Lucene search
+L

905 matches found

OSV
OSV
added 2026/07/09 9:10 p.m.3 views

CVE-2026-55605 @arikusi/deepseek-mcp-server Missing Authentication on Self-Hosted HTTP MCP Endpoint

DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting in version 1.4.2 and prior to version 1.8.0, the self-hosted HTTP transport of @arikusi/deepseek-mcp-server exposes POST /mcp without any authentication: createMcpExpressApp is called without an authProvider and no middleware guards t...

5.3CVSS6AI score0.00429EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/07/08 10:36 p.m.7 views

CVE-2026-15123

Inappropriate implementation in DOM in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS6AI score0.00202EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/07/07 1:1 p.m.7 views

New API is vulnerable to CSRF through user email binding

Summary The email and WeChat account binding endpoints used GET requests for state-changing account operations. In deployments where session cookies could be sent on cross-site navigations, an attacker could trigger a logged-in user's browser to bind an attacker-controlled email address or OAuth...

5.3CVSS5.9AI score0.00189EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/07/07 10:17 a.m.4 views

PYSEC-2026-987 TensorFlow vulnerable to `CHECK` failure in tf.reshape via overflows

Impact The implementation of tf.reshape op in TensorFlow is vulnerable to a denial of service via CHECK-failure assertion failure caused by overflowing the number of elements in a tensor: python import tensorflow as tf tf.reshapetensor=1,shape=tf.constant0 for i in range255, dtype=tf.int64 This i...

5.9CVSS5.9AI score0.00411EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/07/07 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-41515

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology...

3.3CVSS6.2AI score0.00094EPSS
Exploits0References3
CVE
CVE
added 2026/07/06 9:49 p.m.14 views

CVE-2026-43927

FOSSBilling has a race-condition vulnerability in the cart checkout flow that, before version 0.8.0, lets an authenticated user apply promo codes beyond their maxuses by sending concurrent checkout requests before usage increments complete. This can enable unlimited discounts or free orders from ...

6.9CVSS6AI score0.0022EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/06 7:31 p.m.5 views

EUVD-2026-41910

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.3.0 and prior to version 4.11.0, a resource leak exists in OP-TEE’s shared memory cleanup logic because the functio...

3.8CVSS6AI score0.00105EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 5:48 p.m.3 views

GHSA-JR2X-6QF6-Q5MC Open Babel has uninitialized pointer dereference in MSI atom parser

Summary A memory-safety vulnerability in Open Babel's MSI parser caused an uninitialized pointer dereference when reading a crafted input file. Details The flaw was in the atom handling of the MSI reader. A malformed record caused the parser to dereference an atom pointer that had never been...

7.8CVSS7.1AI score0.00816EPSS
Exploits1References6
EUVD
EUVD
added 2026/06/26 11:3 p.m.14 views

EUVD-2026-36598

Nezha Monitoring: Pre-auth path traversal via /dashboard.. prefix confusion leaks jwtsecretkey...

9.1CVSS5.8AI score0.00451EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/06/24 4:20 a.m.6 views

Critical: Red Hat Security Advisory: kpatch-patch-6_12_0-211_16_1 security update

An update for kpatch-patch-6120-211161 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS6AI score0.00563EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.27 views

Linux Distros Unpatched Vulnerability : CVE-2026-9595

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Impact: When a user-configured proxy on webpack-dev-server has a broad context e.g. / and ws: true, it also intercepts the dev server's own HMR WebSocket and...

5.3CVSS6AI score0.00163EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/23 12:32 p.m.6 views

CVE-2026-4610

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pmauthormessage' parameter in the pmsendmessagetoauthor function in all versions up to, and including, 5.9.9.2 due to insufficient input sanitization and output...

6.4CVSS6AI score0.00201EPSS
Exploits0References7
OSV
OSV
added 2026/06/19 8:47 p.m.9 views

GHSA-2288-8H3R-CQGG CoreWCF: SPNEGO SecurityContextToken proof key wrapped without confidentiality

Impact When the proof key recovered from the RSTR can be observed by a party that is not the legitimate client, that party can impersonate the authenticated Windows principal for the lifetime of the SCT default 10 hours and decrypt or forge any subsequent WS‑SecureConversation traffic that uses...

7.4CVSS5.9AI score0.00175EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 7:23 p.m.24 views

CVE-2026-49345 Mercator CVE Configuration Vulnerable to Server-Side Request Forgery (SSRF)

Mercator is an open source web application that enables mapping of the information system. Prior to version 2025.05.19, a Server-Side Request Forgery SSRF vulnerability exists in Mercator's CVE configuration panel /admin/config/parameters. The testProvider method in ConfigurationController passes...

5.3CVSS0.0054EPSS
Exploits0References1
CVE
CVE
added 2026/06/19 7:21 p.m.20 views

CVE-2026-49344

Mercator (open source mapping app) prior to version 2025.05.19 is affected by CVE-2026-49344. The Query Engine endpoint /admin/queries/execute does not enforce an authorization gate, allowing any authenticated account (including read-only Auditor) to query models outside the intended scope (e.g.,...

7.1CVSS5.8AI score0.00281EPSS
Exploits0References1
OSV
OSV
added 2026/06/18 4:18 p.m.4 views

CVE-2025-32436 AutoGPT has a DoS vulnerability in AddAudioToVideoBlock

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, AddAudioToVideoBlock will download and store the video and audio in a temporary directory without deleting before all noded are done. StepThroughItemsBlock c...

7.1CVSS5.9AI score0.00247EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.16 views

PT-2026-50694

Name of the Vulnerable Software and Affected Versions AutoGPT versions prior to 0.6.63 Description AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. The AddAudioToVideoBlock function downloads and stores video and audio file...

7.1CVSS5.8AI score0.00247EPSS
Exploits0References5
CVE
CVE
added 2026/06/12 8:6 p.m.22 views

CVE-2026-54056

Kitty (GPU-based terminal) vulnerability CVE-2026-54056 affects versions 0.47.0–0.47.1 where a remote drag-and-drop via kitten dnd staging can overwrite or truncate arbitrary files writable by the local user. The attack chains a staged remote text/uri-list, exploiting a race in staging where a st...

7.6CVSS5.7AI score0.00268EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/06/12 6:34 p.m.34 views

CVE-2026-53724 Parse Server: Stored XSS via trailing-dot filename bypassing file upload extension blocklist

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.79 and 9.9.1-alpha.4, the default file upload extension blocklist can be bypassed by appending a trailing dot to a filename whose extension would otherwise be blocked e.g...

2.1CVSS0.00281EPSS
Exploits0References3
CVE
CVE
added 2026/06/12 6:22 p.m.34 views

CVE-2026-50008

Parse Server (versions 9.8.0–before 9.9.1-alpha.3) is affected by a bypass in the routeAllowList option. The allow-list check is enforced as Express middleware against the outer HTTP request URL, but the /batch handler dispatches sub-requests to the internal router without re-running the allow-li...

6.9CVSS5.2AI score0.00342EPSS
Exploits0References2
Rows per page
Query Builder