Lucene search
K

219901 matches found

NVD
NVD
added 2026/04/30 1:16 a.m.5 views

CVE-2026-7468

A security vulnerability has been detected in 1024-lab smart-admin up to 3.30.0. This affects an unknown function of the file /smart-admin-api/druid/index.html of the component Demo Site. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has bee...

7.5CVSS0.00356EPSS
Exploits0References5
CVE
CVE
added 2026/04/30 1:0 a.m.10 views

CVE-2026-7468

The CVE covers 1024-lab smart-admin up to version 3.30.0, affecting an unknown function in /smart-admin-api/druid/index.html of the Demo Site. The issue enables improper access controls via a remote attack, with a publicly disclosed exploit and a PROOF-OF-CONCEPT status in the metrics. Affected p...

7.5CVSS6.9AI score0.00356EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/30 1:0 a.m.3 views

CVE-2026-7468 1024-lab smart-admin Demo Site index.html access control

A security vulnerability has been detected in 1024-lab smart-admin up to 3.30.0. This affects an unknown function of the file /smart-admin-api/druid/index.html of the component Demo Site. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has bee...

7.5CVSS6.9AI score0.00356EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.8 views

chartbrew 访问控制错误漏洞

Chartbrew is an open-source data visualization and dashboard building tool developed by Chartbrew. Version 4.9.0 of Chartbrew contains a access control vulnerability. This vulnerability arises from a legacy dashboard routing mechanism that bypasses project-level authorization, returning original...

6.5CVSS5.8AI score0.00241EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.9 views

FreeBSD 安全漏洞

FreeBSD is a Unix-like operating system developed by the FreeBSD Foundation. FreeBSD has security vulnerabilities; these vulnerabilities stem from incorrect packet validation, which leads to infinite recursion when parsing SCTP block parameters. This can result in stack overflows and crashes...

7.5CVSS5.8AI score0.00432EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.10 views

chartbrew 访问控制错误漏洞

Chartbrew is an open-source data visualization and dashboard-building tool developed by Chartbrew. Version 4.9.0 of Chartbrew contains a security vulnerability related to access control. This vulnerability arises from the endpoint POST /user/invited, which does not validate any invitation tokens,...

6.5CVSS5.8AI score0.00243EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.11 views

IBM Langflow Desktop 安全漏洞

IBM Langflow Desktop is a desktop application for AI process orchestration developed by IBM. Versions 1.0.0 to 1.8.4 of IBM Langflow Desktop contain security vulnerabilities. These vulnerabilities stem from indirect object references using user control keys, which may allow unauthenticated users ...

7.5CVSS5.8AI score0.0034EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.9 views

MeWare PDKS 安全漏洞

MeWare PDKS is a personnel management system for enterprise attendance and access control developed by the Turkish company MeWare. Versions of MeWare PDKS from V16.20200313 to VMYR3.5.2025117 contained security vulnerabilities. These vulnerabilities stemmed from bypassing authorization using user...

8.1CVSS5.8AI score0.00327EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.9 views

chartbrew 访问控制错误漏洞

Chartbrew is an open-source data visualization and dashboard-building tool developed by Chartbrew. Version 4.9.0 of Chartbrew contains a access control vulnerability. This vulnerability arises from the fact that multiple dataset and data request endpoints are authorized only to project members wi...

8.1CVSS5.8AI score0.00235EPSS
Exploits0References1
Amazon
Amazon
added 2026/04/30 12:0 a.m.12 views

Important: python3.14

Issue Overview: When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters. CVE-2026-0672 The fix for CVE-2026-0672, which rejected control characters...

9.1CVSS4.7AI score0.00621EPSS
Exploits0
Amazon
Amazon
added 2026/04/30 12:0 a.m.14 views

Important: python3.12

Issue Overview: The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output...

9.1CVSS4.7AI score0.00621EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.6 views

RHEL 8 : ovn23.06 (RHSA-2026:11695)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:11695 advisory. OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add...

8.6CVSS5.5AI score0.00868EPSS
Exploits0References7
Packet Storm
Packet Storm
added 2026/04/30 12:0 a.m.92 views

📄 LiteLLM 1.83.0 Insecure Direct Object Reference

LiteLLM exposes a /config/update API endpoint that allows administrators to make configuration changes to the instance. Due to a missing authorization check, low-privileged users can access this endpoint without restriction. An attacker with a low-privileged account can exploit this to exfiltrate...

8.8CVSS5.5AI score0.26409EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
added 2026/04/30 12:0 a.m.7 views

WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability

WebPros cPanel & WHM WebHost Manager and WP2 WordPress Squared contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel...

9.8CVSS5.5AI score0.981EPSS
In wildExploits64
OSV
OSV
added 2026/04/29 11:16 p.m.7 views

DEBIAN-CVE-2026-7381

Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting. Plack::Middleware::XSendfile allows the variation setting sendfile type to be set by the client via the X-Sendfile-Type header, if it is not considered in the middleware constructor or the...

9.1CVSS5.6AI score0.00442EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/29 10:13 p.m.3 views

EUVD-2026-26296

Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting. Plack::Middleware::XSendfile allows the variation setting sendfile type to be set by the client via the X-Sendfile-Type header, if it is not considered in the middleware constructor or the...

5.8CVSS5.3AI score0.00442EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/29 9:8 p.m.6 views

SQL Injection

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to SQL Injection via the Limit field in the Oracle Database node when user-controlled input is passed through expressions without proper sanitization or parameterization. An attacker can execute...

9.8CVSS6.1AI score0.00327EPSS
Exploits0References2
NVD
NVD
added 2026/04/29 7:16 p.m.9 views

CVE-2026-7439

AgentFlow's local web API accepts non-JSON content types on POST /api/runs and POST /api/runs/validate endpoints without enforcing application/json validation, allowing attackers to bypass trust-boundary enforcement on sensitive operations. Attackers can exploit this content-type validation...

4.8CVSS0.00089EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/29 6:36 p.m.5 views

CVE-2026-7423 Integer Underflow in ICMP Echo Reply Processing in FreeRTOS-Plus-TCP

Integer underflow in the ICMP and ICMPv6 echo reply handlers in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network user to cause a denial of service device crash when outgoing ping support is enabled, because header sizes are subtracted from a packet length field without...

6CVSS5.2AI score0.00221EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/04/29 6:20 p.m.115 views

watchTowr-vs-cPanel-WHM-AuthBypass-to-RCE.py

cve-2026-41940 cPanel/WHM Authentication Bypass - Detection Ar...

9.8CVSS5.4AI score0.981EPSS
Exploits64
Rows per page
Query Builder