Lucene search
+L

5540 matches found

CVE
CVE
added 2026/06/24 1:20 p.m.31 views

CVE-2026-57287

Affected product: Jenkins Job Configuration History Plugin. Vulnerable component: historical job/agent configuration display. Root cause: plugin versions 1356.ve360da_6c523a_ and earlier fail to redact encrypted secret values when shown in history, enabling disclosure to users with Extended Read....

4.3CVSS5.8AI score0.0013EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/24 1:20 p.m.7 views

CVE-2026-57287

Jenkins Job Configuration History Plugin 1356.ve360da6c523a and earlier does not redact the encrypted values of secrets when displaying historical job and agent configurations, allowing attackers with Extended Read permission to view encrypted secret values that would otherwise be redacted...

4.3CVSS5.8AI score0.0013EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 10:17 a.m.15 views

CVE-2026-11968

Argument Injection in TortoiseGitBlame via Malicious Git History Filenames Leads to Arbitrary File Write in TortoiseGit...

5.5CVSS0.00124EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 9:33 a.m.38 views

CVE-2026-11968 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') in TortoiseGit

Argument Injection in TortoiseGitBlame via Malicious Git History Filenames Leads to Arbitrary File Write in TortoiseGit...

5.5CVSS0.00124EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 9:33 a.m.12 views

EUVD-2026-38733

Argument Injection in TortoiseGitBlame via Malicious Git History Filenames Leads to Arbitrary File Write in TortoiseGit...

5.5CVSS5.9AI score0.00124EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 9:33 a.m.2 views

CVE-2026-11968 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') in TortoiseGit

Argument Injection in TortoiseGitBlame via Malicious Git History Filenames Leads to Arbitrary File Write in TortoiseGit...

5.5CVSS5.9AI score0.00124EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51757

Name of the Vulnerable Software and Affected Versions TortoiseGit affected versions not specified Description Argument injection is possible in TortoiseGitBlame through the use of malicious git history filenames. This flaw allows for arbitrary file write operations within TortoiseGit...

5.5CVSS5.9AI score0.00124EPSS
Exploits0References7
NVD
NVD
added 2026/06/23 6:18 p.m.19 views

CVE-2026-54015

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI's prompt version-history endpoints authorize the promptid in the URL but then act on caller-supplied history IDs without verifying that the history row belongs to that...

6.4CVSS0.00169EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/23 4:44 p.m.44 views

CVE-2026-54015 Open WebUI: Prompt history IDOR: unbound history_id allows cross-prompt read and deletion

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI's prompt version-history endpoints authorize the promptid in the URL but then act on caller-supplied history IDs without verifying that the history row belongs to that...

6.4CVSS0.00169EPSS
Exploits1References1
CVE
CVE
added 2026/06/23 4:44 p.m.20 views

CVE-2026-54015

Open WebUI vulnerability CVE-2026-54015 : Before 0.9.6, the prompt history IDOR flaw allows cross-prompt access via /api/v1/prompts/id/{prompt_id}/history/diff, /update/version, and /history/{history_id}. Although the URL is bound to a prompt, the server fetches history entries globally by ID wit...

6.4CVSS5.9AI score0.00169EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/06/23 4:44 p.m.2 views

CVE-2026-54015 Open WebUI: Prompt history IDOR: unbound history_id allows cross-prompt read and deletion

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI's prompt version-history endpoints authorize the promptid in the URL but then act on caller-supplied history IDs without verifying that the history row belongs to that...

6.4CVSS6AI score0.00169EPSS
Exploits1References3
OSV
OSV
added 2026/06/23 4:11 p.m.9 views

MAL-2026-6317 Malicious code in ts-bn-lint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e591f0b407bc22e3abe20da9207df2d2922f75d98ab97aaa62557ca88b8fc349 [email protected] is a credential harvester disguised as a TypeScript/lint utility. index.js defines decodeStr which base64-decodes all operationally...

5.9AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/22 5:16 p.m.8 views

CVE-2026-54289

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda@Edge, CloudFront delivers a request header that appears more than once as several separate entries. The adapter writes each value with Headers.set instead of Headers.append, so...

4.8CVSS5.9AI score0.00114EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.9 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Vim vulnerabilities (USN-8451-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8451-1 advisory. Srinivas Piskala Ganesh Babu discovered that Vim incorrectly handled...

8.8CVSS6.2AI score0.00303EPSS
Exploits0References6
OSV
OSV
added 2026/06/19 7:36 p.m.10 views

GHSA-436Q-JWFR-RM2H jupyterlab-git excluded_paths Case-Sensitivity Bypass Allows Reading Excluded Directories

Summary jupyterlab-git 0.53.0 latest, 2026-04-30 uses fnmatch.fnmatchcase in GitHandler.prepare jupyterlabgit/handlers.py:91 to enforce the admin-configured excludedpaths security control. Because fnmatchcase is unconditionally case-sensitive, an authenticated user on a case-insensitive filesyste...

7.1CVSS6AI score0.00301EPSS
Exploits1References2
OSV
OSV
added 2026/06/19 7:36 p.m.9 views

GHSA-F962-V9HR-PFG5 jupyterlab-git extension: Stored XSS leading to RCE

Overview Amazon Web Services AWS Security has identified a stored cross-site scripting XSS issue in the jupyterlab-git JupyterLab extension that can lead to remote code execution RCE. The issue exists in the PlainTextDiff.ts component, where the createHeader method passes Git filenames directly t...

8.6CVSS6.7AI score0.00298EPSS
Exploits2References2
NVD
NVD
added 2026/06/19 2:16 p.m.16 views

CVE-2026-49357

Line Desktop MCP is a project that, while unaffiliated with the official line-bot-mcp-server, allows users to directly operate the LINE Desktop application on Windows or Mac via MCP. line-desktop-mcp supports a --http-mode Streamable HTTP transport for use with clients such as n8n. In this mode t...

8.8CVSS0.00323EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 1:11 p.m.33 views

CVE-2026-49357 Streamable HTTP mode exposes LINE Desktop read/send tools without MCP authentication

Line Desktop MCP is a project that, while unaffiliated with the official line-bot-mcp-server, allows users to directly operate the LINE Desktop application on Windows or Mac via MCP. line-desktop-mcp supports a --http-mode Streamable HTTP transport for use with clients such as n8n. In this mode t...

8.8CVSS0.00323EPSS
Exploits0References2
CVE
CVE
added 2026/06/19 1:11 p.m.22 views

CVE-2026-49357

CVE-2026-49357 affects line-desktop-mcp (LINE Desktop MCP). In --http-mode, the MCP server binds to 0.0.0.0 and exposes the /mcp endpoint without MCP authentication, enabling any network client on the port to initialize a session, list tools, and call tools that read LINE Desktop chat history or ...

8.8CVSS5.9AI score0.00323EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/19 3:59 a.m.13 views

Malicious code in eslint-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5802f88a31cfb1c54196395aa04377de1c98657cdd78f59e4a595f2913239301 Package masquerades as an ESLint utility but contains no lint-related code. The exported fromstr recursively walks process.cwd searching for...

5.9AI score
Exploits0References3
Rows per page
Query Builder