Lucene search
K

19509 matches found

Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.11 views

PT-2026-44062

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.39.0 Description An issue exists in the open-source low-code platform where the webhook schema-building endpoint is registered under builderRoutes, but the generic authorization middleware fails to enforce...

7.5CVSS5.8AI score0.00224EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.12 views

Budibase 安全漏洞

Budibase is an open-source platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.38.2 contained security vulnerabilities. These vulnerabilities stemmed from the failure to...

4.2CVSS5.8AI score0.00163EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.9 views

UFO³ 安全漏洞

UFO³ is an open-source cross-device collaboration multi-agent task orchestration tool developed by Microsoft. Version UFO³ 3.0.1-4-ge2626659 contains a security vulnerability. This vulnerability stems from variable instance fields being overwritten in the shared WebSocket processor instances, whi...

6.3CVSS5.8AI score0.00276EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/05/27 12:0 a.m.14 views

OSSEC HIDS 4.1.0

OSSEC is a full platform to monitor and control your systems. It mixes together all the aspects of HIDS host-based intrusion detection, log monitoring and SIM/SIEM together in a simple, powerful and open source solution. This is the source code release...

5.9AI score
Exploits0
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.8 views

Budibase 安全漏洞

Budibase is an open-source low-code platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.38.2 contained security vulnerabilities. These vulnerabilities stemmed from a lack of...

9.9CVSS5.9AI score0.00286EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/05/27 12:0 a.m.8 views

Do You Dare to Try Test-Driven Forensics? Increasing Trust in Desktop Forensics with ADARE

Digital forensic relies on validated tools and established procedures, yet the underlying operating systems, applications, and analysis tools evolve rapidly. This evolution can cause artifact behavior and tool outputs to drift, silently degrading repeatability and confidence in long-lived forensi...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.8 views

RabbitMQ 安全漏洞

RabbitMQ is an open-source, feature-rich multi-protocol message and streaming media broker. There were security vulnerabilities in versions of RabbitMQ from 3.7.0 to 4.1.2, as well as in version 4.0.13. Attackers could exploit these vulnerabilities to execute cross-site scripting attacks...

5.6CVSS5.8AI score0.0018EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.12 views

Ella Core 安全漏洞

Ella Core is an open-source solution developed by Ella Networks for use in private networks as a 5G core network solution. Versions of Ella Core prior to 1.10.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of verification of whether the...

7.1CVSS5.8AI score0.00166EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.7 views

free5GC 安全漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of inbound OAuth2/bearer-token authorization when the NEF route group nnef-callback was mounted, whic...

7.3CVSS5.8AI score0.00241EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.7 views

Ella Core 安全特征问题漏洞

Ella Core is an open-source solution developed by Ella Networks for use in private networks as a 5G core network solution. Versions of Ella Core prior to 1.10.0 contained security feature vulnerabilities. These vulnerabilities stemmed from an unvalidated check to ensure that the UE security...

6.1CVSS5.8AI score0.00148EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.12 views

GuardDog 安全漏洞

GuardDog is an open-source CLI tool developed by GuardDog, which allows for the identification of malicious PyPI packages. Versions 2.6.0 to 2.9.0 of GuardDog contain security vulnerabilities. These vulnerabilities stem from the default human-readable output, which includes filenames, file...

5CVSS5.9AI score0.00113EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.9 views

Frappe HR 安全漏洞

Frappe HR is an open-source human resources management system developed by Frappe. Versions of Frappe HR prior to 16.5.0 contained security vulnerabilities. These vulnerabilities were caused by improper authorization checks, which could allow authorized employees to access the leave details of...

6.5CVSS5.8AI score0.00201EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/05/27 12:0 a.m.13 views

angr 9.2.219

angr is an open-source binary analysis platform for Python. It combines both static and dynamic symbolic "concolic" analysis, providing tools to solve a variety of tasks...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/05/26 9:17 p.m.8 views

EUVD-2026-32005

Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26.02 and earlier, a denial-of-service vulnerability was identified in the ASN.1/OER parsing pipeline of Vanetza. When processing malformed network packets containing corrupted ASN.1/OER structures e.g., invalid length...

7.5CVSS5.8AI score0.00184EPSS
Exploits0References2
NVD
NVD
added 2026/05/26 9:16 p.m.16 views

CVE-2026-44847

MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.0, MaxKB's webhook trigger endpoint /api/trigger/v1/webhook/triggerid is accessible without authentication. The WebhookAuth class unconditionally returns None, , which Django REST Framework interprets as successful authentication...

7.5CVSS0.00271EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/26 8:22 p.m.10 views

CVE-2026-42336

MaxKB is an open-source AI assistant for enterprise. MaxKB 2.8.0 and prior are vulnerable to a server-side request forgery SSRF bypass in the OSS file service URL fetch functionality due to inconsistent DNS resolution between validation and actual request execution, allowing attackers to access...

5.1CVSS5.8AI score0.00187EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/26 8:19 p.m.9 views

CVE-2026-42337 MaxKB: Broken Access Control in MaxKB OSS URL Fetch API

MaxKB is an open-source AI assistant for enterprise. MaxKB 2.8.0 and prior are vulnerable to a broken access control vulnerability in the OSS file service URL fetch API chat/api/oss/geturl. The endpoint uses applicationid from the URL path without validating ownership, allowing attackers to perfo...

5.3CVSS5.8AI score0.00207EPSS
Exploits0References1
CVE
CVE
added 2026/05/26 8:19 p.m.18 views

CVE-2026-42337

CVE-2026-42337 : MaxKB (open-source AI assistant) versions 2.8.0 and earlier are affected by a broken access control in the OSS file service URL fetch API (chat/api/oss/get_url). The endpoint uses the application_id from the URL path without validating ownership, allowing operations under other a...

5.3CVSS5.8AI score0.00207EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/26 8:12 p.m.13 views

EUVD-2026-31984

MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, user passwords are stored using unsalted MD5 hashes, making them trivially crackable via rainbow tables or GPU-accelerated brute force hashcat. This vulnerability is fixed in 2.9.1...

6.9CVSS5.8AI score0.00083EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/26 8:9 p.m.32 views

CVE-2026-42335 MaxKB: SSRF Bypass in MaxKB OSS URL Fetch due to URL Parsing Discrepancy

MaxKB is an open-source AI assistant for enterprise. Prior to 2.8.1, MaxKB v2.8.0 and prior are vulnerable to a server-side request forgery SSRF bypass in the OSS file service URL fetch chat/api/oss/geturl endpoint. The vulnerability exists due to inconsistent URL parsing between the urlparse...

6.3CVSS0.00232EPSS
Exploits0References1
Rows per page
Query Builder