.17-canary.0, =2026.3.17-canary.0, =2026.3.17-canary.0, =2026.3.17-canary.0, =2026.3.17-canary.0, =2026.3.17-canary.2, =2026.324.0-canary.0, =5.0.0, =2026.3.17-canary.3, =0.6.5, =0.6.6...

5.5AI score
Exploits0
OSV
OSV
added 2026/04/16 9:18 p.m.6 views

GHSA-C9GW-HVQQ-F33R Flowise: Authenticated RCE Via MCP Adapters

Summary Due to unsafe serialization of stdio commands in the MCP adapter, an authenticated attacker can add an MCP stdio server with an arbitrary command, achieving command execution. Details The vulnerability lies in a bug in the input sanitization from the “Custom MCP” configuration in...

9.9CVSS6.5AI score0.01987EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.8 views

PT-2026-33361

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.0 Description An issue exists in the MCP adapter due to unsafe serialization of stdio commands, allowing an authenticated attacker to achieve command execution on the underlying operating system. The flaw is locat...

9.9CVSS6.2AI score0.01987EPSS
Exploits1References29
vulnersOsv
vulnersOsv
added 2026/04/08 10:12 p.m.10 views

@frontmcp/adapters (>=1.0.0 <=1.0.3), @frontmcp/plugin-approval (>=1.0.0 <=1.0.3) +7 more potentially affected by CVE-2026-39885 via @frontmcp/sdk (>=1.0.0-beta.1 <=1.0.3)

@frontmcp/sdk NPM version =1.0.0-beta.1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.0.1, =1.0.0, =1.0.0, =0.0.1, =1.0.3 Source cves: CVE-2026-39885 Source advisory: SNYK:JS-FRONTMCPSDK-16423474...

7.5CVSS5.8AI score0.00319EPSS
Exploits1
Snyk
Snyk
added 2026/04/08 10:12 p.m.5 views

Server-side Request Forgery (SSRF)

Overview @frontmcp/adapters is an Adapters for the FrontMCP framework Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the initialize process. An attacker can access internal network resources or sensitive local files by submitting a crafted OpenAPI...

8.7CVSS5.8AI score0.00319EPSS
Exploits1References2
OSV
OSV
added 2026/04/08 2:51 p.m.8 views

BIT-PARSE-2026-35200 Parse Server has a file upload Content-Type override via extension mismatch

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.73 and 9.7.1, a file can be uploaded with a filename extension that passes the file extension allowlist e.g., .txt but with a Content-Type header that differs from the extension...

5.4CVSS5.7AI score0.00162EPSS
Exploits0References4
Veracode
Veracode
added 2026/04/08 9:42 a.m.9 views

Content-Type Override

Parse Server is vulnerable to Content-Type Override. The vulnerability is due to missing consistency validation between the file extension and the provided Content-Type header, where the Content-Type is passed unchanged to storage adapters that serve files based on this header, allowing an attack...

5.4CVSS5.9AI score0.00162EPSS
Exploits0References4Affected Software1
vulnersOsv
vulnersOsv
added 2026/04/08 12:14 a.m.6 views

parse-server-otp-auth-adapter (>=1.0.0 <=1.0.1), parse-server-siwe-auth-adapter (>=1.0.0 <=1.0.1) potentially affected by CVE-2026-39381 via parse-server (=7.5.4)

parse-server NPM version =7.5.4 is affected by a known vulnerability. The following packages have a transitive dependency on parse-server and may be impacted: - parse-server-otp-auth-adapter =1.0.0, =1.0.0, =1.0.1 Source cves: CVE-2026-39381 Source advisory: SNYK:JS-PARSESERVER-15928862...

5.3CVSS5.8AI score0.00193EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/07 11:1 p.m.4 views

CVE-2026-35200

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.73 and 9.7.1-alpha.4, a file can be uploaded with a filename extension that passes the file extension allowlist e.g., .txt but with a Content-Type header that differs from the...

5.4CVSS5.9AI score0.00162EPSS
Exploits0References1
NVD
NVD
added 2026/04/06 8:16 p.m.6 views

CVE-2026-35200

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.73 and 9.7.1-alpha.4, a file can be uploaded with a filename extension that passes the file extension allowlist e.g., .txt but with a Content-Type header that differs from the...

5.4CVSS0.00162EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/06 7:47 p.m.16 views

CVE-2026-35200 Parse Server has a file upload Content-Type override via extension mismatch

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.73 and 9.7.1-alpha.4, a file can be uploaded with a filename extension that passes the file extension allowlist e.g., .txt but with a Content-Type header that differs from the...

2.1CVSS0.00162EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/06 7:47 p.m.9 views

CVE-2026-35200

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.73 and 9.7.1-alpha.4, a file can be uploaded with a filename extension that passes the file extension allowlist e.g., .txt but with a Content-Type header that differs from the...

2.1CVSS5.9AI score0.00162EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.8 views

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that supports Node.js. There were security vulnerabilities in versions of Parse Server prior to 8.6.73 and 9.7.1-alpha.4. These vulnerabilities stemmed from a lack of consistency...

5.4CVSS5.8AI score0.00162EPSS
Exploits0References4
Rows per page
Query Builder