Lucene search
+L

1618 matches found

NVD
NVD
added 2026/06/24 1:16 p.m.13 views

CVE-2026-56270

Flowise before 3.1.0 versions 3.0.13 and earlier contains a missing authentication vulnerability in the /api/v1/loginmethod endpoint that allows unauthenticated users to retrieve an organization's complete SSO configuration, including OAuth client secrets in cleartext, by providing an...

8.7CVSS0.00383EPSS
Exploits1References2
Drupal
Drupal
added 2026/06/24 12:0 a.m.7 views

Commerce Realex / Global Payments - Moderately critical - Access Bypass - SA-CONTRIB-2026-058

This module enables you to take payments through the Global Payments / Realex Hosted Payment Page HPP, either via a lightbox iframe or via a full-page redirect. When the gateway is configured with the redirect payment method, the module doesn't sufficiently verify the authenticity of the payment...

4.8CVSS5.9AI score0.00217EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.4 views

PT-2026-52171

Name of the Vulnerable Software and Affected Versions Drupal Commerce Realex / Global Payments versions 0.0.0 through 3.0.2 Description An incorrect authorization issue allows forceful browsing when the gateway is configured with the redirect payment method. The module fails to sufficiently verif...

6.1AI score0.00217EPSS
Exploits0References3
NVD
NVD
added 2026/06/23 6:18 p.m.12 views

CVE-2026-54021

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, several direct, index-addressed Ollama proxy routes accept a caller-supplied urlidx path parameter and use it as a raw index into the admin-configured OLLAMABASEURLS list. Access...

6.3CVSS0.0021EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 6:18 p.m.11 views

CVE-2026-54022

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, the ydoc:document:join Socket.IO handler checks note ownership only when the documentid starts with note: colon. However, the YdocManager storage layer normalizes all document IDs b...

5.3CVSS0.00268EPSS
Exploits1References1
NVD
NVD
added 2026/06/23 6:18 p.m.17 views

CVE-2026-54011

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6,Open WebUI renders Mermaid blocks from Markdown files in the file preview panel and inserts the generated SVG into the DOM using innerHTML. Because Mermaid is configured with...

8.7CVSS0.002EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/23 4:47 p.m.6 views

CVE-2026-54011

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6,Open WebUI renders Mermaid blocks from Markdown files in the file preview panel and inserts the generated SVG into the DOM using innerHTML. Because Mermaid is configured with...

8.7CVSS6AI score0.002EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/06/19 6:51 a.m.38 views

CVE-2026-6798 2Download Connector for 2DL Hosted Checkout <= 0.1.5 - Missing Authorization to Unauthenticated Sensitive Customer Subscription Data Exposure via 'ToDownload_email' Parameter

The 2Download Connector for 2DL Hosted Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 0.1.5. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS0.00299EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/19 6:51 a.m.13 views

EUVD-2026-37996

The 2Download Connector for 2DL Hosted Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 0.1.5. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS6AI score0.00299EPSS
Exploits0References8
CVE
CVE
added 2026/06/19 6:51 a.m.21 views

CVE-2026-6798

The CVE-2026-6798 entry concerns the WordPress plugin “2Download Connector for 2DL Hosted Checkout.” According to connected sources, all versions up to and including 0.1.5 are vulnerable to unauthorized access due to insufficient authorization checks, enabling unauthenticated attackers to view se...

5.3CVSS6AI score0.00299EPSS
Exploits0References8
Patchstack
Patchstack
added 2026/06/18 5:37 p.m.8 views

WordPress 2Download Connector for 2DL Hosted Checkout plugin <= 0.1.5 - Missing Authorization to Unauthenticated Sensitive Customer Subscription Data Exposure vulnerability

Missing Authorization to Unauthenticated Sensitive Customer Subscription Data Exposure vulnerability discovered by Mohamed Haidar in WordPress Plugin 2Download Connector for 2DL Hosted Checkout versions = 0.1.5...

5.3CVSS5.3AI score0.00299EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/12 9:3 p.m.11 views

EUVD-2026-36595

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.12, authenticated agents can forge service-monitor results for other users' services. This issue has been patched in version 2.0.12...

7.1CVSS5.2AI score0.00266EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 9:0 p.m.9 views

EUVD-2026-36591

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember user can create a scheduled cron task with Cover=CronCoverAll, Servers= and an arbitrary Command. At every tick of the scheduler, the dashboard...

9.9CVSS5.4AI score0.00339EPSS
Exploits1References1
The Hacker News
The Hacker News
added 2026/06/12 9:50 a.m.14 views

LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution

Cybersecurity researchers have disclosed details of three now-patched security flaws impacting LangGraph, including a critical vulnerability chain that could result in remote code execution. LangGraph is an open-source framework created by LangChain to build complex, stateful, and multi-agent...

7.8CVSS7.9AI score0.05219EPSS
Exploits2
NVD
NVD
added 2026/06/12 5:16 a.m.11 views

CVE-2026-45169

Idira Privileged Access Manager PAM Self-Hosted Vault versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8 exhibit a validation vulnerability. Under specific circumstances and configuration scenarios, processing unexpected input could potentially lead to an unexpected service termination, resulti...

8.7CVSS0.0035EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/12 4:32 a.m.12 views

EUVD-2026-36385

Idira Privileged Access Manager PAM Self-Hosted Vault versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8 exhibit a validation vulnerability. Under specific circumstances and configuration scenarios, processing unexpected input could potentially lead to an unexpected service termination, resulti...

8.7CVSS5.5AI score0.0035EPSS
Exploits0References4
CVE
CVE
added 2026/06/12 4:32 a.m.34 views

CVE-2026-45169

Idira Privileged Access Manager (PAM) Self-Hosted Vault is affected in versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8. The issue is a validation vulnerability where processing unexpected input under certain configurations can cause an unexpected service termination, leading to a localized D...

8.7CVSS5.5AI score0.0035EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/12 4:32 a.m.10 views

CVE-2026-45169 Idira Privileged Access Manager (PAM) Self-Hosted Vault: Denial of Service due to Unexpected Input Processing

Idira Privileged Access Manager PAM Self-Hosted Vault versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8 exhibit a validation vulnerability. Under specific circumstances and configuration scenarios, processing unexpected input could potentially lead to an unexpected service termination, resulti...

8.7CVSS5.2AI score0.0035EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.19 views

PT-2026-48829

Idira Privileged Access Manager PAM Self-Hosted Vault versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8 exhibit a validation vulnerability. Under specific circumstances and configuration scenarios, processing unexpected input could potentially lead to an unexpected service termination, resulti...

8.7CVSS5.2AI score0.0035EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.28 views

PT-2026-49001

Name of the Vulnerable Software and Affected Versions Nezha Monitoring versions prior to 2.0.13 Description The dashboard's NoRoute handler contains a flaw in the fallbackToFrontend function. The system uses strings.HasPrefix to identify admin-frontend asset requests by checking if a URL starts...

9.1CVSS5.2AI score0.00451EPSS
Exploits1References9
Rows per page
Query Builder