Lucene search
+L

68 matches found

Nuclei
Nuclei
added yesterday23 views

ComfyUI-Manager < 3.38 - Configuration Overwrite

ComfyUI-Manager 3.38 contains an insecure file storage vulnerability caused by storing files in an insufficiently protected location accessible via the web interface, letting remote attackers manipulate configuration and critical data, exploit requires web access. id: CVE-2025-67303 info: name:...

7.5CVSS7.2AI score0.01361EPSS
Exploits3References3
OSV
OSV
added 2026/07/09 9:30 p.m.3 views

CVE-2026-58122 Hermes WebUI < 0.51.307 Authentication Bypass via X-Forwarded-For Header Spoofing

Hermes WebUI before 0.51.307 contains an authentication bypass vulnerability that allows unauthenticated remote attackers to circumvent local-origin IP restrictions on onboarding endpoints by supplying a spoofed X-Forwarded-For header with a loopback address. Attackers can exploit this bypass to...

9.3CVSS6.1AI score0.00293EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/07/07 8:34 p.m.5 views

CVE-2026-58473 Cognee < 1.2.0 Unauthorized LLM Configuration Overwrite via /api/v1/settings

Cognee before 1.2.0 contains an improper access control vulnerability that allows unauthenticated attackers to overwrite the global LLM provider configuration by self-registering an account and calling the settings endpoint, which performs no admin or superuser check. Attackers can redirect all L...

9.3CVSS6AI score0.00372EPSS
Exploits0References4
CVE
CVE
added 2026/07/07 8:34 p.m.13 views

CVE-2026-58473

CVE-2026-58473 (Cognee) vulnerability affects Cognee prior to 1.2.0. An improper access-control flaw allows unauthenticated attackers to overwrite the global LLM provider configuration by self-registering an account and calling the settings endpoint, which lacks admin/superuser checks. This enabl...

9.3CVSS6AI score0.00372EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/01 1:49 p.m.33 views

CVE-2026-23537 Feast: unauthenticated arbitrary file write

A vulnerability has been identified in the Feast Feature Server’s /save-document endpoint that allows an unauthenticated remote attacker to write arbitrary JSON files to the server's filesystem. Although the system attempts to restrict file locations, these protections can be bypassed, enabling a...

9.1CVSS0.00568EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/07/01 1:49 p.m.7 views

CVE-2026-23537 Feast: unauthenticated arbitrary file write

A vulnerability has been identified in the Feast Feature Server’s /save-document endpoint that allows an unauthenticated remote attacker to write arbitrary JSON files to the server's filesystem. Although the system attempts to restrict file locations, these protections can be bypassed, enabling a...

9.1CVSS6.2AI score0.00568EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:33 p.m.6 views

CVE-2026-52813

Gogs is an open source self-hosted Git service. Prior to 0.14.3, organization names containing path traversal sequences ../ are accepted by Gogs, and repositories under them are written to paths following these path traversals. This allows storing/retrieving data for repositories at arbitrary...

10CVSS6.1AI score0.01107EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.12 views

CVE-2026-35491

FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, Pi-hole FTL supports a CLI password feature webserver.api.clipw that creates “CLI” API sessions intended to be read-only for configuration changes. While /api/config...

6.1CVSS5.4AI score0.00156EPSS
Exploits1References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/26 9:10 a.m.18 views

Malicious code in makecoder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bf72d8ec7b803169421eb83d7ccbbdcd0af3671592775e25df2f92b33dfde5a4 scripts/postinstall.js runs automatically on npm install. When bun is not already present, it unconditionally executes curl -fsSL...

6.4AI score
Exploits0References3
CVE
CVE
added 2026/05/15 7:57 p.m.44 views

CVE-2026-44552

CVE-2026-44552 affects Open WebUI. Before 0.9.0, tool_servers and terminal_servers keys in Redis were unprefixed, so when multiple instances share a Redis backend they can collide, allowing an admin on one instance to poison another’s cache and have users interact with attacker-controlled tool co...

8.7CVSS5.8AI score0.00305EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/07 3:0 p.m.3 views

CVE-2026-35491

FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, Pi-hole FTL supports a CLI password feature webserver.api.clipw that creates “CLI” API sessions intended to be read-only for configuration changes. While /api/config...

6.1CVSS5.9AI score0.00156EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/04/07 3:0 p.m.18 views

CVE-2026-35491 Pi-hole FTL: CLI API sessions can import Teleporter archives and modify configuration

FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, Pi-hole FTL supports a CLI password feature webserver.api.clipw that creates “CLI” API sessions intended to be read-only for configuration changes. While /api/config...

6.1CVSS0.00156EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.4 views

PT-2026-30863

FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, Pi-hole FTL supports a CLI password feature webserver.api.cli pw that creates “CLI” API sessions intended to be read-only for configuration changes. While /api/config...

6.1CVSS5.9AI score0.00156EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:12 p.m.4 views

CVE-2026-3645

The Punnel – Landing Page Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.1. The saveconfig function, which handles the 'punnelsaveconfig' AJAX action, lacks any capability check currentusercan and nonce verification. This makes it...

5.3CVSS6AI score0.00292EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/04 1:57 a.m.8 views

CVE-2021-35486

A Cross-Site Request Forgery CSRF vulnerability in Nokia IMPACT through 19.11.2.10-20210118042150283 allows a remote attacker to import and overwrite the entire application configuration. Specifically, in /ui/rest-proxy/entity/import, neither the X-CSRF-NONCE HTTP header nor the CSRF-NONCE cookie...

8.1CVSS6AI score0.00187EPSS
Exploits0References1
CVE
CVE
added 2026/03/03 12:0 a.m.14 views

CVE-2021-35486

CVE-2021-35486 affects Nokia IMPACT up to version 19.11.2.10-20210118042150283. The issue is a CSRF vulnerability in the /ui/rest-proxy/entity/import endpoint where neither the X-CSRF-NONCE header nor the CSRF-NONCE cookie is validated, allowing a remote attacker to import and overwrite the entir...

8.1CVSS6AI score0.00187EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/03 12:0 a.m.2 views

CVE-2021-35486

A Cross-Site Request Forgery CSRF vulnerability in Nokia IMPACT through 19.11.2.10-20210118042150283 allows a remote attacker to import and overwrite the entire application configuration. Specifically, in /ui/rest-proxy/entity/import, neither the X-CSRF-NONCE HTTP header nor the CSRF-NONCE cookie...

6AI score0.00187EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/03 12:0 a.m.4 views

CVE-2021-35486

A Cross-Site Request Forgery CSRF vulnerability in Nokia IMPACT through 19.11.2.10-20210118042150283 allows a remote attacker to import and overwrite the entire application configuration. Specifically, in /ui/rest-proxy/entity/import, neither the X-CSRF-NONCE HTTP header nor the CSRF-NONCE cookie...

8.1CVSS6AI score0.00187EPSS
Exploits0References4
OSV
OSV
added 2026/02/19 8:27 p.m.4 views

GHSA-97RM-XJ73-33JH eBay API MCP Server Affected by Environment Variable Injection

The ebaysetusertokens tool allows updating the .env file with new tokens. The updateEnvFile function in src/auth/oauth.ts blindly appends or replaces values without validating them for newlines or quotes. This allows an attacker to inject arbitrary environment variables into the configuration fil...

8.3CVSS6AI score0.00361EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/01/20 5:21 p.m.13 views

esm.sh has a path traversal in extractPackageTarball enables file writes from malicious packages

Summary The commit does not actually fix the path traversal bug. path.Clean basically normalizes a path but does not prevent absolute paths in a malicious tar file. PoC This test file can demonstrate the basic idea pretty easily: go package server import "archive/tar" "bytes" "compress/gzip"...

8.7CVSS6.2AI score0.00476EPSS
Exploits1References7Affected Software1
Rows per page
Query Builder