Lucene search
K

593 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Firefox

The “Copy Image Link” context menu action would copy the final image URL after redirects. By embedding an image that triggered authentication flows—in conjunction with a Content Security Policy that stopped a redirection chain in the middle—the final image URL could contain an authentication toke...

6.1CVSS5.5AI score0.00528EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/19 11:46 p.m.13 views

Allocation of Resources Without Limits or Throttling

Overview @joplin/lib is a joplin core library. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the title input. An attacker can cause the application to consume excessive memory and terminate unexpectedly by submitting an extremely long...

6.8CVSS5.8AI score0.00159EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/19 8:24 p.m.32 views

CVE-2025-57798 Joplin has Denial of Service (DoS) via Uncontrolled Resource Allocation through Title Input

Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.6.14 and prior contain a Denial of Service DoS vulnerability in the title input functionality due to a lack of proper length validation. This flaw allows an attacker to cause an Ou...

5.5CVSS0.00159EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/19 8:24 p.m.9 views

EUVD-2025-209900

Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.6.14 and prior contain a Denial of Service DoS vulnerability in the title input functionality due to a lack of proper length validation. This flaw allows an attacker to cause an Ou...

5.5CVSS5.7AI score0.00159EPSS
Exploits0References2
CVE
CVE
added 2026/05/19 8:24 p.m.17 views

CVE-2025-57798

CVE-2025-57798 affects Joplin

5.5CVSS5.7AI score0.00159EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/19 8:24 p.m.10 views

CVE-2025-57798 Joplin has Denial of Service (DoS) via Uncontrolled Resource Allocation through Title Input

Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.6.14 and prior contain a Denial of Service DoS vulnerability in the title input functionality due to a lack of proper length validation. This flaw allows an attacker to cause an Ou...

5.5CVSS5.7AI score0.00159EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.11 views

PT-2026-42012

Name of the Vulnerable Software and Affected Versions Joplin versions prior to 3.7.1 Description A Denial of Service DoS flaw exists in the title input functionality due to missing length validation. An attacker can trigger an Out Of Memory OOM error, leading to program termination, by inserting ...

5.5CVSS5.9AI score0.00159EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/17 2:27 a.m.9 views

CVE-2026-8719

The AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin for WordPress is vulnerable to Privilege Escalation in version 3.4.9. This is due to missing WordPress capability enforcement in the MCP OAuth bearer-token authorization path, where any valid OAuth token causes MCP access to be...

8.8CVSS5.8AI score0.00359EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/05/15 6:45 p.m.11 views

EUVD-2026-30585

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the backend admin/auth-token endpoint allows an authenticated administrator to load another administrator's REST API token list by supplying that user's adminid. This can...

8.1CVSS5.8AI score0.00218EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/14 8:24 p.m.9 views

Open WebUI's chat completion API allows tool restrictions to be bypassed

Summary Open WebUI v0.6.43 contains a vulnerability in its chat completion API, which allows attackers to bypass tool restrictions, potentially enabling unauthorized actions or access. Details In the chatcompletion API, the parameters toolids and toolservers are supplied by the user. These...

7.1CVSS5.7AI score0.0026EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/05/14 8:24 p.m.27 views

GHSA-4PCG-253R-RF9W Open WebUI's chat completion API allows tool restrictions to be bypassed

Summary Open WebUI v0.6.43 contains a vulnerability in its chat completion API, which allows attackers to bypass tool restrictions, potentially enabling unauthorized actions or access. Details In the chatcompletion API, the parameters toolids and toolservers are supplied by the user. These...

7.1CVSS5.7AI score0.0026EPSS
Exploits1References5
CVE
CVE
added 2026/05/13 3:36 p.m.17 views

CVE-2026-44479

CVE-2026-44479 affects Vercel’s AI Cloud CLI between versions 50.16.0 and 52.0.0. In non-interactive mode, commands that cannot complete autonomously emit JSON payloads with follow-up commands, and if a token is supplied on the CLI (via --token/-t), the token value is included verbatim in those s...

5.5CVSS5.8AI score0.0016EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/11 8:26 p.m.7 views

CVE-2026-44400

MailEnable Enterprise Premium 10.55 and earlier contains an improper authorization vulnerability in the WebAdmin mobile portal that allows attackers to bypass authentication checks by reusing AuthenticationToken cookies generated for low-privileged users. Attackers can obtain a token from the...

9.8CVSS5.8AI score0.0035EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/08 8:22 p.m.41 views

CVE-2026-44400 MailEnable Enterprise Premium < 10.55 Authorization Bypass via WebAdmin

MailEnable Enterprise Premium 10.55 and earlier contains an improper authorization vulnerability in the WebAdmin mobile portal that allows attackers to bypass authentication checks by reusing AuthenticationToken cookies generated for low-privileged users. Attackers can obtain a token from the...

8.7CVSS0.0035EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/08 8:22 p.m.8 views

CVE-2026-44400 MailEnable Enterprise Premium < 10.55 Authorization Bypass via WebAdmin

MailEnable Enterprise Premium 10.55 and earlier contains an improper authorization vulnerability in the WebAdmin mobile portal that allows attackers to bypass authentication checks by reusing AuthenticationToken cookies generated for low-privileged users. Attackers can obtain a token from the...

8.7CVSS5.8AI score0.0035EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/08 8:22 p.m.11 views

CVE-2026-44400

MailEnable Enterprise Premium 10.55 and earlier contains an improper authorization vulnerability in the WebAdmin mobile portal that allows attackers to bypass authentication checks by reusing AuthenticationToken cookies generated for low-privileged users. Attackers can obtain a token from the...

8.7CVSS5.8AI score0.0035EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.10 views

MailEnable Enterprise Premium 安全漏洞

MailEnable Enterprise Premium is a suite of POP3 and SMTP email servers provided by the Australian company MailEnable. Versions of MailEnable Enterprise Premium 10.55 and earlier contained security vulnerabilities. These vulnerabilities stemmed from improper authorization in the WebAdmin mobile...

9.8CVSS5.8AI score0.0035EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/05/06 7:36 p.m.14 views

CVE-2026-40171

In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be chained with...

8.4CVSS6AI score0.00476EPSS
Exploits0
Packet Storm
Packet Storm
added 2026/05/05 12:0 a.m.60 views

📄 Camaleon CMS 2.9.0 Path Traversal

Camaleon CMS version 2.9.0 suffers from a path traversal vulnerability. Exploit Title: Camaleon CMS v2.9.0 - Path Traversal Date: 2026-02-02 Exploit Author: Sakshi Velampudi CyberQuestor Vendor Homepage: https://github.com/owen2345/camaleon-cms Software Link:...

7.7CVSS5.8AI score0.1456EPSS
Exploits11
EUVD
EUVD
added 2026/05/04 12:0 a.m.9 views

EUVD-2026-26854

A vulnerability was detected in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this vulnerability is the function generateauthtoken of the file cps/koboauth.py of the component Kobo auth-token Route. The manipulation results in improper authorization. The attack may be performed fr...

6.5CVSS6.2AI score0.00272EPSS
Exploits0References9
Rows per page
Query Builder