Lucene search
K

38 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-8458

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use different 'services'...

6AI score0.00206EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/12 8:59 p.m.12 views

EUVD-2026-36590

ApostropheCMS is an open-source Node.js content management system. In versions up to and including 4.30.0, apos.util.set traverses dot-notation paths without sanitizing proto, allowing an authenticated editor to write arbitrary values to Object.prototype via the $pullAll patch operator. A confirm...

9.1CVSS5.5AI score0.00237EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.14 views

PT-2026-48435

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the install blueprint declares only bp.before request → @jwt required app/routes/install/routes.py:36-39. The individual endpoints install exporter, install waf, install geoip,...

9.9CVSS5.5AI score0.00267EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/01 4:1 p.m.13 views

EUVD-2026-33662

Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerability in Cline Kanban servers. At time of publication, there are no publicly available patches...

9.6CVSS5.8AI score0.0018EPSS
Exploits1References1
NVD
NVD
added 2026/05/08 11:16 p.m.13 views

CVE-2026-42345

FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress function in packages/service/common/system/utils.ts blocks cloud metadata endpoints using a fullUrl.startsWith check against a hardcoded list. This check can be bypassed using at least 7 different...

7.7CVSS0.00213EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/08 10:9 p.m.10 views

EUVD-2026-28853

FastGPT is an AI Agent building platform. In versions 4.14.13 and prior, the code-sandbox component suffers from insufficient resource isolation and uncontrolled resource consumption. The service relies solely on an application-level soft limit a 500ms polling interval for memory management and...

6.3CVSS5.8AI score0.00268EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/07 5:12 a.m.6 views

CVE-2026-41586

Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. From versions 1.0.0 to 2.2.26, Channel.java implements readObject and exposes deSerializeChannel which call ObjectInputStream.readObject on untrusted byte arrays without...

9.3CVSS5.8AI score0.0041EPSS
Exploits0References3Affected Software1
Amazon
Amazon
added 2026/04/30 12:0 a.m.9 views

Important: cups

Issue Overview: OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, the RSS notifier allows .. path traversal in notify-recipient-uri e.g., rss:///../job.cache, letting a remote IPP client write RSS XML bytes outside...

7.8CVSS6.6AI score0.00502EPSS
Exploits4
OSV
OSV
added 2026/04/25 5:48 a.m.7 views

OESA-2026-2018 cups security update

CUPS is the standards-based, open source printing system developed by Apple Inc. for UNIX®-like operating systems. CUPS uses the Internet Printing Protocol IPP to support printing to local and network printers. Security Fixes: OpenPrinting CUPS is an open source printing system for Linux and othe...

7.8CVSS6.4AI score0.00502EPSS
Exploits5References6
ATTACKERKB
ATTACKERKB
added 2026/04/03 9:16 p.m.3 views

CVE-2026-34979

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, there is a heap-based buffer overflow in the CUPS scheduler when building filter option strings from job attribute. At time of publication, there are no publicly...

5.3CVSS6.1AI score0.00379EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/04/03 9:16 p.m.8 views

EUVD-2026-18885

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, there is a heap-based buffer overflow in the CUPS scheduler when building filter option strings from job attribute. At time of publication, there are no publicly...

5.3CVSS6.1AI score0.00379EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.7 views

PT-2026-30237

Name of the Vulnerable Software and Affected Versions CUPS versions prior to 2.4.16 Description A heap-based buffer overflow occurs in the CUPS scheduler when building filter option strings from job attributes. This issue is located in the get options function and may allow a remote attacker to...

7.8CVSS6.3AI score0.00502EPSS
Exploits7References60
NVD
NVD
added 2026/03/30 6:16 p.m.42 views

CVE-2026-33032

Nginx UI is a web user interface for the Nginx web server. In versions 2.3.5 and prior, the nginx-ui MCP Model Context Protocol integration exposes two HTTP endpoints: /mcp and /mcpmessage. While /mcp requires both IP whitelisting and authentication AuthRequired middleware, the /mcpmessage endpoi...

9.8CVSS0.38477EPSS
Exploits4References2
Cvelist
Cvelist
added 2026/03/30 5:58 p.m.26 views

CVE-2026-33032 Nginx UI: Unauthenticated MCP Endpoint Allows Remote Nginx Takeover

Nginx UI is a web user interface for the Nginx web server. In versions 2.3.5 and prior, the nginx-ui MCP Model Context Protocol integration exposes two HTTP endpoints: /mcp and /mcpmessage. While /mcp requires both IP whitelisting and authentication AuthRequired middleware, the /mcpmessage endpoi...

9.8CVSS0.38477EPSS
Exploits4References1
Tenable Nessus
Tenable Nessus
added 2026/03/25 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2026-71717

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - nodejs - None CVE-2026-71717 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C Tenable, Inc...

5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.5 views

PT-2026-27456

Name of the Vulnerable Software and Affected Versions LoLLMs WEBUI affected versions not specified Description LoLLMs WEBUI, the web user interface for Lord of Large Language and Multi modal Systems, contains a Server-Side Request Forgery SSRF issue. An unauthenticated attacker can exploit this t...

9.1CVSS5.9AI score0.21629EPSS
Exploits3References8
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.6 views

PT-2026-27206

Name of the Vulnerable Software and Affected Versions Blinko versions prior to 1.8.3 Description Blinko is an AI-powered card note-taking project. The plugin file server endpoint uses the join function to concatenate paths but does not verify if the final path is within the plugins directory,...

6.9CVSS5.2AI score0.00771EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.6 views

PT-2026-27207

Blinko is an AI-powered card note-taking project. In versions from 1.8.3 and prior, the fileName parameter is not filtered, allowing path traversal to write files anywhere on the file system. Moreover, this interface only requires authProcedure normal user, not superAdminAuthMiddleware. At time o...

5.3CVSS5.8AI score0.00336EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.6 views

PT-2026-27198

Name of the Vulnerable Software and Affected Versions New API versions 0.10.0 and later Description A flaw exists in the universal secure verification flow, allowing an authenticated user with a registered passkey to bypass the WebAuthn assertion requirement. This issue affects actions protected ...

4.9CVSS5.8AI score0.00289EPSS
Exploits0References7
EUVD
EUVD
added 2026/03/20 8:29 p.m.5 views

EUVD-2026-13793

ScreenToGif is a screen recording tool. In versions from 2.42.1 and prior, ScreenToGif is vulnerable to DLL sideloading via version.dll . When the portable executable is run from a user-writable directory, it loads version.dll from the application directory instead of the Windows System32...

7.8CVSS6.4AI score0.00224EPSS
Exploits1References1
Rows per page
Query Builder