Lucene search
K

79 matches found

Nuclei
Nuclei
added 20 hours ago91 views

Automation By Autonami < 3.3.0 - SQL Injection

The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit WordPress plugin before 3.3.0 does not sanitize and escape the bwfan-track-id parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks. id:...

8.6CVSS6.1AI score0.02241EPSS
Exploits1References2
NVD
NVD
added 2 days ago9 views

CVE-2026-59226

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 before 0.10.0, executeautomation rehydrated automation owners without rechecking that they were still active or still had features.automations, and checkmodelaccess only enforced private-model grants...

4.3CVSS0.00303EPSS
Exploits0References4
CVE
CVE
added 2 days ago5 views

CVE-2026-59226

Open WebUI vulnerability CVE-2026-59226 affects versions prior to 0.10.0 of the Open WebUI platform. The issue stems from execute_automation rehydrating automation owners without rechecking that they were still active or had features.automations, and from check_model_access only enforcing private...

4.3CVSS6AI score0.00303EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2 days ago30 views

CVE-2026-59226 Open WebUI: Scheduled automations continue after pending-user deactivation and stored model ACL revocation

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 before 0.10.0, executeautomation rehydrated automation owners without rechecking that they were still active or still had features.automations, and checkmodelaccess only enforced private-model grants...

3.1CVSS0.00303EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:44 p.m.9 views

Malicious code in @grappi/automations (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dfa70084df92420d9b31f4eb1da3b47bccc78cc677a9f6fb3ac242c857f2e925 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
NVD
NVD
added 2026/06/23 6:18 p.m.10 views

CVE-2026-54318

Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.5.3, the LocationSensorManager BroadcastReceiver is exported with no permission. Any installed app, with zero runtime permissions, can broadcast a forged Google Play Services...

7.1CVSS0.00113EPSS
Exploits1References2
CVE
CVE
added 2026/06/23 5:40 p.m.37 views

CVE-2026-54318

Affected software: Home Assistant Android components. Vulnerability: LocationSensorManager BroadcastReceiver was exported with no permission prior to 2026.5.3, allowing any local app (zero runtime permissions) to broadcast a forged Google Play Services LocationResult to spoof the device’s locatio...

7.1CVSS5.9AI score0.00113EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.11 views

PT-2026-51577

Name of the Vulnerable Software and Affected Versions Home Assistant versions prior to 2026.5.3 Description The LocationSensorManager BroadcastReceiver is exported without requiring permissions. This allows any installed application on the device, regardless of its runtime permissions, to send a...

7.1CVSS5.8AI score0.00113EPSS
Exploits1References9
Snyk
Snyk
added 2026/06/22 11:20 p.m.8 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview @budibase/server is a Budibase Web Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the externalTrigger process. An attacker can gain unauthorized access to another workspace's database and execu...

9.6CVSS6AI score0.00461EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/15 9:30 p.m.10 views

EUVD-2026-36929

Subscriber Broken Authentication in FunnelKit Automations = 3.7.3 versions...

7.1CVSS5.2AI score0.00385EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 9:16 p.m.10 views

CVE-2026-39450

Subscriber Broken Authentication in FunnelKit Automations = 3.7.3 versions...

7.1CVSS0.00385EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:17 p.m.29 views

CVE-2026-39450 WordPress FunnelKit Automations plugin <= 3.7.3 - Broken Authentication vulnerability

Subscriber Broken Authentication in FunnelKit Automations = 3.7.3 versions...

7.1CVSS0.00385EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:17 p.m.11 views

CVE-2026-39450

CVE-2026-39450 concerns the WordPress FunnelKit Automations plugin, version

7.1CVSS5.2AI score0.00385EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 8:17 p.m.7 views

CVE-2026-39450 WordPress FunnelKit Automations plugin <= 3.7.3 - Broken Authentication vulnerability

Subscriber Broken Authentication in FunnelKit Automations = 3.7.3 versions...

7.1CVSS5.2AI score0.00385EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.14 views

PT-2026-49373

Subscriber Broken Authentication in FunnelKit Automations = 3.7.3 versions...

7.1CVSS5.2AI score0.00385EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/04/22 4:1 p.m.6 views

WordPress FunnelKit Automations plugin <= 3.7.3 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Jakub Herman in WordPress Plugin FunnelKit Automations versions = 3.7.3...

5.2AI score0.00385EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/07 3:4 p.m.2 views

CVE-2026-1078 An arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pega Robotic Automation version 22.1 or R25 users who are running automations that work with Google Chrome or Microsoft Edge.

An arbitrary file-write vulnerability in Pega Browser Extension PBE affects Pega Robotic Automation version 22.1 or R25 users who are running automations that work with Google Chrome or Microsoft Edge. A bad actor could create a website that includes malicious code. The vulnerability could occur ...

7.2CVSS6AI score0.00321EPSS
Exploits0References1
NVD
NVD
added 2025/12/02 11:15 a.m.5 views

CVE-2025-41742

Sprecher Automations SPRECON-E-C, SPRECON-E-P, SPRECON-E-T3 is vulnerable to attack by an unauthorized remote attacker via default cryptographic keys. The use of these keys allows the attacker to read, modify, and write projects and data, or to access any device via remote maintenance...

9.8CVSS0.00435EPSS
Exploits1References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 7:26 a.m.5 views

Malicious code in reasonable_lark_0xrequest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8cfe3c8780d331450fce7d6a434246dd9fe27f9f00c07c2f07fde4512982548 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/11 5:18 a.m.4 views

MAL-2025-96845 Malicious code in subtle_bonobo_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd45e79538017bf32f6bc3b1bbf457e6d4cb2fc2f0fab3435badbb1b47a440a2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
Rows per page
Query Builder