Lucene search
K

53 matches found

CVE
CVE
added 4 days ago22 views

CVE-2026-61454

CVE-2026-61454 affects Grav's Admin2 plugin prior to 2.0.4. The vulnerability arises from embedding a global JavaScript variable, window.GRAV_CONFIG , in the Admin2 SPA bootstrap page at /grav/admin and subroutes. This object is returned in every unauthenticated response and exposes server URL, A...

8.7CVSS6.1AI score0.00239EPSS
Exploits0References2
CVE
CVE
added 5 days ago6 views

CVE-2026-61450

Grav prior to 2.0.2 contains a Twig sandbox bypass that enables a page author (including any admin.pages user or anyone with write access to user/pages) to exfiltrate configuration secrets. The sandbox replaces the config variable with a redacted facade and strips Config::get/toArray from the all...

7.1CVSS6.1AI score0.00246EPSS
Exploits0References2
OSV
OSV
added 2026/06/22 7:58 p.m.5 views

GHSA-95PQ-HR8P-F5G7 ComfyUI-Manager has an Unprotected Alternate Channel (CWE-420)

Impact An Unprotected Alternate Channel CWE-420 vulnerability was discovered in ComfyUI-Manager versions prior to 3.38. Vulnerability Details In affected versions, ComfyUI-Manager stored its configuration in the user/default/ComfyUI-Manager/ directory, which was accessible via ComfyUI's web APIs...

7.5CVSS5.9AI score0.01361EPSS
Exploits3References5
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Git

Git for Windows is a fork of Git that contains Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. These untrusted parties could create the folder C:.git, which would be included in Git...

7.8CVSS6.7AI score0.00782EPSS
Exploits0References2
CVE
CVE
added 2026/05/17 12:11 p.m.18 views

CVE-2018-25326

CVE-2018-25326 affects Google Drive for WordPress 2.2 and involves a path traversal vulnerability in gdrive-ajaxs.php. An unauthenticated attacker can exploit a crafted POST request by setting ajaxstype to del_fl_bkp and including directory traversal sequences in the file_name parameter (e.g., .....

8.7CVSS5.9AI score0.00641EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/15 7:46 a.m.55 views

CVE-2026-6403 Quick Playground <= 1.3.3 - Unauthenticated Path Traversal to Arbitrary File Read via 'stylesheet' Parameter

The Quick Playground plugin for WordPress is vulnerable to Path Traversal in versions up to and including 1.3.3. This is due to insufficient path validation in the qckplyziptheme function, which appends a user-controlled 'stylesheet' parameter directly to the theme root directory path without...

7.5CVSS0.00811EPSS
Exploits0References11
OSV
OSV
added 2026/05/08 10:58 p.m.12 views

GHSA-3P28-73Q7-45XP free5GC's NEF 3gpp-traffic-influence API is unauthenticated; missing or forged bearer tokens can create, read, patch, and delete subscriptions

Summary free5GC's NEF mounts the 3gpp-traffic-influence API without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can create, read, patch, and delete traffic-influence subscriptions either with no Authorization header at all, or with a forged bearer...

9.4CVSS5.8AI score0.00311EPSS
Exploits1References5
GithubExploit
GithubExploit
added 2026/05/06 7:21 a.m.117 views

Exploit for PHP Remote File Inclusion in Synacor Zimbra_Collaboration_Suite

CVE-2025-68645 - Zimbra Path Traversal Vulnerability !Secur...

8.8CVSS6.1AI score0.31769EPSS
Exploits5
Packet Storm News
Packet Storm News
added 2026/05/01 12:0 a.m.9 views

When RAG Chatbots Expose Their Backend: An Anonymized Case Study of Privacy and Security Risks in Patient-Facing Medical AI

Background: Patient-facing medical chatbots based on retrieval-augmented generation RAG are increasingly promoted to deliver accessible, grounded health information. AI-assisted development lowers the barrier to building them, but they still demand rigorous security, privacy, and governance...

5.8AI score
Exploits0
NVD
NVD
added 2026/04/28 7:37 p.m.7 views

CVE-2026-41385

OpenClaw before 2026.3.31 stores Nostr privateKey as plaintext in configuration, allowing exposure through config.get method calls that bypass redaction mechanisms. Attackers can retrieve unredacted configuration data to obtain plaintext signing keys used for Nostr protocol operations...

7.1CVSS0.00207EPSS
Exploits0References3
NVD
NVD
added 2026/04/20 8:16 p.m.8 views

CVE-2026-5478

The Everest Forms plugin for WordPress is vulnerable to Arbitrary File Read and Deletion in all versions up to, and including, 3.4.4. This is due to the plugin trusting attacker-controlled oldfiles data from public form submissions as legitimate server-side upload state, and converting...

8.1CVSS0.01022EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/20 7:27 p.m.4 views

CVE-2026-5478

The Everest Forms plugin for WordPress is vulnerable to Arbitrary File Read and Deletion in all versions up to, and including, 3.4.4. This is due to the plugin trusting attacker-controlled oldfiles data from public form submissions as legitimate server-side upload state, and converting...

8.1CVSS5.8AI score0.01022EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/03/27 8:40 p.m.1 views

CVE-2026-33886

Statamic is a Laravel and Git powered content management system CMS. Starting in version 5.7.12 and prior to versions 5.73.16 and 6.7.2, a control panel user with access to Antlers-enabled fields could access sensitive application configuration values by inserting config variables into their...

6.5CVSS5.8AI score0.00224EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/27 5:9 p.m.6 views

CVE-2026-33469

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. In version 0.17.0, an authenticated non-admin user can retrieve the full raw Frigate configuration through /api/config/raw. This exposes sensitive values that are intentionally redacted from /api/config,...

6.5CVSS5.9AI score0.00246EPSS
Exploits1References1
NVD
NVD
added 2026/03/23 10:16 p.m.6 views

CVE-2025-60949

Census CSWeb 8.0.1 allows "app/config" to be reachable via HTTP in some deployments. A remote, unauthenticated attacker could send requests to configuration files and obtain leaked secrets. Fixed in 8.1.0 alpha...

9.3CVSS0.00405EPSS
Exploits0References4
OSV
OSV
added 2026/03/23 9:0 p.m.2 views

CVE-2025-60949 Census CSWeb leaked configuration files

Census CSWeb 8.0.1 allows "app/config" to be reachable via HTTP in some deployments. A remote, unauthenticated attacker could send requests to configuration files and obtain leaked secrets. Fixed in 8.1.0 alpha...

9.3CVSS5.9AI score0.00405EPSS
Exploits0References6
EUVD
EUVD
added 2026/03/20 2:38 a.m.8 views

EUVD-2026-13503

Anchorr is a Discord bot for requesting movies and TV shows and receiving notifications when items are added to a media server. Versions 1.4.1 and below contain a stored XSS vulnerability in the Jellyseerr user selector. Jellyseerr allows any account holder to execute arbitrary JavaScript in the...

9CVSS6AI score0.00164EPSS
Exploits0References2
CVE
CVE
added 2026/03/20 2:38 a.m.23 views

CVE-2026-32891

Anchorr (Discord bot) versions 1.4.1 and earlier contain a stored XSS vulnerability in the Jellyseerr user selector. An attacker can execute arbitrary JavaScript in the Anchorr admin’s browser session, calling the authenticated /api/config endpoint, which returns the full application configuratio...

9CVSS6AI score0.00164EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.9 views

PT-2026-25040

CVE-2026-32142 Shopware is an open commerce platform. /api/ info/config route exposes information about licenses. This vulnerability is fixed in 7.8.1 and 6.10.15. https://t.co/miVHOhaAoF...

5.3CVSS5.8AI score0.00197EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/03/10 4:15 p.m.9 views

CVE-2026-30928

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, the /api/4/config REST API endpoint returns the entire parsed Glances configuration file glances.conf via self.config.asdict with no filtering of sensitive values. The configuration file contains credentials for all...

8.7CVSS8.4AI score0.01657EPSS
Exploits1
Rows per page
Query Builder