Lucene search
K

15110 matches found

Github Security Blog
Github Security Blog
added 2026/04/29 9:22 p.m.18 views

n8n's Credential Authorization Bypass in dynamic-node-parameters Allows Foreign API Key Replay

Impact The dynamic-node-parameters endpoints did not verify whether the authenticated caller was authorized to use a supplied credential reference. An authenticated user with access to a shared workflow could supply a foreign credential ID in the request body, causing the backend to decrypt and u...

7.5CVSS5.7AI score0.0026EPSS
Exploits0References3Affected Software1
Malwarebytes
Malwarebytes
added 2026/04/29 8:58 p.m.6 views

Researchers built a chatbot that only knows the world before 1931

The internet's chatbots have read every forum rant, leaked Slack log, and confident blog post your uncle ever wrote about chemtrails. The results are predictable: they reflect the state of the internet, and it isn't pretty. That, along with some questionable design decisions, is partly why Elon...

5.2AI score
Exploits0
NVD
NVD
added 2026/04/29 8:16 p.m.4 views

CVE-2026-7401

A vulnerability was detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This vulnerability affects unknown code of the file /index.php?action=register of the component Registration. The manipulation of the argument studentid/fullname/section/username results ...

5.3CVSS0.0032EPSS
Exploits0References5
NVD
NVD
added 2026/04/29 8:16 p.m.11 views

CVE-2026-34965

Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/savecollection endpoint that allows authenticated attackers with collection management privileges to inject arbitrary PHP code into collection rules parameters. Attackers can inject malicious PHP...

8.8CVSS0.00825EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/29 7:50 p.m.4 views

CVE-2026-34965 Cockpit CMS Authenticated Remote Code Execution via Collections

Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/savecollection endpoint that allows authenticated attackers with collection management privileges to inject arbitrary PHP code into collection rules parameters. Attackers can inject malicious PHP...

8.8CVSS6.5AI score0.00825EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/29 7:24 p.m.29 views

CVE-2018-25308 BuddyPress Xprofile Custom Fields Type 2.6.3 Arbitrary File Deletion

BuddyPress Xprofile Custom Fields Type 2.6.3 contains a remote code execution vulnerability that allows authenticated users to delete arbitrary files by manipulating unescaped POST parameters. Attackers can modify the fieldhiddenfile and fielddeleteimg parameters during profile editing to unlink...

8.8CVSS0.00741EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/29 7:24 p.m.3 views

EUVD-2018-21829

BuddyPress Xprofile Custom Fields Type 2.6.3 contains a remote code execution vulnerability that allows authenticated users to delete arbitrary files by manipulating unescaped POST parameters. Attackers can modify the fieldhiddenfile and fielddeleteimg parameters during profile editing to unlink...

8.8CVSS6.5AI score0.00741EPSS
Exploits0References3
CVE
CVE
added 2026/04/29 7:24 p.m.7 views

CVE-2018-25308

Affected product: BuddyPress Xprofile Custom Fields Type 2.6.3. Vulnerability: remote code execution via unescaped POST parameters during profile editing, enabling authenticated users to delete arbitrary files by manipulating field_hiddenfile and field_deleteimg. Impact: high impact on confidenti...

8.8CVSS6.5AI score0.00741EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/04/29 2:31 p.m.9 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS6.7AI score0.01945EPSS
Exploits0References8
NVD
NVD
added 2026/04/29 9:16 a.m.8 views

CVE-2026-42513

This vulnerability exists in e-Sushrut due to improper authentication logic that relies on client-side response parameters to determine authentication status. A remote attacker could exploit this vulnerability by intercepting and modifying the server response. Successful exploitation of this...

8.8CVSS0.00482EPSS
Exploits0References1
NVD
NVD
added 2026/04/29 9:16 a.m.12 views

CVE-2026-42515

This vulnerability exists in e-Sushrut due to improper access control in resource access validation. An authenticated attacker could exploit this vulnerability by manipulating parameter in the API request URL to gain unauthorized access to sensitive information of patients on the targeted system...

7.1CVSS0.00226EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/29 8:30 a.m.4 views

CVE-2026-42517

This vulnerability exists in e-Sushrut due to the use of reversible Base64 encoding for protecting sensitive data. An authenticated attacker could exploit this vulnerability by decoding and manipulating Base64-encoded parameters in the request URL to gain unauthorized access to sensitive...

7.1CVSS5.3AI score0.00226EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/29 8:30 a.m.7 views

EUVD-2026-26203

This vulnerability exists in e-Sushrut due to the use of reversible Base64 encoding for protecting sensitive data. An authenticated attacker could exploit this vulnerability by decoding and manipulating Base64-encoded parameters in the request URL to gain unauthorized access to sensitive...

7.1CVSS5.2AI score0.00226EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/29 8:30 a.m.6 views

CVE-2026-42517 Cryptographic Failure Vulnerability in e-Sushrut HMIS

This vulnerability exists in e-Sushrut due to the use of reversible Base64 encoding for protecting sensitive data. An authenticated attacker could exploit this vulnerability by decoding and manipulating Base64-encoded parameters in the request URL to gain unauthorized access to sensitive...

7.1CVSS5.2AI score0.00226EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/29 8:26 a.m.6 views

EUVD-2026-26201

This vulnerability exists in e-Sushrut due to improper authorization checks during resource access. An authenticated attacker could exploit this vulnerability by manipulating encoded parameters in the request URL to gain unauthorized access to patient accounts on the targeted system...

7.1CVSS5.3AI score0.00226EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/29 8:26 a.m.31 views

CVE-2026-42516 Broken Access Control Vulnerability in e-Sushrut HMIS

This vulnerability exists in e-Sushrut due to improper authorization checks during resource access. An authenticated attacker could exploit this vulnerability by manipulating encoded parameters in the request URL to gain unauthorized access to patient accounts on the targeted system...

7.1CVSS0.00226EPSS
Exploits0References1
CVE
CVE
added 2026/04/29 8:26 a.m.9 views

CVE-2026-42516

The CVE-2026-42516 entry concerns e-Sushrut HMIS with improper authorization checks during resource access. An authenticated attacker could exploit encoded parameters in the request URL to gain unauthorized access to patient accounts. The connected records confirm the vulnerability is a Broken Ac...

7.1CVSS5.4AI score0.00226EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/29 8:26 a.m.3 views

CVE-2026-42516

This vulnerability exists in e-Sushrut due to improper authorization checks during resource access. An authenticated attacker could exploit this vulnerability by manipulating encoded parameters in the request URL to gain unauthorized access to patient accounts on the targeted system...

7.1CVSS5.4AI score0.00226EPSS
Exploits0References2
CVE
CVE
added 2026/04/29 8:22 a.m.11 views

CVE-2026-42515

CVE-2026-42515 is an IDOR vulnerability in the e-Sushrut HMIS. Improper access control in resource access validation allows an authenticated attacker to manipulate a URL parameter in the API request to gain unauthorized access to patients’ sensitive information. The CVSS 4.0 base score is 7.1 (HI...

7.1CVSS5.3AI score0.00226EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/29 8:13 a.m.6 views

EUVD-2026-26196

This vulnerability exists in e-Sushrut due to improper authentication logic that relies on client-side response parameters to determine authentication status. A remote attacker could exploit this vulnerability by intercepting and modifying the server response. Successful exploitation of this...

8.8CVSS5.5AI score0.00482EPSS
Exploits0References1
Rows per page
Query Builder