Lucene search
K

18052 matches found

ATTACKERKB
ATTACKERKB
added 4 days ago4 views

CVE-2026-6280

Exposure of sensitive information due to incompatible policies vulnerability in NOMYSOFT Informatics Education and Consulting Inc. Nomysem allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Nomysem: through 08072026. NOTE: The vendor was contacted early about this...

6.5CVSS5.9AI score0.00223EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-42128

Cap's GET /api/video/ai endpoint fails to validate user ownership or membership before returning private video AI metadata including titles, summaries, and chapters. Authenticated attackers can supply arbitrary video IDs to read sensitive AI-generated content and trigger unauthorized AI generatio...

7.1CVSS6AI score0.00216EPSS
Exploits0References6
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-42126

mem0's openmemory/api component contains an unauthenticated access vulnerability that allows unauthenticated attackers to read, write, and delete arbitrary user memories by accessing API routers registered without authentication middleware. Attackers can supply arbitrary userid parameters or...

9.8CVSS6AI score0.00498EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-42158

An issue in Oneblog V2.3.9 allows a remote attacker to obtain sensitive information via the RestApiController.java, JsApiTicketComponent.java, and the GetAccessTokenComponent.java component...

7.5CVSS6AI score0.0035EPSS
Exploits0References4
CVE
CVE
added 5 days ago9 views

CVE-2026-59708

Ghostfolio suffers an unauthorized data exposure via GET /api/v1/public/:accessId/portfolio. The endpoint accepts private access IDs without granteeUserId filtering, enabling unauthenticated retrieval of full portfolio data (holdings, quantities, buy prices, performance metrics). Impact is confid...

8.7CVSS6AI score0.00343EPSS
Exploits0References4
Nuclei
Nuclei
added 5 days ago59 views

Palo Alto Networks Expedition - OS Command Injection

An OS command injection vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to run arbitrary OS commands as the www-data user in Expedition, which results in the disclosure of usernames, cleartext passwords, device configurations, and device API keys for firewalls...

9.8CVSS7.4AI score0.77653EPSS
Exploits0References3
The Hacker News
The Hacker News
added 5 days ago23 views

Rogue Agent Flaw Could Have Let Attackers Hijack Google Dialogflow CX Chatbots

A critical flaw in Google's Dialogflow CX could have let an attacker with edit rights on one Code Block-enabled agent compromise other Code Block-enabled agents in the same Google Cloud project. From there, they could read live conversations, steal the data users shared, and make the bots send...

6.7AI score
Exploits0
AlpineLinux
AlpineLinux
added 5 days ago3 views

CVE-2026-48588

An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. UpdateCacheMiddleware and the cachepage decorator cache responses that vary on cookies when the incoming request carries unrelated cookies, which allows remote attackers to read private data from the shared cache. Earlier,...

5.3CVSS5.9AI score0.00375EPSS
Exploits0
CVE
CVE
added 5 days ago11 views

CVE-2026-48588

CVE-2026-48588 affects Django 6.0 before 6.0.7 and 5.2 before 5.2.16. The issue arises in UpdateCacheMiddleware and the cache_page() decorator, which cache responses that vary on cookies when unrelated cookies are present, allowing remote attackers to read private data from the shared cache. Earl...

5.3CVSS6AI score0.00375EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 5 days ago5 views

CVE-2026-48588

An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. UpdateCacheMiddleware and the cachepage decorator cache responses that vary on cookies when the incoming request carries unrelated cookies, which allows remote attackers to read private data from the shared cache. Earlier,...

5.3CVSS6AI score0.00375EPSS
Exploits0
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42043

An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. UpdateCacheMiddleware and the cachepage decorator cache responses that vary on cookies when the incoming request carries unrelated cookies, which allows remote attackers to read private data from the shared cache. Earlier,...

3.1CVSS6AI score0.00375EPSS
Exploits0References3
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-48588 Potential exposure of private data via cached Set-Cookie response

An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. UpdateCacheMiddleware and the cachepage decorator cache responses that vary on cookies when the incoming request carries unrelated cookies, which allows remote attackers to read private data from the shared cache. Earlier,...

3.1CVSS0.00375EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 6 days ago4 views

CVE-2026-9545

A flaw was found in libcurl. An attacker can exploit this by replacing a legitimate HTTP/3 server with an impostor machine. When libcurl attempts a second transfer to the same site with a cached SSL session and early data enabled, it may send sensitive request data before verifying the server's...

7.5CVSS5.6AI score0.00408EPSS
Exploits1References6
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-24971

mktemp: empty TMPDIR creates temp files in CWD instead of /tmp...

3.3CVSS5.9AI score0.00133EPSS
Exploits0References5
CVE
CVE
added 6 days ago11 views

CVE-2026-14898

The CVE affects the OpenAI Codex desktop app for macOS, where rendering remote images from Markdown in model responses can exfiltrate data. An indirect prompt injection in content (e.g., from connected tools or untrusted sources) could cause the model to construct a remote image URL containing se...

6.5CVSS6.1AI score0.00221EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-41860

An authenticated user could manipulate a company ID parameter in a POST request to the backend to gain unauthorised access to other companies hosted within the same subdomain environment. The application does not adequately verify whether the requested company ID belongs to the authenticated user...

9.3CVSS5.9AI score0.00309EPSS
Exploits0References1
CVE
CVE
added 6 days ago10 views

CVE-2026-12686

CVE-2026-12686 affects Adiss’s Biloop: an authenticated user can manipulate a company ID in a POST to the backend, bypassing cross-tenant authorization and gaining access to other companies’ data (including billing) and potentially modifying third-party data. Root cause is inadequate verification...

9.3CVSS5.9AI score0.00309EPSS
Exploits0References1
NVD
NVD
added 6 days ago8 views

CVE-2026-14808

Prog Management System developed by PROG MIS has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to view a specific page and obtain the database account and password...

9.8CVSS0.00507EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-41850

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery SSRF vulnerability in Apache Camel in Iggy component. The camel-iggy consumer mapped the user-headers of inbound Iggy messages into the Camel Exchange header map without applying any...

7.5CVSS6AI score0.00396EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-41849

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery SSRF vulnerability in Apache Camel in Atmosphere Websocket Component. The camel-atmosphere-websocket consumer mapped inbound WebSocket query parameters into the Camel Exchange header...

6AI score0.00536EPSS
Exploits0References1
Rows per page
Query Builder