Lucene search
K

2980 matches found

Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.22 views

PT-2026-50534

Name of the Vulnerable Software and Affected Versions Network-AI versions prior to 5.7.2 Description The MCP SSE server allows unauthenticated cross-origin MCP tool invocation because the server defaults to an empty secret and the isAuthorized function returns true when the secret is empty. While...

9.1CVSS5.2AI score0.00297EPSS
Exploits0References8
NVD
NVD
added 2026/06/16 3:16 p.m.14 views

CVE-2025-11694

A security issue exists within 1769 CompactLogix controllers due to the missing validation of sequence numbers and source IP addresses in the CIP protocol. This allows attacker to abuse the exposed Connection ID’s visible on the web interface to perform denial-of-service attacks, resulting in...

8.7CVSS0.0017EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/16 1:39 p.m.6 views

CVE-2025-11694 Rockwell Automation CompactLogix 5370 Controllers – Multiple Vulnerabilities

A security issue exists within 1769 CompactLogix controllers due to the missing validation of sequence numbers and source IP addresses in the CIP protocol. This allows attacker to abuse the exposed Connection ID’s visible on the web interface to perform denial-of-service attacks, resulting in...

8.7CVSS5.3AI score0.0017EPSS
Exploits0References1
OSV
OSV
added 2026/06/16 11:48 a.m.5 views

BIT-MONGODB-2026-9735 Keyfile contents are in MongoDB Server logs

MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log without redaction...

6.8CVSS5.4AI score0.00119EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/15 5:17 p.m.9 views

Directory Traversal

Overview vite is a Native-ESM powered web dev build tool Affected versions of this package are vulnerable to Directory Traversal due to improper checks for file system paths on Windows platforms in isFileLoadingAllowed function. An attacker can obtain sensitive file contents by bypassing path...

8.2CVSS6.5AI score0.00393EPSS
Exploits1References2
NVD
NVD
added 2026/06/15 8:16 a.m.15 views

CVE-2026-8386

The WP Go Maps WordPress plugin before 10.0.10 does not perform any approval-state filtering on its public single-marker REST endpoint, allowing unauthenticated users to retrieve marker records that an administrator has not yet approved for public display, including any PII placed in the address...

5.3CVSS0.00225EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 3:45 a.m.8 views

CVE-2026-12216 svaarala duktape duk_api_bytecode.c memory corruption

A weakness has been identified in svaarala duktape up to 2.99.99. This issue affects some unknown processing of the file dukapibytecode.c. Executing a manipulation of the argument countinstr can lead to memory corruption. The attack requires local access. The exploit has been made available to th...

5.3CVSS5.5AI score0.00112EPSS
Exploits0References5
CVE
CVE
added 2026/06/13 5:36 p.m.45 views

CVE-2026-12183

CVE-2026-12183 affects Nefteprodukttekhnika BUK TS-G Gas Station Automation System versions 2.9.1–2.10.2 on Linux. The vulnerability is an improper authentication (CWE-287) in the system configuration module: the /php/ajax-login.php endpoint can return userid=1 (administrator) for any HTTP POST w...

9.8CVSS5.7AI score0.00548EPSS
Exploits0References4
NVD
NVD
added 2026/06/13 7:16 a.m.16 views

CVE-2026-9109

The GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API Translation Storage in all versions up to, and including, 2.31 due to insufficient input sanitization and output escaping...

7.2CVSS0.00316EPSS
Exploits0References12
EUVD
EUVD
added 2026/06/13 5:32 a.m.14 views

EUVD-2026-36642

The GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API Translation Storage in all versions up to, and including, 2.31 due to insufficient input sanitization and output escaping...

7.2CVSS5.6AI score0.00316EPSS
Exploits0References12
NVD
NVD
added 2026/06/12 8:16 p.m.15 views

CVE-2026-42604

Actual is a local-first personal finance tool. The POST /openid/config endpoint in Actual Budget's sync-server versions = 26.4.0 exposes the full OpenID Connect configuration—including the OAuth2 clientsecret—to any caller who knows the bootstrap password. The endpoint also lacks authentication a...

9.1CVSS0.004EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 6:24 p.m.14 views

CVE-2026-50099

CVE-2026-50099 affects Naxclow IoT platform firmware. During WiFi association, the device prints host network SSID, PSK, and negotiated WPA keys in cleartext to an exposed UART console on production hardware. UART pads are labeled, run with default serial settings, and drop to an interactive RT-T...

5.1CVSS5.3AI score0.00171EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 6:24 p.m.34 views

CVE-2026-50099 Naxclow IoT Platform Insertion of sensitive information into Externally-Accessible file or directory

During WiFi association, Naxclow device firmware prints the host network’s SSID, PSK, and negotiated WPA keys in cleartext to an exposed UART console on production hardware. The UART pads are labeled, run with default serial settings, and drop to an interactive RT-Thread shell that permits...

5.1CVSS0.00171EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 6:17 p.m.30 views

CVE-2026-42932 Naxclow IoT Platform Generation of Predictable Numbers or Identifiers

Naxclow device identifiers use fixed manufacturing prefixes combined with sequential counters, producing a fully predictable and enumerable identifier space. Because the platform also exposes an endpoint that reveals the current identifier high-water mark, the active fleet can be enumerated...

6.9CVSS0.00233EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 6:11 p.m.9 views

CVE-2026-47236 Solidtime team page exposes pending invitation and member emails to employees who lack invitations:view/members:view permission

Solidtime is an open-source time-tracking app. Prior to version 0.12.2, Solidtime defines an explicit invitations:view and members:view permissions that gates the official invitations and members API. The Jetstream web team page authorizes access with only belongsToTeam and then loads and...

4.3CVSS5.2AI score0.00183EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 7:16 a.m.18 views

CVE-2026-12060

Heptabase developed by Hepta Platforms has a Exposed Dangerous Method or Function vulnerability, allowing unauthenticated remote attackers to leverage social engineering techniques to trick a victim into opening or loading a malicious webpage within the Heptabase application, thereby gaining...

6.9CVSS0.00313EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/06/11 5:43 p.m.74 views

Systems-and-Cyber-Security-Coursework

CSI6SCS2526 — Systems and Cyber Security Coursework Gr...

9.8CVSS8.7AI score0.9923EPSS
Exploits58
Github Security Blog
Github Security Blog
added 2026/06/11 1:28 p.m.13 views

Meta Ads MCP: Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token

Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token | Field | Value | | ---------------- | ----- | | Repository | pipeboard-co/meta-ads-mcp | | Affected version | ≤ 1.0.101 commit 496c988 7d14226; Versions 1.0.102–1.0.105 lack git tags, so patch status is unconfirmed. | |...

5.8AI score0.0013EPSS
Exploits0References3Affected Software1
Malwarebytes
Malwarebytes
added 2026/06/11 11:31 a.m.26 views

VRChat says reported data breach never happened

A data breach notice has been filed with the Maine Attorney General, saying more than 2.4 million users of VRChat have had their data breached. The question is, was it VRChat who filed the breach notice, or did someone pretending to represent the company post it instead? On Reddit, a VRChat...

5.4AI score
Exploits0
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.13 views

Cerebrate 信息泄露漏洞

Cerebrate is an open-source platform developed by Cerebrate. It aims to act as an interconnected coordinator for trusted contact information providers and other security tools. Prior to version 1.37 of Cerebrate, there was a vulnerability involving information leakage, which stemmed from exposing...

5.1CVSS5.3AI score0.00242EPSS
Exploits0References1
Rows per page
Query Builder