Lucene search
+L

1612 matches found

euvd
euvd
added 2026/06/09 6:30 p.m.10 views

EUVD-2026-35449

Mem0 versions through 0.2.8, fixed in commit ae7f406, contain a missing authorization vulnerability in the self-hosted server component where the POST /configure endpoint modifies global LLM provider and embedder configuration but only verifies authentication via JWT or X-API-Key without validati...

8.6CVSS5.5AI score0.0029EPSS
Exploits0References6
nvd
nvd
added 2026/06/09 4:16 p.m.18 views

CVE-2026-49948

Mem0 versions through 0.2.8, fixed in commit ae7f406, contain a missing authorization vulnerability in the self-hosted server component where the POST /configure endpoint modifies global LLM provider and embedder configuration but only verifies authentication via JWT or X-API-Key without validati...

8.6CVSS0.0029EPSS
Exploits0References5
cvelist
cvelist
added 2026/06/09 3:41 p.m.33 views

CVE-2026-28301 SolarWinds Observability Self-Hosted Open Redirect Vulnerability

A vulnerability in which an attacker can provide a crafted external URL that may redirect a user to an unintended website...

4.8CVSS0.0021EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/06/09 3:41 p.m.12 views

CVE-2026-28301 SolarWinds Observability Self-Hosted Open Redirect Vulnerability

A vulnerability in which an attacker can provide a crafted external URL that may redirect a user to an unintended website...

4.8CVSS5.5AI score0.0021EPSS
Exploits0References3
cve
cve
added 2026/06/09 3:41 p.m.41 views

CVE-2026-28301

Technical specifics (affected products, versions, root cause, exploitability, mitigations) are not provided in the connected documents. Monitor for updates.

4.8CVSS5.5AI score0.0021EPSS
Exploits0References3
githubexploit
githubexploit
added 2026/06/09 4:29 a.m.67 views

wisp

Wisp — the open-source Ghost alternative, built in Elixir & Ph...

5.7AI score
Exploits0
cnnvd
cnnvd
added 2026/06/08 12:0 a.m.15 views

wacrm 安全漏洞

WACRM is a self-hosted CRM template based on WhatsApp, developed by Arnas Donauskas. The version WACRM 73041bf previously had a security vulnerability. This vulnerability stemmed from an authorization bypass issue in the automation engine, which could allow authentication attackers to access and...

7.1CVSS5.5AI score0.00216EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:32 p.m.15 views

CVE-2026-45773

Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14, Turborepo's self-hosted login and SSO browser flows did not validate a CSRF state value on the localhost callback. While the CLI was waiting for authentication, a malicious web page could send a...

6.5CVSS5.5AI score0.00124EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:31 p.m.10 views

CVE-2026-33467

Improper Verification of Cryptographic Signature CWE-347 in Elastic Package Registry could allow an attacker positioned to intercept network traffic, or to otherwise influence the contents served to a self-hosted registry, to substitute a tampered package without the integrity check failing close...

5.9CVSS5.4AI score0.00124EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:25 p.m.12 views

CVE-2026-44560

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the type: "file" non-full-context, type: "text" with collectionname, and bare collectionname/collectionnames paths in the getsourcesfromitems function perform vector store queries...

6.5CVSS5.5AI score0.00366EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/06/05 7:24 p.m.14 views

CVE-2026-44679

Tuist is a virtual platform team for Swift app devs. Prior to 1.180.10, the forgot password flow allows an unauthenticated attacker to repeatedly trigger password reset emails for a known account without server-side throttling. In self-hosted deployments, this can be abused to send large volumes ...

6.9CVSS5.4AI score0.00288EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:21 p.m.9 views

CVE-2026-41644

monetr is a budgeting application for recurring expenses. Prior to version 1.12.5, a server-side request forgery SSRF vulnerability in monetr's Lunch Flow integration allowed any authenticated user on a self-hosted instance to cause the monetr server to issue HTTP GET requests to arbitrary URLs...

8.3CVSS5.5AI score0.00331EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:17 p.m.10 views

CVE-2026-33712

Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the preview chat endpoint POST /api/v1/typebots/typebotId/preview/startChat allows unauthenticated users to achieve Server-Side Request Forgery SSRF by supplying a custom typebot definition with server-side code blocks. The fetch...

10CVSS5.5AI score0.00347EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/06/05 7:15 p.m.14 views

CVE-2026-46426

Budibase is an open-source low-code platform. Prior to 3.38.2, the file upload endpoint POST /api/attachments/process does not enforce active-content restrictions for authenticated users. The checks for dangerous file extensions are conditionally wrapped inside if isPublicUser or if isPublicUser ...

7.6CVSS5.4AI score0.00175EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:14 p.m.7 views

CVE-2026-40050

CrowdStrike has released security updates to address a critical unauthenticated path traversal vulnerability CVE-2026-40050 in LogScale. This vulnerability only requires mitigation by customers that host specific versions of LogScale and does not affect Next-Gen SIEM customers. The vulnerability...

9.8CVSS5.8AI score0.00597EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:11 p.m.12 views

CVE-2026-44554

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the POST /api/v1/retrieval/process/web endpoint accepts a user-supplied collectionname and an overwrite query parameter default: True. It performs no authorization check on whether t...

8.1CVSS5.5AI score0.00295EPSS
Exploits1References1
nessus
nessus
added 2026/06/03 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-44578

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. From 13.4.13 to before 15.5.16 and 16.2.5, self-hosted applications using the built-in...

8.6CVSS5.9AI score0.38811EPSS
Exploits9References2
redhatcve
redhatcve
added 2026/06/02 11:53 p.m.15 views

CVE-2026-44577

A flaw was found in Next.js. When self-hosting Next.js with the default image loader, the Image Optimization API fetches local images entirely into memory without enforcing a maximum size limit. A remote attacker could exploit this by requesting large local assets from the /next/image endpoint...

7.5CVSS5.7AI score0.00705EPSS
Exploits1References4
euvd
euvd
added 2026/05/29 4:33 p.m.11 views

EUVD-2026-33360

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.29.2 and earlier, Dokploy constructs shell commands using JavaScript template literals and executes them via childprocess.exec which runs through /bin/sh -c. User-supplied branch names, repository URLs, and Docker credentials are...

9.6CVSS5.8AI score0.0023EPSS
Exploits0References1
cvelist
cvelist
added 2026/05/28 8:38 p.m.34 views

CVE-2026-45366 typescript-utcp: SSRF via attacker-controlled OpenAPI servers[0].url in HTTP communication protocol

typescript-utcp is a typescript implementation of UTCP. Prior to 1.1.2, the @utcp/http package is vulnerable to a blind Server-Side Request Forgery SSRF caused by a trust-boundary inconsistency between manual discovery and tool invocation. registerManual validates the discovery URL against an HTT...

4.7CVSS0.00122EPSS
Exploits0References1
Rows per page
Query Builder