Lucene search
K

15100 matches found

Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.12 views

PT-2026-36898

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.33 n8n versions prior to 2.17.5 Description An issue in the 'dynamic-node-parameters' endpoints allows an authenticated user with access to a shared workflow to supply a foreign credential ID in the request body...

8.5CVSS5.9AI score0.0026EPSS
Exploits0References7
Snyk
Snyk
added 2026/04/28 10:28 p.m.6 views

Use of Cache Containing Sensitive Information

Overview Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information due to the default KeyGenerator process in the cache middleware not including query parameters when generating cache keys. An attacker can access or cause exposure of user-specific or...

6.9CVSS5.8AI score0.00251EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/28 10:28 p.m.12 views

Use of Cache Containing Sensitive Information

Overview Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information due to the default KeyGenerator process in the cache middleware not including query parameters when generating cache keys. An attacker can access or cause exposure of user-specific or...

6.9CVSS5.8AI score0.00251EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/28 10:28 p.m.6 views

Use of Cache Containing Sensitive Information

Overview Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information due to the default KeyGenerator process in the cache middleware not including query parameters when generating cache keys. An attacker can access or cause exposure of user-specific or...

6.9CVSS5.8AI score0.00251EPSS
Exploits1References2
Xen Project
Xen Project
added 2026/04/28 6:5 p.m.9 views

Multiple RBAC issues in XAPI

ISSUE DESCRIPTION XAPI can configure different users with different roles, using Role Based Access Control. For more details, see: https://docs.xenserver.com/en-us/xencenter/current-release/rbac-overview.htmlrbac-roles The pool-admin role is fully privileged. Notably, users with this role can als...

5.4AI score
Exploits0
OSV
OSV
added 2026/04/28 5:16 p.m.6 views

CLSA-2026-1777396609 openssl: Fix of 3 CVEs

CVE-2026-28388: fix NULL dereference in checkdeltabase when a Delta CRL lacks the CRL Number extension - CVE-2026-28389: fix NULL dereference in dh/ecdhcmssetsharedinfo when KeyEncryptionAlgorithmIdentifier has no parameters field - CVE-2026-28390: fix NULL dereference in rsacmsdecrypt when the...

7.5CVSS5.8AI score0.00885EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/28 12:15 p.m.4 views

CVE-2026-7271

A vulnerability was detected in DV0x creative-ad-agent up to 751b9e5146604dc65049bd0f62dcbdad6212f8a3. Impacted is an unknown function of the file server/sdk-server.ts of the component creative-ad-agent-server. Performing a manipulation of the argument req.params results in path traversal. Remote...

6.9CVSS5.3AI score0.00479EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/28 12:15 p.m.7 views

EUVD-2026-26042

A vulnerability was detected in DV0x creative-ad-agent up to 751b9e5146604dc65049bd0f62dcbdad6212f8a3. Impacted is an unknown function of the file server/sdk-server.ts of the component creative-ad-agent-server. Performing a manipulation of the argument req.params results in path traversal. Remote...

6.9CVSS5.4AI score0.00479EPSS
Exploits0References6
SUSE Linux
SUSE Linux
added 2026/04/28 11:53 a.m.4 views

Security update for dovecot22

This update for dovecot22 fixes the following issues: CVE-2025-59031: decode2text.sh OOXML extraction may follow symlinks and read unintended files during indexing bsc1260895. CVE-2025-59032: pigeonhole: ManageSieve panic occurs with sieve-connect as a client bsc1260902. CVE-2026-27855: OTP drive...

9.1CVSS5.3AI score0.0079EPSS
Exploits5References28
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.11 views

Creative Ad Agent 路径遍历漏洞

Creative Ad Agent is an AI-based advertising creative generation tool developed by DV Personal Developer. Creative Ad Agent has a path traversal vulnerability. This vulnerability stems from the operation of the server/sdk-server.ts file in the creative-ad-agent-server component, where unknown...

6.9CVSS6AI score0.00479EPSS
Exploits0References2
OSV
OSV
added 2026/04/27 6:33 p.m.11 views

JLSEC-2026-254 Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values...

Issue summary: Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even a possibility of a remote code execution,...

4.3CVSS6.6AI score0.05966EPSS
Exploits0References16
OSV
OSV
added 2026/04/27 6:33 p.m.8 views

JLSEC-2026-241 Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary:...

Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHcheck, DHcheckex or EVPPKEYparamcheck to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been...

5.3CVSS6.4AI score0.02577EPSS
Exploits0References20
RedHat Linux
RedHat Linux
added 2026/04/27 3:6 p.m.7 views

cpython: Header injection in http.cookies.Morsel in Python

An injection flaw has been discovered in Python. When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters...

6CVSS5.3AI score0.00401EPSS
Exploits0References6
OSV
OSV
added 2026/04/27 1:45 p.m.11 views

JLSEC-2026-201

A stack-use-after-scope issue discovered in expandmmacparams function in preproc.c in nasm before 2.15.04 allows remote attackers to cause a denial of service via crafted asm file...

5.5CVSS5.3AI score0.00382EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/27 12:14 p.m.4 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes throug the CamelCoapResource.handleRequest function. An attacker can execute arbitrary operating system commands by injecting specially crafted CoAP URI quer...

10CVSS6.6AI score0.06157EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/04/27 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-42040

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the encode function in lib/helpers/AxiosURLSearchParams.js contain...

3.7CVSS5.9AI score0.00217EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/04/26 12:0 a.m.14 views

MaxSite CMS 跨站脚本漏洞

MaxSite CMS is an open-source website content management system developed by MaxSite in Russia. Versions of MaxSite CMS starting from 109.3 and earlier had a cross-site scripting vulnerability. This vulnerability stemmed from the fushkanew/fushk parameters in the ushki Plugin component, which cou...

4.8CVSS5.6AI score0.00215EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/04/25 6:6 a.m.120 views

Exploit for OS Command Injection in Sierrawireless Aleos

CVE-2022-46649 PoC exploit for CVE-2022-46649, a command in...

8.8CVSS6AI score0.02297EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2026/04/25 12:0 a.m.13 views

PT-2026-38566

Name of the Vulnerable Software and Affected Versions ReverseProxy affected versions not specified Description ReverseProxy can forward queries containing parameters that are not visible to Rewrite functions. When utilizing a Rewrite function or a Director function that parses query parameters,...

9.8CVSS5.8AI score0.0039EPSS
Exploits0
NVD
NVD
added 2026/04/24 6:16 p.m.3 views

CVE-2026-42040

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the encode function in lib/helpers/AxiosURLSearchParams.js contains a character mapping charMap at line 21 that reverses the safe percent-encoding of null bytes. After encodeURIComponent'\x00' correctly...

3.7CVSS0.00217EPSS
Exploits1References1
Rows per page
Query Builder