Lucene search
+L

9477 matches found

nuclei
nuclei
added 10 hours ago34 views

Plone Docker - Host Header Injection

Plone Docker Official Image 5.2.13 5221 is vulnerable to Host Header Injection due to improper validation of input by the HOST headers. This can lead to Cross-Site Scripting XSS attacks when the malicious Host header value is reflected in the response. id: CVE-2024-23055 info: name: Plone Docker ...

6.1CVSS6.8AI score0.00911EPSS
Exploits1References3
nuclei
nuclei
added 10 hours ago149 views

H3C SSL VPN <=2022-07-10 - Cross-Site Scripting

H3C SSL VPN 2022-07-10 and prior contains a cookie-based cross-site scripting vulnerability in wnm/login/login.json svpnlang. id: CVE-2022-35416 info: name: H3C SSL VPN =2022-07-10 - Cross-Site Scripting author: 0x240x23elu severity: medium description: | H3C SSL VPN 2022-07-10 and prior contains...

6.1CVSS6.4AI score0.02886EPSS
Exploits1References5
nvd
nvd
added yesterday5 views

CVE-2026-50562

FastGPT is a knowledge-based AI application platform. At commit 22ebfacbb43311e9b73294040ae0eb87390c6bba and earlier, artifacts built from untrusted pull request code in .github/workflows/preview-docs-build.yml and .github/workflows/preview-fastgpt-build.yml can be downloaded by privileged...

9.3CVSS0.00012EPSS
Exploits0References1
euvd
euvd
added yesterday4 views

EUVD-2026-44749

FastGPT is a knowledge-based AI application platform. At commit 22ebfacbb43311e9b73294040ae0eb87390c6bba and earlier, artifacts built from untrusted pull request code in .github/workflows/preview-docs-build.yml and .github/workflows/preview-fastgpt-build.yml can be downloaded by privileged...

9.3CVSS6.1AI score0.00012EPSS
Exploits0References1
attackerkb
attackerkb
added yesterday3 views

CVE-2026-50562

FastGPT is a knowledge-based AI application platform. At commit 22ebfacbb43311e9b73294040ae0eb87390c6bba and earlier, artifacts built from untrusted pull request code in .github/workflows/preview-docs-build.yml and .github/workflows/preview-fastgpt-build.yml can be downloaded by privileged...

9.3CVSS6.1AI score0.00012EPSS
Exploits0References2
cve
cve
added yesterday4 views

CVE-2026-50562

CVE-2026-50562 describes a supply-chain risk in FastGPT where, at commit 22ebfacbb43311e9b73294040ae0eb87390c6bba and earlier, artifacts built from untrusted PR code in .github/workflows/preview-docs-build.yml and .github/workflows/preview-fastgpt-build.yml can be downloaded by privileged workflo...

9.3CVSS6.1AI score0.00012EPSS
Exploits0References1
cvelist
cvelist
added yesterday26 views

CVE-2026-50562 FastGPT: Untrusted PR artifacts are pushed and deployed by privileged preview workflows

FastGPT is a knowledge-based AI application platform. At commit 22ebfacbb43311e9b73294040ae0eb87390c6bba and earlier, artifacts built from untrusted pull request code in .github/workflows/preview-docs-build.yml and .github/workflows/preview-fastgpt-build.yml can be downloaded by privileged...

9.3CVSS0.00012EPSS
Exploits0References1
nvd
nvd
added 2 days ago4 views

CVE-2026-59891

sigstore-js provides JavaScript libraries for interacting with Sigstore services. Prior to 0.7.1, getRegistryCredentials reads credentials from the Docker config file and selects an entry by checking whether any configured auth key contains the target registry string. Because this is a substring...

9.6CVSS0.00321EPSS
Exploits0References3
cve
cve
added 2 days ago4 views

CVE-2026-59891

The CVE-2026-59891 entry concerns sigstore-js prior to 0.7.1. getRegistryCredentials() reads Docker config credentials and selects an entry by substring match of the target registry, which can cause credentials for one registry to be sent to a different registry whose hostname has a matching subs...

9.6CVSS6.1AI score0.00321EPSS
Exploits0References3
nvd
nvd
added 2 days ago5 views

CVE-2026-11403

A vulnerability in Sonatype Nexus Repository Manager's format-specific API key generation may allow a remote attacker to gain unauthorized access to repository operations as a targeted user. A format-specific API key realm NuGet API Key, Docker Bearer Token, or npm Bearer Token must be enabled an...

8.7CVSS0.00349EPSS
Exploits0References2
nvd
nvd
added 4 days ago14 views

CVE-2026-56259

Crawl4AI before 0.8.8 contains credential exfiltration vulnerabilities in the Docker API server that allow attackers to redirect LLM API calls to attacker-controlled endpoints and read arbitrary environment variables. Attackers can exploit the unauthenticated /md, /llm, and /llm/job endpoints by...

8.8CVSS0.00254EPSS
Exploits0References2
nvd
nvd
added 4 days ago6 views

CVE-2026-56260

Crawl4AI before 0.8.7 contains an arbitrary file write vulnerability in the Docker API server's /screenshot and /pdf endpoints. The outputpath parameter accepts arbitrary filesystem paths without validation, allowing an attacker to supply absolute or path-traversal values to write to any location...

9.1CVSS0.00421EPSS
Exploits0References3
euvd
euvd
added 4 days ago11 views

EUVD-2026-43227

Crawl4AI before 0.8.7 contains an arbitrary file write vulnerability in the Docker API server's /screenshot and /pdf endpoints. The outputpath parameter accepts arbitrary filesystem paths without validation, allowing an attacker to supply absolute or path-traversal values to write to any location...

9.1CVSS6.2AI score0.00421EPSS
Exploits0References3
cve
cve
added 4 days ago18 views

CVE-2026-56260

CVE-2026-56260 affects Crawl4AI

9.1CVSS6.2AI score0.00421EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 4 days ago27 views

CVE-2026-56260 Crawl4AI - Arbitrary File Write via output_path Parameter

Crawl4AI before 0.8.7 contains an arbitrary file write vulnerability in the Docker API server's /screenshot and /pdf endpoints. The outputpath parameter accepts arbitrary filesystem paths without validation, allowing an attacker to supply absolute or path-traversal values to write to any location...

9.1CVSS0.00421EPSS
Exploits0References3
osv
osv
added 4 days ago4 views

CVE-2026-56260 Crawl4AI - Arbitrary File Write via output_path Parameter

Crawl4AI before 0.8.7 contains an arbitrary file write vulnerability in the Docker API server's /screenshot and /pdf endpoints. The outputpath parameter accepts arbitrary filesystem paths without validation, allowing an attacker to supply absolute or path-traversal values to write to any location...

8.8CVSS6.2AI score0.00421EPSS
Exploits0References5
osv
osv
added 4 days ago3 views

CVE-2026-56259 Crawl4AI - LLM Credential Exfiltration via base_url and Environment Variable Resolution

Crawl4AI before 0.8.8 contains credential exfiltration vulnerabilities in the Docker API server that allow attackers to redirect LLM API calls to attacker-controlled endpoints and read arbitrary environment variables. Attackers can exploit the unauthenticated /md, /llm, and /llm/job endpoints by...

8.8CVSS6.2AI score0.00254EPSS
Exploits0References4
cve
cve
added 4 days ago16 views

CVE-2026-56259

CVE-2026-56259 affects Crawl4AI prior to 0.8.8. A credential-exfiltration vulnerability exists in the Docker API server that lets an attacker redirect LLM API calls to attacker-controlled endpoints and read environment variables. By targeting unauthenticated endpoints /md, /llm, and /llm/job and ...

8.8CVSS6.2AI score0.00254EPSS
Exploits0References2Affected Software1
euvd
euvd
added 4 days ago6 views

EUVD-2026-43226

Crawl4AI before 0.8.8 contains credential exfiltration vulnerabilities in the Docker API server that allow attackers to redirect LLM API calls to attacker-controlled endpoints and read arbitrary environment variables. Attackers can exploit the unauthenticated /md, /llm, and /llm/job endpoints by...

8.8CVSS6.2AI score0.00254EPSS
Exploits0References2
ptsecurity
ptsecurity
added 4 days ago9 views

PT-2026-57551

Name of the Vulnerable Software and Affected Versions Crawl4AI versions prior to 0.8.7 Description An arbitrary file write issue exists in the Docker API server. The '/screenshot' and '/pdf' endpoints do not validate the output path parameter, which allows an attacker to use absolute paths or...

9.1CVSS6.2AI score0.00421EPSS
Exploits0References8
Rows per page
Query Builder