Lucene search
K

3462 matches found

ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-34049

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. From 4.0.0-beta.451 through 4.0.0-beta.470, database backup handling for MongoDB collection names did not fully validate shell metacharacters, allowing a highly privileged attacker who can configur...

3.3CVSS6AI score
Exploits0References5Affected Software1
EUVD
EUVD
added yesterday7 views

EUVD-2026-24979

comm: FIFO/pipe inputs are drained before comparison data loss / hang...

4.4CVSS5.9AI score0.00134EPSS
Exploits0References5
CVE
CVE
added yesterday6 views

CVE-2026-43825

The CVE concerns Apache OpenNLP’s SvmDoccatModel (libsvm document categorization module), with impact on 3.x releases before 3.0.0-M4. The vulnerability arises in SvmDoccatModel.deserialize(InputStream), which uses java.io.ObjectInputStream.readObject() on an attacker-controlled stream without an...

7.3CVSS6.7AI score
Exploits0References2
Nuclei
Nuclei
added yesterday7 views

Pinger 1.0 - Remote Code Execution

Pinger 1.0 contains a remote code execution vulnerability that allows attackers to inject shell commands through the ping and socket parameters. Attackers can exploit the unsanitized input in ping.php to write arbitrary PHP files and execute system commands by appending shell metacharacters. id:...

9.8CVSS6.7AI score0.03135EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday13 views

WordPress Calls to Action <=2.4.3 - Authenticated Reflected XSS

Calls to Action plugin before 2.5.1 for WordPress contains stored XSS caused by unsanitized input in open-tab parameter in wp-admin/edit.php and wp-cta-variation-id parameter in ab-testing-call-to-action-example/, letting remote attackers inject arbitrary web script or HTML, exploit requires...

6.1CVSS6.6AI score0.02645EPSS
Exploits3References5
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-59094 Pathway - Unauthenticated Denial of Service via Exponential Glob Pattern Matching in Document Store

Pathway through 0.31.1, fixed in commit d09722e, document store applies a caller-supplied glob pattern to indexed document paths using a hand-written recursive matcher that branches two ways on each token without memoization, giving exponential worst-case complexity. The filepathglobpattern value...

8.7CVSS0.0047EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 6 days ago3 views

php: signed integer overflow in metaphone()

A flaw was found in PHP. The metaphone function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. When an input string is longer than 2,147,483,647 bytes, a signed integer overflow can occur, leading to undefined behavior and an...

7.5CVSS5.8AI score0.00455EPSS
Exploits0References5
F5 Networks
F5 Networks
added last week4 views

K000161990: Go vulnerability CVE-2025-61723

Security Advisory Description The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs. CVE-2025-61723 Impact An attacker may be able to cause an increase in resource utilization, which...

7.5CVSS7AI score0.00626EPSS
Exploits0Affected Software6
Cvelist
Cvelist
added last week29 views

CVE-2026-57081 Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via deeply nested bencoded input

Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via deeply nested bencoded input. bdecode recurses once per nested list or dictionary level with no depth cap, and each recursive call receives the remaining buffer by value while the list and dictionary branches captu...

0.00263EPSS
Exploits0References1
NVD
NVD
added 2026/06/29 5:16 p.m.8 views

CVE-2026-13752

Improper neutralization of parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. An attacker could exploit this by supplying crafted values to vulnerable command paths, causing Snowflake CLI to execute unintended SQL in the context of the user’s Snowflake session...

8CVSS0.00188EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.12 views

PT-2026-53322

Name of the Vulnerable Software and Affected Versions Snowflake CLI versions prior to 3.19 Description Improper neutralization of parameters allows unintended SQL execution. An attacker can exploit this by providing crafted values to vulnerable command paths, leading the CLI to execute unauthoriz...

8CVSS6.1AI score0.00188EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.6 views

PT-2026-53321

Name of the Vulnerable Software and Affected Versions Snowflake CLI versions prior to 3.19 Description Improper handling of untrusted remote references allows server-side request forgery SSRF, a condition where a server is coerced into making requests to an unintended destination. The SQL stateme...

9.6CVSS6.1AI score0.00118EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/26 4:11 p.m.33 views

CVE-2025-32394 AutoGPT: There is a DoS vulnerability in AITextSummarizerBlock

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.32, there is a DoS vulnerability in AITextSummarizerBlock. Malicious users can amplify their input. For example, if a malicious user inputs 10K of content, the...

5.3CVSS0.00247EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 4:9 p.m.8 views

CVE-2025-32423

AutoGPT contains a DoS vulnerability in the ExtractTextInformationBlock prior to version 0.6.32. Malicious input amplification can cause a server to consume excessive memory (e.g., 10 KB input leading to ~50 GB memory usage), exhausting resources and causing DoS. The issue is fixed in 0.6.32. Aff...

5.3CVSS5.8AI score0.00247EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 10:14 p.m.11 views

EUVD-2026-31388

golang.org/x/crypto/ssh: Invoking byte arithmetic causes underflow and panic...

7.5CVSS5.8AI score0.00359EPSS
Exploits0References6
OSV
OSV
added 2026/06/25 10:14 p.m.3 views

GHSA-Q4H4-GMJ2-QVW2 golang.org/x/crypto/ssh: Invoking byte arithmetic causes underflow and panic

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs...

7.5CVSS5.9AI score0.00359EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/25 10:12 p.m.11 views

EUVD-2026-31402

golang.org/x/crypto/ssh/agent: Invoking pathological inputs can lead to client panic...

5.3CVSS5.8AI score0.00313EPSS
Exploits0References5
OSV
OSV
added 2026/06/25 10:12 p.m.3 views

GHSA-9M57-25V3-79X9 golang.org/x/crypto/ssh/agent: Invoking pathological inputs can lead to client panic

For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used...

5.3CVSS5.8AI score0.00313EPSS
Exploits0References5
NVD
NVD
added 2026/06/25 7:16 p.m.9 views

CVE-2026-56779

MaxKB before 2.10.0 contains a server-side request forgery vulnerability in tool creation and update endpoints that allows authenticated users to make arbitrary server requests by supplying unvalidated downloadCallbackUrl and downloadurl parameters. Attackers with default workspace USER role can...

6.4CVSS0.00171EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/25 1:56 a.m.30 views

CVE-2026-8658 OS Command Injection in Rapid7 InsightConnect Tcpdump Plugin

OS Command Injection vulnerability in Rapid7 InsightConnect Tcpdump Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the options or filter parameters due to insufficient input sanitization in shell command construction...

6CVSS0.00833EPSS
Exploits0References1
Rows per page
Query Builder