Lucene search
K

4 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/29 5:7 p.m.8 views

CVE-2026-47125

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.2, the PUT /api/environments/id/templates/variables endpoint, which writes the system-wide .env.global file used for variable substitution in every project's compose file, is missing an admin...

8.8CVSS5.8AI score0.00245EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/04/16 10:16 p.m.7 views

CVE-2026-33472

Cryptomator is an open-source client-side encryption application for cloud storage. Version 1.19.1 contains a logic flaw in CheckHostTrustController.getAuthority that allows an attacker to bypass the security fix for CVE-2026-32303. The method hardcodes the URI scheme based on port number, causin...

4.8CVSS0.00106EPSS
Exploits1References3
OSV
OSV
added 2026/03/18 9:25 p.m.6 views

CVE-2026-32722 Memray-generated HTML reports vulnerable to Stored XSS via unescaped command-line metadata

Memray is a memory profiler for Python. Prior to Memray 1.19.2, Memray rendered the command line of the tracked process directly into generated HTML reports without escaping. Because there was no escaping, attacker-controlled command line arguments were inserted as raw HTML into the generated...

3.6CVSS6AI score0.00302EPSS
Exploits2References5
OSV
OSV
added 2025/08/19 8:41 p.m.15 views

GHSA-35C5-67FM-CPCP WP Crontrol Authenticated (Administrator+) plugin vulnerable to Blind Server-Side Request Forgery

Impact The WP Crontrol plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in versions 1.17.0 to 1.19.1 via the wpremoterequest function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations...

5.1CVSS7AI score0.00323EPSS
Exploits0References4
Rows per page
Query Builder