Lucene search
+L

241 matches found

cve
cve
added yesterday9 views

CVE-2025-71388

CVE-2025-71388 affects stoatchat (delta/Revolt) versions from 20241213-1 up to before 20250210-1. The issue stems from the webhook fetch endpoint checking ViewChannel (read) instead of ManageWebhooks, allowing users with only channel read permission to retrieve the channel’s webhooks and their to...

7.6CVSS6.2AI score
Exploits0References3
cve
cve
added 2 days ago12 views

CVE-2026-56743

Cilium (versions 1.19.0–1.19.4) is affected where standard Kubernetes NetworkPolicy ipBlock rules without pod/namespace selectors, when configured with a non-default clusterName, can generate a wildcard namespace allow rule. The parser incorrectly creates a pod selector for selectorless peers, en...

5.4CVSS6.1AI score0.00158EPSS
Exploits0References6
attackerkb
attackerkb
added 2026/07/09 5:35 p.m.6 views

CVE-2026-59734

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, Coolify's app/Jobs/ApplicationDeploymentJob.php generatehealthcheckcommands function directly interpolated the healthcheckhost, healthcheckmethod, and healthcheckpath...

8.8CVSS6.2AI score0.00417EPSS
Exploits1References5Affected Software1
attackerkb
attackerkb
added 2026/07/07 3:1 a.m.7 views

CVE-2026-34198

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the TrustProxies middleware trusts all proxies $proxies = '', accepting X-Forwarded-Host from any source. The TrustHosts middleware, intended to prevent host header attacks...

5.3CVSS6AI score0.00139EPSS
Exploits0References5Affected Software1
cve
cve
added 2026/07/06 7:41 p.m.18 views

CVE-2026-55646

CVE-2026-55646 (vLLM) affects vLLM versions 0.22.0–0.23.0. The routes /v1/audio/transcriptions and /v1/audio/translations call request.file.read() to fully materialize an uploaded audio file before enforcing the documented size limit (default 25 MB). This can cause the server to allocate memory p...

6.5CVSS6AI score0.00289EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2026/07/06 7:19 p.m.35 views

CVE-2026-58402 Hugo default code block renderer XSS via unescaped code-fence language

Hugo is a static site generator. From 0.60.0 until 0.163.3, Hugo's default code-block renderer wrote the Markdown code-fence language or info-string into the code class="language-…" data-lang="…" wrapper without HTML escaping. A fence info-string containing a quote and a script payload breaks out...

5.1CVSS0.00172EPSS
Exploits0References4
vulncheck_kev
vulncheck_kev
added 2026/06/26 12:0 a.m.30 views

VulnCheck KEV: CVE-2026-55255

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, an Insecure Direct Object Reference IDOR vulnerability in /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in...

9.9CVSS5.8AI score0.0056EPSS
In wildExploits2References2
cve
cve
added 2026/06/24 8:26 p.m.21 views

CVE-2026-52816

Gogs exposes an unauthenticated REST endpoint POST /-/api/sanitize_ipynb that uses bluemonday.UGCPolicy with AllowURLSchemes("data"), allowing all data: URIs (including data:text/html). This enables a registered user to craft payloads that survive sanitization and execute XSS when rendered in oth...

6.4CVSS6AI score0.00677EPSS
Exploits0References4
osv
osv
added 2026/06/24 7:24 p.m.4 views

CVE-2026-27708 FOSSBilling: IDOR in Servicecustom Client API allows cross-client data access

FOSSBilling is a free, open-source billing and client management system. In versions 0.7.2 and prior, the Servicecustom Client API's call method accepts an orderid parameter and fetches the associated order without verifying the authenticated client owns it, potentially exposing cross-client data...

7.1CVSS5.9AI score0.00265EPSS
Exploits0References4
cve
cve
added 2026/06/24 5:42 p.m.34 views

CVE-2026-44016

Docling (Python SDK) versions 2.82.0–2.90.x are affected when the HTML backend is explicitly enabled for rendering. The Playwright-based rendering had a vulnerability that could allow JavaScript execution and unrestricted network access in the rendering context for untrusted HTML, enabling potent...

8.2CVSS6.7AI score0.00384EPSS
Exploits0References5Affected Software1
astralinux
astralinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, an unvalidated authlength field read from the network triggered a WINPRASSERT failure in rtsreadauthverifiernochecks, causing any FreeRDP client connecting through a malicious RDP Gateway to crash with...

6.5CVSS6AI score0.00271EPSS
Exploits1References3
nvd
nvd
added 2026/06/23 9:16 p.m.8 views

CVE-2026-47380

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, sign-in response timing differed between known and unknown email addresses because the unknown-user branch returned without performing a password hash comparison. This vulnerability is fixed in 2026.04.1...

6.3CVSS0.00197EPSS
Exploits0References1
debiancve
debiancve
added 2026/06/22 8:53 p.m.13 views

CVE-2026-54911

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.13.0, ujson.dumps or ujson.dump or ujson.encode have a rejectbytes=False option. When set, they may accept malformed or truncated UTF-8 byte sequences, silently rewriting them into different...

6.5CVSS5.8AI score0.00272EPSS
Exploits0
github
github
added 2026/06/22 5:11 p.m.11 views

motionEye's World-Readable Configuration File Exposes Admin Password Hash

Security Advisory: World-Readable Configuration File Exposes Admin Password Hash in motionEye Summary motionEye v0.43.1 and prior versions create the configuration file /etc/motioneye/motion.conf with 644 permissions -rw-r--r--, making it readable by any local user on the system. This file contai...

7.2CVSS5.8AI score0.18993EPSS
Exploits17References2Affected Software1
cve
cve
added 2026/06/17 10:8 p.m.40 views

CVE-2026-44645

CVE-2026-44645 affects LiquidJS up to version 10.25.7, where the renderLimit DoS guard can be bypassed by an empty {% for %} or {% tablerow %} body. The per-iteration time check only runs when the body contains at least one template node, so templates like {% for i in (1..N) %}{% endfor %} bypass...

6.5CVSS5.2AI score0.00317EPSS
Exploits0References3
nvd
nvd
added 2026/06/16 8:16 p.m.9 views

CVE-2026-47747

stable-diffusion.cpp is a pure C/C++ library for running diffusion model Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in the BINUNICODE opcode...

7.8CVSS0.0018EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2026/06/12 12:0 a.m.21 views

PT-2026-48967

Name of the Vulnerable Software and Affected Versions Kitty versions prior to 0.47.0 Description Command injection is possible within the subshell through the terminal error mechanism. A specific escape code triggers an error that is not properly escaped and is echoed back to the terminal with...

7.4CVSS5.5AI score0.00287EPSS
Exploits1References3
nessus
nessus
added 2026/06/12 12:0 a.m.13 views

Qnap QTS Incorrect Permission Assignment for Critical Resource (CVE-2025-66276)

QuTS hero is not affected. We have already fixed the vulnerability in the following version: QTS 5.2.7.3256 build 20250913 and later This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

9.8CVSS5.3AI score0.0029EPSS
Exploits0References2
cve
cve
added 2026/06/10 8:19 p.m.27 views

CVE-2026-46702

Russh contains a post-decompression packet size bound vulnerability: when SSH compression is enabled, compressed payloads could inflate to oversized decompressed data, bypassing on-wire packet checks. This allowed remote DoS by sending small compressed packets that decompress beyond limits. Affec...

7.5CVSS5.5AI score0.00268EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:26 p.m.11 views

CVE-2026-40590

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the Change Customer modal exposes a “Create a new customer” flow via POST /customers/ajax with action=create. Under limited visibility, the endpoint drops unique-email validation. If the supplied email already...

4.3CVSS5.5AI score0.00214EPSS
Exploits0References1
Rows per page
Query Builder