Lucene search
K

161512 matches found

Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.11 views

PT-2026-45052

Name of the Vulnerable Software and Affected Versions PraisonAI version 4.6.33 Description The code-generator praisonai.deploy.api.generate api server code creates a Flask API server with authentication disabled by default. When users deploy the server using the command praisonai deploy --type ap...

9.8CVSS5.9AI score0.0008EPSS
Exploits0References8
Packet Storm
Packet Storm
added 2026/05/29 12:0 a.m.51 views

📄 Langflow 1.3.0 Remote Code Execution

Langflow contains a remote code execution caused by inclusion of functionality from untrusted control sphere in the execglobals parameter at the validate endpoint, letting remote attackers execute arbitrary code as root, exploit requires no authentication. Exploit Title: Langflow 1.3.0 - Remote...

9.8CVSS8.1AI score0.10371EPSS
Exploits8
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.10 views

PT-2026-45015

Name of the Vulnerable Software and Affected Versions Gotenberg versions 8.10.0 through 8.x Description Gotenberg is susceptible to a remote denial of service due to a race condition when handling multipart requests. When a request contains multiple downloadFrom entries, the system initiates...

7.5CVSS6AI score0.00138EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

Danelec Marine Danelec MacGregor Voyage Data Recorder 安全漏洞

The Danelec Marine Danelec MacGregor Voyage Data Recorder is a series of ship navigation data recording systems developed by Danelec Marine. There is a security vulnerability associated with the Danelec Marine Danelec MacGregor Voyage Data Recorder. This vulnerability stems from the possibility f...

6.9CVSS5.8AI score0.00376EPSS
Exploits0References4
Redos
Redos
added 2026/05/29 12:0 a.m.10 views

ROS-20260529-73-0012

The vulnerability of HashiCorp’s Vault Community Edition and Vault Enterprise, platforms for archiving corporate information, lies in the ability to bypass authentication by using an alternative path or channel. Exploiting this vulnerability allows a malicious actor to cause service interruptions...

8.1CVSS5.8AI score0.00376EPSS
Exploits0
Redos
Redos
added 2026/05/29 12:0 a.m.11 views

ROS-20260529-73-0009

The vulnerability in Portainer-Ce is related to deficiencies in the authentication process. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

6.5CVSS5.8AI score0.00257EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.11 views

openSUSE 16 Security Update : cups (openSUSE-SU-2026:20812-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20812-1 advisory. This update for cups fixes the following issues - CVE-2026-27447: Authorization bypass via case-insensitive group-member lookup bsc1261572. -...

7.8CVSS6.3AI score0.00502EPSS
Exploits8References24
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.9 views

Devolutions Server < 2025.3.22 / 2026.1.x < 2026.1.19 Multiple Vulnerabilities (DEVO-2026-0013)

The version of Devolutions Server installed on the remote host is prior to 2025.3.22 or 2026.1.x prior to 2026.1.19. It is, therefore, affected by multiple vulnerabilities, including: - Improper authorization in the Active Directory browsing feature allows a low-privileged authenticated user to...

7.1CVSS5.8AI score0.00178EPSS
Exploits0References11
Packet Storm
Packet Storm
added 2026/05/29 12:0 a.m.65 views

📄 WordPress Quick Playground 1.3.1 Shell Upload

Quick Playground for WordPress plugin versions 1.3.1 and below suffers from a remote shell upload vulnerability. Exploit Title: Quick Playground for WordPress 1.3.1 - Unauthenticated Remote Code Execution Google Dork: N/A Date: 2026-05-22 Exploit Author: cardosource Vendor Homepage:...

9.8CVSS5.8AI score0.03092EPSS
Exploits3
Exploit DB
Exploit DB
added 2026/05/29 12:0 a.m.63 views

strongSwan 5.9.13 - DoS

Exploit Title: strongSwan 5.9.13 - DoS Date: 2026-05-13 Exploit Author: Lukas Johannes Moeller Vendor Homepage: https://www.strongswan.org/ Software Link: https://download.strongswan.org/strongswan-5.9.13.tar.bz2 Version: strongSwan next never advances and the per-attribute length computation...

5.8AI score
Exploits3
Exploit DB
Exploit DB
added 2026/05/29 12:0 a.m.76 views

Langflow 1.3.0 - Remote Code Execution

Exploit Title: Langflow 1.3.0 - Remote Code Execution Fofa-dork: title="Langflow" Shodan-dork: title:"Langflow" Date: 23-05-2026 Exploit Author: Diamorphine Venodor Homepage: https://www.langflow.org/ Software Link: https://github.com/langflow-ai/langflow Version: 1.2.0 Tested on: Debian CVE :...

9.8CVSS7.3AI score0.10371EPSS
Exploits8
Exploit DB
Exploit DB
added 2026/05/29 12:0 a.m.59 views

strongSwan 5.9.13 - libsimaka EAP-SIM/AKA heap buffer overflow

Exploit Title: strongSwan 5.9.13 - heap buffer overflow Date: 2026-05-13 Exploit Author: Lukas Johannes Moeller Vendor Homepage: https://www.strongswan.org/ Software Link: https://download.strongswan.org/strongswan-5.9.13.tar.bz2 Version: strongSwan length 4 - 4 without guarding against hdr-lengt...

5.8AI score
Exploits3
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.17 views

ImageMagick < 6.9.13-48 / 7.x < 7.1.2-23 Multiple Vulnerabilities

The remote host has a version of ImageMagick installed that is prior to 6.9.13-47 or 7.x prior to 7.1.2-22. It is, therefore, affected by multiple vulnerabilities: — An attacker who can connect to a magick -distribute-cache service can hijack a file descriptor in the server process when a race...

5.7CVSS6AI score0.00109EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.17 views

PT-2026-44843

Name of the Vulnerable Software and Affected Versions FreePBX versions prior to 16.0.50 FreePBX versions prior to 17.0.11 Description The CDR Reports module page allows SQL injection, a technique where malicious SQL statements are inserted into entry fields for execution. This issue occurs throug...

8.5CVSS5.9AI score0.00289EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2026/05/29 12:0 a.m.125 views

VulnCheck KEV: CVE-2026-0257

Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues...

9.1CVSS5.8AI score0.86678EPSS
In wildExploits9References10
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.10 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 22.04 LTS / 24.04 LTS : tgt vulnerability (USN-8325-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8325-1 advisory. It was discovered that tgt incorrectly tried to achieve entropy by calling rand without srand. An attacker could...

5.9CVSS5.9AI score0.00547EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.8 views

Devolutions Server 2026.1.x < 2026.1.19 Multiple Vulnerabilities (DEVO-2026-0013)

The version of Devolutions Server installed on the remote host is 2026.1.x prior to 2026.1.19. It is, therefore, affected by multiple vulnerabilities: - Improper handling of factor key state in the multi-factor authentication management feature allows an attacker with knowledge of a user's passwo...

7.6CVSS5.8AI score0.00215EPSS
Exploits0References3
Exploit DB
Exploit DB
added 2026/05/29 12:0 a.m.79 views

ZTE ZXHN H188A V6 - Authentication Bypass

Exploit Title: ZTE ZXHN H188A V6 - Authentication Bypass Date: 2026-05-20 Exploit Author: Mina Nageh Salalma Monx Research Vendor Homepage: https://www.zte.com.cn Software Link: https://github.com/minanagehsalalma/cve-2026-34472-auth-bypass-zte-h188a-router Version: ZXHN H188A V6.0.10P2TE,...

7.1CVSS5.8AI score0.08943EPSS
Exploits3
Cvelist
Cvelist
added 2026/05/28 10:50 p.m.34 views

CVE-2026-6816 TFA Basic Plugins - Access Bypass

An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users. This issue affects TFA Basic Plugins: from 7.x-1.0 through 7.x-1.2...

5.1CVSS0.00321EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/28 10:48 p.m.7 views

CVE-2026-5343 SAML SSO - Service Provider - Critical - Authentication bypass - SA-CONTRIB-2026-031

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal SAML SSO - Service Provider allows Privilege Escalation. This issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.4...

5.8AI score0.00257EPSS
Exploits0References1
Rows per page
Query Builder