Lucene search
+L

1656 matches found

CVE
CVE
added 2 days ago16 views

CVE-2026-15091

CVE-2026-15091 affects IBM Engineering AI Hub versions 1.0.0, 1.1.0, and 1.2.0, where improper neutralization of input during web page generation could allow a remote attacker to execute arbitrary scripts. The connected IBM security bulletin confirms the issue and states a fix in version 1.3.0. I...

9.3CVSS5.3AI score0.00568EPSS
Exploits0References1
CVE
CVE
added 2 days ago11 views

CVE-2026-15093

CVE-2026-15093 affects IBM Engineering AI Hub versions 1.0.0, 1.1.0 and 1.2.0. Affected component: handling/validation of user-supplied URLs, enabling a remote attacker to redirect users to malicious websites due to improper URL validation. The IBM Security Bulletin consolidates multiple vulnerab...

4.3CVSS4.9AI score0.00365EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago8 views

EUVD-2026-45294

IBM Cognos Analytics 12.1.3 GA Version with build number through 12.1.3-2606251736 could allow an attacker to obtain incorrect report summary results or cause report-processing failures due to a race condition in the Agentic AI assistant's concurrent request-handling logic when multiple...

5.4CVSS5.3AI score0.00206EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-44893

The WPBot – AI ChatBot for Live Support, Lead Generation, AI Services plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 8.5.6. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS6.1AI score0.00232EPSS
Exploits0References8
NVD
NVD
added 3 days ago7 views

CVE-2026-12510

The AI Engine WordPress plugin before 3.5.5 does not verify that a user owns the chatbot conversation referenced by a client-supplied identifier, allowing users with subscriber-level access to read other users' private conversations and take over their conversation records when the discussions...

5.9CVSS0.00145EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago10 views

EUVD-2026-44870

The BetterDocs WordPress plugin before 4.5.5 does not sanitise an AI-generated documentation summary before storing and outputting it, and the feature that generates it is exposed to unauthenticated users, allowing them to store a malicious payload via prompt injection that executes in the browse...

6.1CVSS6.1AI score0.00162EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago40 views

CVE-2026-57833 Joomla Extension - weeblr.com - Unauthenticated stored XSS in 4Analytics < 5.0.2

The Joomla extension 4Analytics is vulnerable to an unauthenticated stored XSS in relation to the AI analysis feature...

8.6CVSS0.00418EPSS
Exploits0References1
CVE
CVE
added 4 days ago11 views

CVE-2026-57833

The CVE affects the Joomla extension 4Analytics for weeblr.com, with an unauthenticated stored XSS vulnerability in the AI analysis feature present in versions prior to 5.0.2. The underlying issue is a stored XSS in the AI analysis workflow, leading to high impact on confidentiality, integrity, a...

8.6CVSS6.1AI score0.00418EPSS
Exploits0References1
OSV
OSV
added 4 days ago4 views

MAL-2026-10629 Malicious code in ai-pro-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b035f137addcf0118c3d042ece322d0fdde054e4ed283317d3b2adb309e38689 [email protected] is advertised as a Vercel AI SDK provider for Claude via the Claude Agent SDK, but the published tarball ships no code: package.json...

6.1AI score
Exploits0References4
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-43547

9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to retrieve plaintext API keys for all connected AI provider accounts by sending a single unauthenticated request to the /api/usage/stats endpoint. Attackers can exploit the...

9.3CVSS6.1AI score0.00371EPSS
Exploits0References3
CVE
CVE
added 6 days ago11 views

CVE-2026-62328

Summary: CVE-2026-62328 affects 9Router up to version 0.4.41 and describes an unauthenticated information-disclosure vulnerability exposed via unprotected API endpoints. Attackers can remotely query the request-logs and request-details routes (which lack authentication middleware) to enumerate pa...

8.7CVSS6.1AI score0.00371EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-62327 9Router 0.4.41 - Unauthenticated API Key Exposure via /api/usage/stats

9Router through version 0.4.41 contains an unauthenticated information disclosure vulnerability that allows remote attackers to retrieve plaintext API keys for all connected AI provider accounts by sending a single unauthenticated request to the /api/usage/stats endpoint. Attackers can exploit th...

9.3CVSS0.00371EPSS
Exploits0References2
The Hacker News
The Hacker News
added 6 days ago13 views

Forg365 PhaaS Targets Microsoft 365 with Device Code and AitM Session Theft

A new phishing-as-a-service PhaaS operation called Forg365 is using a combination of device code phishing, adversary-in-the-middle AitM tactics, antibot evasion, artificial intelligence AI-assisted lure creation, and post-compromise mailbox operations targeting Microsoft 365 accounts. Distributed...

6.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 6 days ago7 views

PT-2026-57852

Name of the Vulnerable Software and Affected Versions ServiceNow affected versions not specified Description An issue in the ServiceNow AI platform allows an unauthenticated attacker with network access to perform a server-side sandbox escape, leading to remote code execution. The attack chain...

9.5CVSS5.8AI score0.00509EPSS
Exploits0References19
EUVD
EUVD
added 2026/07/11 12:31 a.m.8 views

EUVD-2026-43061

Incorrect Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1...

6.1AI score0.00168EPSS
Exploits0References2
NVD
NVD
added 2026/07/10 10:16 p.m.7 views

CVE-2026-13235

Missing Authorization vulnerability in Drupal AI Artificial Intelligence allows Forceful Browsing. This issue affects AI Artificial Intelligence versions: from 0.0.0 to 1.2.17, from 1.3.0 to 1.3.8, from 1.4.0 to 1.4.3...

3.3CVSS0.00161EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/10 9:44 p.m.34 views

CVE-2026-13235 AI (Artificial Intelligence) - Moderately critical - Access bypass - SA-CONTRIB-2026-055

Missing Authorization vulnerability in Drupal AI Artificial Intelligence allows Forceful Browsing. This issue affects AI Artificial Intelligence versions: from 0.0.0 to 1.2.17, from 1.3.0 to 1.3.8, from 1.4.0 to 1.4.3...

0.00161EPSS
Exploits0References1
CVE
CVE
added 2026/07/10 9:44 p.m.25 views

CVE-2026-13235

This CVE concerns a Missing Authorization vulnerability in Drupal AI (Artificial Intelligence) impacting Drupal AI versions 0.0.0–1.2.17, 1.3.0–1.3.8, and 1.4.0–1.4.3. The root cause is improper access validation for agent tools exposed by Drupal core actions, enabling forceful browsing by an att...

3.3CVSS6.1AI score0.00161EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/07/10 9:44 p.m.13 views

CVE-2026-13234

CVE-2026-13234 concerns an improper neutralization of input during web page generation (XSS) in Drupal AI (Artificial Intelligence). Affected versions: 0.0.0–1.2.17, 1.3.0–1.3.8, and 1.4.0–1.4.3. The root cause is input handling within the module and certain submodules (AI Automators, AI Translat...

6.1CVSS6.1AI score0.00181EPSS
Exploits0References1
OSV
OSV
added 2026/07/10 9:44 p.m.3 views

CVE-2026-13234 AI (Artificial Intelligence) - Moderately critical - Information Disclosure / Cross-site Scripting - SA-CONTRIB-2026-054

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal AI Artificial Intelligence allows Cross-Site Scripting XSS. This issue affects AI Artificial Intelligence versions: from 0.0.0 to 1.2.17, from 1.3.0 to 1.3.8, from 1.4.0 to 1.4.3...

6.1CVSS6.1AI score0.00181EPSS
Exploits0References5
Rows per page
Query Builder