Lucene search
K

60 matches found

RedhatCVE
RedhatCVE
added 2026/06/30 9:32 p.m.19 views

CVE-2026-54514

A flaw was found in jackson-databind, a library used for processing JSON data. This vulnerability allows a remote attacker to force the application to perform an attacker-chosen DNS Domain Name System query. This occurs when untrusted JSON input containing specific network address information is...

5.3CVSS5.7AI score0.00219EPSS
Exploits0References6
CVE
CVE
added 2026/06/24 4:29 p.m.20 views

CVE-2026-53006

The CVE-2026-53006 entry concerns a Use-After-Free in the Linux kernel IPv6 path (icmpv6_rcv) caused by caching IPv6 saddr/daddr before pskb_pull(), since skb->head can change. The fix removes temporary variables and ensures access to &ipv6_hdr(skb)->saddr and &ipv6_hdr(skb)->daddr only ...

9.8CVSS5.7AI score0.00385EPSS
Exploits0References11Affected Software1
OSV
OSV
added 2026/06/11 4:45 a.m.11 views

MAL-2026-5562 Malicious code in @koadz/sso (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d284d5d0421ad906d63959ed4e0f3354106166311f4066ff794669f52d1eacfb package.json declares a postinstall hook that runs dist/index.js. The compiled bundle contains an appended payload absent from the index.ts source...

5.5AI score
Exploits0References1
Snyk
Snyk
added 2026/05/29 10:29 p.m.9 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the direct-prompt CLI. An attacker can access sensitive local...

6.9CVSS5.5AI score0.00014EPSS
Exploits0References2
NVD
NVD
added 2026/05/27 6:16 p.m.18 views

CVE-2026-45548

Budibase is an open-source low-code platform. Prior to 3.34.8, the processUrlFile function in packages/server/src/automations/steps/ai/extract.ts uses fetchfileUrl directly without the IP blacklist validation that is consistently applied to all other automation steps. This allows an authenticated...

7.7CVSS0.00258EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/27 5:11 p.m.13 views

EUVD-2026-32604

Budibase is an open-source low-code platform. Prior to 3.34.8, the processUrlFile function in packages/server/src/automations/steps/ai/extract.ts uses fetchfileUrl directly without the IP blacklist validation that is consistently applied to all other automation steps. This allows an authenticated...

7.7CVSS5.8AI score0.00258EPSS
Exploits0References2
OSV
OSV
added 2026/05/20 1:3 a.m.8 views

MAL-2026-4543 Malicious code in customerdigital-ui-containers-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a314a5b253dcb30b2781bda216266b7ab1b49b62eec416bd9be07b48ab46a348 On npm install, postinstall.js collects git identity, OS user/uid, hostname, internal network interface addresses, Cloudflare Pages environment...

5.8AI score
Exploits0References2
EUVD
EUVD
added 2026/05/15 8:37 p.m.18 views

EUVD-2026-30631

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the validateurl function in backend/openwebui/retrieval/web/utils.py only validates the initial URL submitted by the caller. The HTTP clients used downstream sync requests, async...

8.5CVSS5.8AI score0.003EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/15 6:22 p.m.3 views

CVE-2026-34244 Weblate: SSRF via Project-Level Machinery Configuration

Weblate is a web based localization tool. In versions prior to 5.17, a user with the project.edit permission granted by the per-project "Administration" role can configure machine translation service URLs pointing to arbitrary internal network addresses. During configuration validation, Weblate...

5CVSS5.8AI score0.0024EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/15 6:22 p.m.28 views

CVE-2026-34244 Weblate: SSRF via Project-Level Machinery Configuration

Weblate is a web based localization tool. In versions prior to 5.17, a user with the project.edit permission granted by the per-project "Administration" role can configure machine translation service URLs pointing to arbitrary internal network addresses. During configuration validation, Weblate...

5CVSS0.0024EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/28 4:59 p.m.4 views

CVE-2026-34362

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the verifyTokenSocket function in plugin/YPTSocket/functions.php has its token timeout validation commented out, causing WebSocket tokens to never expire despite being generated with a 12-hour timeout. This allows...

5.4CVSS5.8AI score0.00247EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/08 1:44 a.m.7 views

CVE-2026-30242

Plane is an an open-source project management tool. Prior to version 1.2.3, the webhook URL validation in plane/app/serializers/webhook.py only checks ip.isloopback, allowing attackers with workspace ADMIN role to create webhooks pointing to private/internal network addresses 10.x.x.x, 172.16.x.x...

8.5CVSS5.8AI score0.00284EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.14 views

changedetection.io 安全漏洞

Changedetection.io is a website monitoring and notification application developed by dgtlmoon. Versions of Changedetection.io prior to 0.54.1 contained security vulnerabilities. These vulnerabilities stemmed from the URL validation function, issafevalidurl, which did not validate the resolution I...

8.6CVSS5.8AI score0.00445EPSS
Exploits1References2
EUVD
EUVD
added 2026/02/04 4:8 p.m.4 views

EUVD-2026-5439

In the Linux kernel, the following vulnerability has been resolved: ipvlan: Make the addrslock be per port Make the addrslock be per port, not per ipvlan dev. Initial code seems to be written in the assumption, that any address change must occur under RTNL. But it is not so for the case of IPv6. ...

5.3AI score0.00107EPSS
Exploits0References4
NVD
NVD
added 2026/01/16 12:16 a.m.7 views

CVE-2021-47791

SmartFTP Client 10.0.2909.0 contains multiple denial of service vulnerabilities that allow attackers to crash the application through specific input manipulation. Attackers can trigger crashes by entering malformed paths, using invalid IP addresses, or clearing connection history in the client's...

7.5CVSS0.00467EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2017-0339

Malware in sbrugna...

9.8CVSS9.3AI score0.02032EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.13 views

EUVD-2017-0348

Malware in sbrugna...

8.1CVSS8AI score0.02415EPSS
Exploits0References8
CVE
CVE
added 2025/09/19 6:53 p.m.23 views

CVE-2025-26517

StorageGRID (formerly StorageGRID Webscale) is affected in versions prior to 11.8.0.15 and prior to 11.9.0.8. The vulnerability is a privilege escalation that could allow an unauthenticated? authenticated attacker to discover Grid node names and IP addresses or modify Storage Grades. Remediation:...

5.4CVSS6.6AI score0.00178EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/08/11 4:25 p.m.30 views

CVE-2025-8866

Summary: CVE-2025-8866 affects the YugabyteDB Anywhere web server, where the /metamaster/universe API endpoint does not properly enforce authentication. What’s affected: YugabyteDB Anywhere web server (specific versions not enumerated in provided documents). Root cause (as described): Authenticat...

5.1CVSS7.3AI score0.00224EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:45 a.m.7 views

CVE-2024-0862

The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains a Server-Side Request Forgery vulnerability that allows an authenticated user to relay HTTP requests from the Protection server to otherwise private network addresses...

5CVSS6.7AI score0.00192EPSS
Exploits0References1
Rows per page
Query Builder