Lucene search
+L

5877 matches found

Nuclei
Nuclei
added yesterday14 views

WordPress Calls to Action <=2.4.3 - Authenticated Reflected XSS

Calls to Action plugin before 2.5.1 for WordPress contains stored XSS caused by unsanitized input in open-tab parameter in wp-admin/edit.php and wp-cta-variation-id parameter in ab-testing-call-to-action-example/, letting remote attackers inject arbitrary web script or HTML, exploit requires...

6.1CVSS6.2AI score0.02645EPSS
Exploits3References5
RedhatCVE
RedhatCVE
added 3 days ago4 views

CVE-2026-48805

A flaw was found in Twig, a template language for PHP. Deprecated internal wrappers in the src/Resources/core.php file do not correctly forward the sandbox state. This allows legacy function calls, such as twigarraysome, to bypass security restrictions imposed by the sandbox. An attacker could...

9.1CVSS6AI score0.0027EPSS
Exploits0References2
OSV
OSV
added 3 days ago3 views

CVE-2026-61427 PraisonAI before 4.6.78 Authentication Bypass via HTTP-stream

PraisonAI before 4.6.78 exposes the MCP HTTP-stream transport without authentication by default: the CLI --api-key option defaults to None, and the server only enforces Authorization/Bearer checks when an API key is configured. When an operator runs 'praisonai mcp serve --transport http-stream'...

6.9CVSS6.1AI score0.00338EPSS
Exploits0References4
NVD
NVD
added 4 days ago8 views

CVE-2026-48805

Twig is a template language for PHP. Prior to 3.27.0, deprecated internal wrappers in src/Resources/core.php do not forward the current sandbox state to CoreExtension::checkArrow, arraySome, and arrayEvery, allowing legacy calls such as twigarraysome, twigarrayevery, and twigcheckarrowinsandbox t...

9.1CVSS0.0027EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago4 views

EUVD-2026-43548

9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to access sensitive user data by sending requests to unprotected API endpoints. Attackers can enumerate paginated request logs and retrieve complete AI conversation historie...

8.7CVSS6.1AI score0.00371EPSS
Exploits0References3
Cvelist
Cvelist
added 5 days ago37 views

CVE-2026-62328 9Router 0.4.41 - Unauthenticated Information Disclosure via API Usage Endpoints

9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to access sensitive user data by sending requests to unprotected API endpoints. Attackers can enumerate paginated request logs and retrieve complete AI conversation historie...

8.7CVSS0.00371EPSS
Exploits0References2
CVE
CVE
added 6 days ago14 views

CVE-2026-15473

The CVE-2026-15473 entry concerns Eleveo Call Recording Software 9.7.0. The issue affects the Recorded Calls Page’s file handling at /callrec/restoreCallAction.do, where processing leads to improper authorization. The vulnerability is exploitable remotely, with exploit code described as PROOF-OF-...

6.5CVSS6.2AI score0.00201EPSS
Exploits0References5
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-43195

A vulnerability was identified in Eleveo Call Recording Software 9.7.0. This issue affects some unknown processing of the file /callrec/restoreCallAction.do of the component Recorded Calls Page. The manipulation leads to improper authorization. The attack is possible to be carried out remotely. T...

6.5CVSS6.2AI score0.00201EPSS
Exploits0References5
EUVD
EUVD
added last week7 views

EUVD-2026-43181

PraisonAI before 4.6.78 contains arbitrary file write and command execution vulnerabilities in the AICoder component due to missing path validation and command sanitization in LLM tool calls. Attackers can inject malicious prompts through the chat interface to write files to arbitrary filesystem...

9.9CVSS6.3AI score0.00538EPSS
Exploits0References2
NVD
NVD
added 2026/07/10 9:16 p.m.8 views

CVE-2026-34196

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause an integer overflow and map two GPU virtual addresses to the same physical address. One of these virutal mappings can be freed along with the physical page, allowing for a read/write UAF via the...

7.8CVSS0.00118EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/10 8:46 p.m.7 views

EUVD-2026-43034

Software installed and run as a non-privileged user may cause OOB kernel memory reads or writes through GPU API calls. When indexing pages larger than 4kB in the page freeing logic of the sparse memory implementation, incorrect buffer indexing leads to OOB access...

6.1AI score0.00131EPSS
Exploits0References1
NVD
NVD
added 2026/07/10 5:16 p.m.7 views

CVE-2026-55638

9Router is an AI router & token saver. Prior to 0.5.2, 9router protects /v1, /v1beta, /api/v1, and /api/v1beta in src/dashboardGuard.js but omits /codex before next.config.mjs rewrites /codex/ to /api/v1/responses. A remote unauthenticated attacker can send requests to /codex/ to bypass the API-k...

8.6CVSS0.00372EPSS
Exploits0References3
CVE
CVE
added 2026/07/10 3:38 p.m.8 views

CVE-2026-55638

9router prior to version 0.5.2 exposed an unauthenticated access path via /codex that bypassed the API-key gate due to an incomplete rewrite handling. An attacker could send requests to /codex/* and trigger upstream provider calls using operator-stored LLM provider credentials. The vulnerability ...

8.6CVSS6.1AI score0.00372EPSS
Exploits0References3
CVE
CVE
added 2026/07/10 3:36 p.m.11 views

CVE-2026-55641

9router (affected component: /v1 LLM proxy logic) had an unauthenticated bypass due to client-controlled Host header processing before version 0.5.2. This allowed a remote attacker to craft Host: localhost to bypass API-key checks, potentially enabling upstream provider calls with stored credenti...

8.2CVSS6.1AI score0.00246EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/07/09 6:11 a.m.6 views

CVE-2026-59818

A flaw was found in etcd, a distributed key-value store. When etcd is configured to use separate listeners for HTTP and gRPC client endpoints, the Certificate Revocation List CRL is not properly enforced on the gRPC listener. This oversight allows a client with a revoked certificate to successful...

8.1CVSS5.9AI score0.00319EPSS
Exploits0References12
EUVD
EUVD
added 2026/07/08 1:49 p.m.8 views

EUVD-2026-42263

n8n before 1.123.55, 2.25.7, and 2.26.2 contains an authorization bypass in the POST /workflows/workflowId/test-runs/new endpoint, which authorizes access using the workflow:read scope instead of workflow:execute. An authenticated user with read-only access to a workflow can trigger a real...

7.4CVSS6.1AI score0.00161EPSS
Exploits0References2
OSV
OSV
added 2026/07/07 2:34 p.m.5 views

PYSEC-2026-1268 Composio Command Execution vulnerability

composio =0.5.40 is vulnerable to Command Execution in composioopenai, composioclaude, and composiojulep via the handletoolcalls function...

6.4CVSS6AI score0.00584EPSS
Exploits1References10
NVD
NVD
added 2026/07/06 9:16 p.m.12 views

CVE-2025-59616

Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input due to accessing already freed memory...

7.8CVSS0.00064EPSS
Exploits0References1
OSV
OSV
added 2026/07/06 8:39 p.m.6 views

GHSA-6XC5-4R68-67FC Langroid: SQLChatAgent dangerous-function blocklist can be bypassed with quoted or schema-qualified pg_read_file calls

SQLChatAgent validatequery dangerous-pattern regex is bypassable via quoted/commented/qualified function names Summary The SQLChatAgent SQL-injection mitigation, with default allowdangerousoperations=False, combines a raw-text regex blocklist DANGEROUSSQLPATTERNS with a sqlglot SELECT-only...

9.3CVSS6.2AI score0.00646EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/07/06 8:39 p.m.7 views

Langroid: SQLChatAgent dangerous-function blocklist can be bypassed with quoted or schema-qualified pg_read_file calls

SQLChatAgent validatequery dangerous-pattern regex is bypassable via quoted/commented/qualified function names Summary The SQLChatAgent SQL-injection mitigation, with default allowdangerousoperations=False, combines a raw-text regex blocklist DANGEROUSSQLPATTERNS with a sqlglot SELECT-only...

9.8CVSS6.2AI score0.00646EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder