Lucene search
+L

15370 matches found

Nuclei
Nuclei
added 9 hours ago18 views

Jan v0.4.12 - Arbitrary File Upload

An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file. id: CVE-2024-36858 info: name: Jan v0.4.12 - Arbitrary File Upload author: pussycat0x severity: critical description: | An arbitrar...

9.8CVSS6AI score0.0306EPSS
Exploits1References1
Nuclei
Nuclei
added 9 hours ago89 views

VvvebJs < 1.7.5 - Arbitrary File Upload

Arbitrary File Upload vulnerability in VvvebJs before version 1.7.5, allows unauthenticated remote attackers to execute arbitrary code and obtain sensitive information via the sanitizeFileName parameter in save.php. id: CVE-2024-29272 info: name: VvvebJs 1.7.5 - Arbitrary File Upload author: s4e-...

6.5CVSS6AI score0.09366EPSS
Exploits2References4
Nuclei
Nuclei
added 9 hours ago103 views

mooSocial v.3.1.8 - Cross-Site Scripting

Cross-Site Scripting XSS vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the mode parameter of the invite friend login function. id: CVE-2023-44813 info: name: mooSocial v.3.1.8 - Cross-Site Scripting author: ritikchaddha severity:...

6.1CVSS6.8AI score0.01754EPSS
Exploits1References3
EUVD
EUVD
added yesterday5 views

EUVD-2026-44981

A potential out of bounds write vulnerability could allow a local privileged attacker to execute code in System Management Mode...

6.8CVSS6.2AI score
Exploits0References1
EUVD
EUVD
added yesterday5 views

EUVD-2026-44977

A potential vulnerability was reported in Lenovo App Store, distributed exclusively in the Chinese market, that could allow a local authenticated user to execute arbitrary code with elevated privileges...

7.3CVSS6.3AI score
Exploits0References1
Nuclei
Nuclei
added yesterday73 views

Jenkins build-metrics 1.3 - Cross-Site Scripting

Jenkins build-metrics 1.3 is vulnerable to a reflected cross-site scripting vulnerability that allows attackers to inject arbitrary HTML and JavaScript into the web pages the plugin provides. id: CVE-2019-10475 info: name: Jenkins build-metrics 1.3 - Cross-Site Scripting author: madrobot severity...

6.1CVSS6.5AI score0.57735EPSS
Exploits5References5
OSV
OSV
added 2 days ago3 views

CVE-2026-45805 Penpot: MCP REPL server binds to 0.0.0.0 with unauthenticated /execute endpoint — RCE

Penpot is an open-source design tool for design and code collaboration. Prior to 2.15.0, Penpot MCP's mcp/packages/server/src/ReplServer.ts bound the ReplServer to 0.0.0.0:4403 and exposed an unauthenticated /execute endpoint that passed the code field to PluginBridge.executePluginTask, allowing...

8.8CVSS6.2AI score0.00229EPSS
Exploits0References6
CVE
CVE
added 2 days ago25 views

CVE-2026-45805

Penpot MCP ReplServer exposes an unauthenticated /execute endpoint and binds to 0.0.0.0 (all interfaces), enabling remote JavaScript execution on the server. The issue is implemented in mcp/packages/server/src/ReplServer.ts by listening without a host (default 0.0.0.0) and posting code to PluginB...

8.8CVSS6.2AI score0.00229EPSS
Exploits0References4
NVD
NVD
added 2 days ago3 views

CVE-2026-56352

n8n before 2.19.3 contains a file path restriction bypass in the legacy ExecuteWorkflow node's localFile source option, which reads workflow files from disk without the file-access checks enforced by other file-reading nodes. Although hidden from the UI since v1.2, it remains reachable via the RE...

6.4CVSS0.00248EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago30 views

CVE-2026-56352 n8n - Arbitrary File Read and Execution via ExecuteWorkflow localFile Parameter

n8n before 2.19.3 contains a file path restriction bypass in the legacy ExecuteWorkflow node's localFile source option, which reads workflow files from disk without the file-access checks enforced by other file-reading nodes. Although hidden from the UI since v1.2, it remains reachable via the RE...

6.4CVSS0.00248EPSS
Exploits0References2
OSV
OSV
added 2 days ago4 views

CVE-2026-56352 n8n - Arbitrary File Read and Execution via ExecuteWorkflow localFile Parameter

n8n before 2.19.3 contains a file path restriction bypass in the legacy ExecuteWorkflow node's localFile source option, which reads workflow files from disk without the file-access checks enforced by other file-reading nodes. Although hidden from the UI since v1.2, it remains reachable via the RE...

5.3CVSS6.2AI score0.00248EPSS
Exploits0References4
NVD
NVD
added 3 days ago8 views

CVE-2026-15751

A security vulnerability has been detected in mastergo-design mastergo-magic-mcp up to 0.2.0. The affected element is the function execute of the file mastergo/component-workflow.md of the component mcpgetComponentGenerator. The manipulation of the argument rootPath leads to path traversal. An...

5.3CVSS0.0014EPSS
Exploits0References6
CVE
CVE
added 3 days ago8 views

CVE-2026-15751

CVE-2026-15751 affects the mastergo-design mastergo-magic-mcp component set up to version 0.2.0. The vulnerability targets the execute function in mastergo/component-workflow.md for mcp__getComponentGenerator, where manipulation of the rootPath argument enables path traversal. Exploitation is loc...

5.3CVSS5.8AI score0.0014EPSS
Exploits0References6
Cvelist
Cvelist
added 3 days ago35 views

CVE-2026-15751 mastergo-design mastergo-magic-mcp mcp__getComponentGenerator component-workflow.md execute path traversal

A security vulnerability has been detected in mastergo-design mastergo-magic-mcp up to 0.2.0. The affected element is the function execute of the file mastergo/component-workflow.md of the component mcpgetComponentGenerator. The manipulation of the argument rootPath leads to path traversal. An...

5.3CVSS0.0014EPSS
Exploits0References6
OSV
OSV
added 3 days ago4 views

CVE-2026-15751 mastergo-design mastergo-magic-mcp mcp__getComponentGenerator component-workflow.md execute path traversal

A security vulnerability has been detected in mastergo-design mastergo-magic-mcp up to 0.2.0. The affected element is the function execute of the file mastergo/component-workflow.md of the component mcpgetComponentGenerator. The manipulation of the argument rootPath leads to path traversal. An...

4.8CVSS5.8AI score0.0014EPSS
Exploits0References8
OSV
OSV
added 3 days ago3 views

CVE-2026-15749 mastergo-design mastergo-magic-mcp mcp__C2d get-c2d.ts execute path traversal

A security flaw has been discovered in mastergo-design mastergo-magic-mcp up to 0.2.0. This issue affects the function execute of the file src/tools/get-c2d.ts of the component mcpC2d. Performing a manipulation of the argument filePath results in path traversal. The attack requires a local...

4.8CVSS5.9AI score0.0014EPSS
Exploits0References8
NVD
NVD
added 3 days ago6 views

CVE-2026-53633

Vitest is a testing framework powered by Vite. From 3.0.0 until 3.2.5, 4.1.8, and 5.0.0-beta.4, Vitest Browser Mode exposed a cdp API that forwarded raw Chrome DevTools Protocol methods without being gated by allowWrite or allowExec, allowing a remote client with exposed browser API metadata to u...

9.8CVSS0.00585EPSS
Exploits0References10
NVD
NVD
added 3 days ago6 views

CVE-2026-48371

Adobe Commerce is affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerabl...

5.4CVSS0.00182EPSS
Exploits0References1
NVD
NVD
added 3 days ago5 views

CVE-2026-50426

Relative path traversal in DNS Server allows an authorized attacker to execute code over an adjacent network...

6.8CVSS0.00367EPSS
Exploits0References1
CVE
CVE
added 3 days ago36 views

CVE-2026-54999

The CVE-2026-54999 entry concerns a race condition in Windows TCP/IP where concurrent access to a shared resource allows an unauthorized attacker on an adjacent network to execute code. Documented impact is remote code execution with high severity (CVSSv3.1: AV=A, AC=L, PR=N, UI=N, S=U, C=H, I=H,...

8.8CVSS6.3AI score0.00298EPSS
Exploits0References1
Rows per page
Query Builder