Lucene search
K

14970 matches found

EUVD
EUVD
added 2026/03/09 12:31 p.m.4 views

EUVD-2025-208399

A SQL injection vulnerability has been found in Eventobot. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'promosend' parameter in the '/assets/php/calculatediscount.php'...

8.7CVSS5.7AI score0.00321EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/09 8:1 a.m.5 views

CVE-2026-29194

Netmaker makes networks with WireGuard. Prior to version 1.5.0, the Authorize middleware in Netmaker incorrectly validates host JWT tokens. When a route permits host authentication hostAllowed=true, a valid host token bypasses all subsequent authorization checks without verifying that the host is...

8.6CVSS5.8AI score0.00366EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/03/09 12:0 a.m.2 views

AgenticCyOps: Securing Multi-Agentic AI Integration in Enterprise Cyber Operations

Multi-agent systems MAS powered by LLMs promise adaptive, reasoning-driven enterprise workflows, yet granting agents autonomous control over tools, memory, and communication introduces attack surfaces absent from deterministic pipelines. While current research largely addresses prompt-level...

5.8AI score
Exploits0
NVD
NVD
added 2026/03/07 4:15 p.m.18 views

CVE-2026-29194

Netmaker makes networks with WireGuard. Prior to version 1.5.0, the Authorize middleware in Netmaker incorrectly validates host JWT tokens. When a route permits host authentication hostAllowed=true, a valid host token bypasses all subsequent authorization checks without verifying that the host is...

8.6CVSS0.00366EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/07 4:12 p.m.2 views

CVE-2026-29194 Netmaker: Insufficient Authorization in Host Token Verification

Netmaker makes networks with WireGuard. Prior to version 1.5.0, the Authorize middleware in Netmaker incorrectly validates host JWT tokens. When a route permits host authentication hostAllowed=true, a valid host token bypasses all subsequent authorization checks without verifying that the host is...

8.6CVSS5.8AI score0.00366EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/07 7:59 a.m.3 views

CVE-2026-28676

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, multiple storage helpers used path construction patterns that did not uniformly enforce base-directory containment. This created path-injection risk in file...

8.8CVSS5.7AI score0.0043EPSS
Exploits0References1
Fedora
Fedora
added 2026/03/07 12:33 a.m.8 views

[SECURITY] Fedora 44 Update: valkey-9.0.3-1.fc44

Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing s...

8.5CVSS5.8AI score0.00586EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/03/06 8:24 p.m.4 views

CVE-2026-29182

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.4 and 9.4.1-alpha.3, Parse Server's readOnlyMasterKey option allows access with master-level read privileges but is documented to deny all write operations. However, some...

8.6CVSS5.7AI score0.0038EPSS
Exploits0References4Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/06 1:12 p.m.9 views

Malicious code in python-requirements (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 40fa77c47c3649fce85f601f8aa10bf13674e5db4a2d35f125cb48b77d65f99d The package clones a legitimate webdavclient3 library and modifies it to be an installer utility. During installation, the package exfiltrates the current...

5.8AI score
Exploits0References5
OSV
OSV
added 2026/03/06 1:12 p.m.16 views

MAL-2026-1264 Malicious code in python-requirements (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 40fa77c47c3649fce85f601f8aa10bf13674e5db4a2d35f125cb48b77d65f99d The package clones a legitimate webdavclient3 library and modifies it to be an installer utility. During installation, the package exfiltrates the current...

5.8AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/06 1:2 p.m.10 views

Malicious code in python-module-installer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 61bfa181c5afb9e33e0d529138c813fc05d8130062182d9d1a5cb4ef9c8da0ea The package clones a legitimate webdavclient3 library and modifies it to be an installer utility. During installation, the package exfiltrates the current...

5.8AI score
Exploits0References5
NVD
NVD
added 2026/03/06 5:16 a.m.8 views

CVE-2026-28676

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, multiple storage helpers used path construction patterns that did not uniformly enforce base-directory containment. This created path-injection risk in file...

8.8CVSS0.0043EPSS
Exploits0References5
OSV
OSV
added 2026/03/06 4:23 a.m.3 views

CVE-2026-28676 OpenSift: Insufficient path containment checks in storage helpers could allow path traversal-style file operations

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, multiple storage helpers used path construction patterns that did not uniformly enforce base-directory containment. This created path-injection risk in file...

8.8CVSS5.7AI score0.0043EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/03/06 4:7 a.m.3 views

CVE-2026-25877 Chartbrew: Insecure Direct Object Reference (IDOR) in Chart Operations

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, the application performs authorization checks based solely on the projectid parameter when handling chart-related operations update, delete, etc...

6.5CVSS5.8AI score0.00286EPSS
Exploits1References2
OSV
OSV
added 2026/03/06 4:7 a.m.7 views

CVE-2026-25877 Chartbrew: Insecure Direct Object Reference (IDOR) in Chart Operations

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, the application performs authorization checks based solely on the projectid parameter when handling chart-related operations update, delete, etc...

6.5CVSS5.8AI score0.00286EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.6 views

OliveTin 安全漏洞

OliveTin is an open-source web application developed by OliveTin. Versions of OliveTin prior to 3.00.11.1 contained security vulnerabilities. These vulnerabilities were caused by authentication context confusion in the RestartAction, which could allow low-privilege verified users to perform...

5.3CVSS7.3AI score0.00414EPSS
Exploits1References4
CNVD
CNVD
added 2026/03/06 12:0 a.m.4 views

IBM Cloud Pak System Access Control Error Vulnerability

IBM Cloud Pak System is a full-stack, converged infrastructure with configurable, pre-integrated software from International Business Machines IBM. The product supports deploying, managing and moving application environments across hybrid clouds. An access control error vulnerability exists in IB...

4.3CVSS5.8AI score0.00207EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.9 views

Acronis Cyber Protect 安全漏洞

Acronis Cyber Protect is an enterprise-oriented network protection solution developed by the Swiss company Acronis. It combines features such as backup, anti-malware, network security, and endpoint management—including vulnerability assessment, URL filtering, patch management, etc. Versions of...

4.3CVSS5.8AI score0.00167EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.9 views

PT-2026-23643

Name of the Vulnerable Software and Affected Versions OpenSift versions prior to 1.6.3-alpha Description OpenSift is an AI study tool that uses semantic search and generative AI to process large datasets. Versions of OpenSift prior to 1.6.3-alpha had path-injection risks in file read, write, and...

8.8CVSS5.8AI score0.0043EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.9 views

Acronis Cyber Protect 安全漏洞

Acronis Cyber Protect is an enterprise-oriented integrated network protection solution developed by the Swiss company Acronis. It combines features such as backup, anti-malware, network security, and endpoint management e.g., vulnerability assessment, URL filtering, patch management, etc.. Previo...

4.3CVSS5.8AI score0.00153EPSS
Exploits0References1
Rows per page
Query Builder