161512 matches found
PT-2026-45052
Name of the Vulnerable Software and Affected Versions PraisonAI version 4.6.33 Description The code-generator praisonai.deploy.api.generate api server code creates a Flask API server with authentication disabled by default. When users deploy the server using the command praisonai deploy --type ap...
📄 Langflow 1.3.0 Remote Code Execution
Langflow contains a remote code execution caused by inclusion of functionality from untrusted control sphere in the execglobals parameter at the validate endpoint, letting remote attackers execute arbitrary code as root, exploit requires no authentication. Exploit Title: Langflow 1.3.0 - Remote...
PT-2026-45015
Name of the Vulnerable Software and Affected Versions Gotenberg versions 8.10.0 through 8.x Description Gotenberg is susceptible to a remote denial of service due to a race condition when handling multipart requests. When a request contains multiple downloadFrom entries, the system initiates...
Danelec Marine Danelec MacGregor Voyage Data Recorder 安全漏洞
The Danelec Marine Danelec MacGregor Voyage Data Recorder is a series of ship navigation data recording systems developed by Danelec Marine. There is a security vulnerability associated with the Danelec Marine Danelec MacGregor Voyage Data Recorder. This vulnerability stems from the possibility f...
ROS-20260529-73-0012
The vulnerability of HashiCorp’s Vault Community Edition and Vault Enterprise, platforms for archiving corporate information, lies in the ability to bypass authentication by using an alternative path or channel. Exploiting this vulnerability allows a malicious actor to cause service interruptions...
ROS-20260529-73-0009
The vulnerability in Portainer-Ce is related to deficiencies in the authentication process. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
openSUSE 16 Security Update : cups (openSUSE-SU-2026:20812-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20812-1 advisory. This update for cups fixes the following issues - CVE-2026-27447: Authorization bypass via case-insensitive group-member lookup bsc1261572. -...
Devolutions Server < 2025.3.22 / 2026.1.x < 2026.1.19 Multiple Vulnerabilities (DEVO-2026-0013)
The version of Devolutions Server installed on the remote host is prior to 2025.3.22 or 2026.1.x prior to 2026.1.19. It is, therefore, affected by multiple vulnerabilities, including: - Improper authorization in the Active Directory browsing feature allows a low-privileged authenticated user to...
📄 WordPress Quick Playground 1.3.1 Shell Upload
Quick Playground for WordPress plugin versions 1.3.1 and below suffers from a remote shell upload vulnerability. Exploit Title: Quick Playground for WordPress 1.3.1 - Unauthenticated Remote Code Execution Google Dork: N/A Date: 2026-05-22 Exploit Author: cardosource Vendor Homepage:...
strongSwan 5.9.13 - DoS
Exploit Title: strongSwan 5.9.13 - DoS Date: 2026-05-13 Exploit Author: Lukas Johannes Moeller Vendor Homepage: https://www.strongswan.org/ Software Link: https://download.strongswan.org/strongswan-5.9.13.tar.bz2 Version: strongSwan next never advances and the per-attribute length computation...
Langflow 1.3.0 - Remote Code Execution
Exploit Title: Langflow 1.3.0 - Remote Code Execution Fofa-dork: title="Langflow" Shodan-dork: title:"Langflow" Date: 23-05-2026 Exploit Author: Diamorphine Venodor Homepage: https://www.langflow.org/ Software Link: https://github.com/langflow-ai/langflow Version: 1.2.0 Tested on: Debian CVE :...
strongSwan 5.9.13 - libsimaka EAP-SIM/AKA heap buffer overflow
Exploit Title: strongSwan 5.9.13 - heap buffer overflow Date: 2026-05-13 Exploit Author: Lukas Johannes Moeller Vendor Homepage: https://www.strongswan.org/ Software Link: https://download.strongswan.org/strongswan-5.9.13.tar.bz2 Version: strongSwan length 4 - 4 without guarding against hdr-lengt...
ImageMagick < 6.9.13-48 / 7.x < 7.1.2-23 Multiple Vulnerabilities
The remote host has a version of ImageMagick installed that is prior to 6.9.13-47 or 7.x prior to 7.1.2-22. It is, therefore, affected by multiple vulnerabilities: â An attacker who can connect to a magick -distribute-cache service can hijack a file descriptor in the server process when a race...
PT-2026-44843
Name of the Vulnerable Software and Affected Versions FreePBX versions prior to 16.0.50 FreePBX versions prior to 17.0.11 Description The CDR Reports module page allows SQL injection, a technique where malicious SQL statements are inserted into entry fields for execution. This issue occurs throug...
VulnCheck KEV: CVE-2026-0257
Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues...
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 22.04 LTS / 24.04 LTS : tgt vulnerability (USN-8325-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8325-1 advisory. It was discovered that tgt incorrectly tried to achieve entropy by calling rand without srand. An attacker could...
Devolutions Server 2026.1.x < 2026.1.19 Multiple Vulnerabilities (DEVO-2026-0013)
The version of Devolutions Server installed on the remote host is 2026.1.x prior to 2026.1.19. It is, therefore, affected by multiple vulnerabilities: - Improper handling of factor key state in the multi-factor authentication management feature allows an attacker with knowledge of a user's passwo...
ZTE ZXHN H188A V6 - Authentication Bypass
Exploit Title: ZTE ZXHN H188A V6 - Authentication Bypass Date: 2026-05-20 Exploit Author: Mina Nageh Salalma Monx Research Vendor Homepage: https://www.zte.com.cn Software Link: https://github.com/minanagehsalalma/cve-2026-34472-auth-bypass-zte-h188a-router Version: ZXHN H188A V6.0.10P2TE,...
CVE-2026-6816 TFA Basic Plugins - Access Bypass
An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users. This issue affects TFA Basic Plugins: from 7.x-1.0 through 7.x-1.2...
CVE-2026-5343 SAML SSO - Service Provider - Critical - Authentication bypass - SA-CONTRIB-2026-031
Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal SAML SSO - Service Provider allows Privilege Escalation. This issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.4...