Lucene search
K

1405 matches found

CVE
CVE
added 2026/05/05 2:15 p.m.24 views

CVE-2026-7412

CVE-2026-7412 affects Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10. The Operation Delegation feature fails to validate the destination URI of delegated requests, enabling an unauthenticated remote attacker to coerce the BaSyx server into performing blind HTTP POSTs to arbitr...

8.6CVSS6.1AI score0.00516EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.8 views

Gotenberg 代码问题漏洞

Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Version 8.29.1 of Gotenberg contains a code vulnerability. This vulnerability stems from the FilterDeadline function, which returns nil unconditionally when...

7.2CVSS5.9AI score0.00236EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.9 views

Eclipse BaSyx Java Server SDK 代码问题漏洞

Eclipse BaSyx Java Server SDK is an industrial digitalization development toolkit from the Eclipse Foundation. Versions of Eclipse BaSyx Java Server SDK prior to 2.0.0-milestone-10 contained code vulnerabilities. These vulnerabilities stemmed from the Operation Delegation feature not verifying th...

8.6CVSS6.3AI score0.00516EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.11 views

FacturaScripts 安全漏洞

FacturaScripts is an open-source ERP software developed by Carlos Garcia, a Spanish developer. Versions of FacturaScripts prior to 2025.92 contained security vulnerabilities. These vulnerabilities stemmed from the lack of validation of the nick parameter in the POST request of the EditUser...

5.3CVSS5.8AI score0.0033EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/30 5:24 p.m.7 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the FilterDeadline function. An attacker can force the application to make arbitrary outbound HTTP POST requests to internal or external destinations by supplying a crafted URL in the...

7.2CVSS6AI score0.00236EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/30 5:24 p.m.9 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the FilterDeadline function. An attacker can force the application to make arbitrary outbound HTTP POST requests to internal or external destinations by supplying a crafted URL in the...

7.2CVSS6AI score0.00236EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/29 7:24 p.m.4 views

CVE-2018-25298 Merge PACS 7.0 Cross-Site Request Forgery via merge-viewer

Merge PACS 7.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms targeting the merge-viewer endpoint. Attackers can submit POST requests to /servlet/actions/merge-viewer/summary with login credentials to hija...

6.9CVSS5.2AI score0.00138EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/28 10:39 p.m.4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass through improper validation of the nick parameter in the user update process. An attacker can modify immutable account identifiers by intercepting and altering POST requests, potentially sabotaging audit trails,...

5.3CVSS5.8AI score0.0033EPSS
Exploits0References2
CVE
CVE
added 2026/04/27 12:0 a.m.16 views

CVE-2026-30350

Technical details are not publicly available in the provided documents. Monitor updates from primary sources for affected components, exact versions, and remediation guidance.

7.5CVSS5.3AI score0.00366EPSS
Exploits0References2
NVD
NVD
added 2026/04/24 7:17 p.m.34 views

CVE-2026-41328

Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configuration where ACL is not enabled. The attack require...

9.1CVSS0.00338EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/24 6:25 p.m.4 views

CVE-2026-41328

Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configuration where ACL is not enabled. The attack require...

9.1CVSS5.5AI score0.00338EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/24 11:5 a.m.4 views

CVE-2026-4313 Stored XSS in AdaptiveGRC

AdaptiveGRC is vulnerable to Stored XSS via text type fields across the forms. Authenticated attacker can replace the value of the text field in the HTTP POST request. Improper parameter validation by the server results in arbitrary JavaScript execution in the victim's browser. Critically, this...

2.4CVSS5.9AI score0.0059EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/21 5:56 p.m.32 views

CVE-2026-40608 Next AI Draw.io: Unbounded HTTP Body — Denial of Service

Next AI Draw.io is a next.js web application that integrates AI capabilities with draw.io diagrams. Prior to 0.4.15, the embedded HTTP sidecar contains three POST handlers /api/state, /api/restore, and /api/history-svg that process incoming requests by accumulating the entire request body into a...

6.2CVSS0.00146EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.8 views

Zeon Academy Pro SQL注入漏洞

Zeon Academy Pro is an online learning and training management platform developed by the Indian company Zeon. Zeon Academy Pro has a SQL injection vulnerability. This vulnerability stems from the parameter “phonenumber” in the file /private/continue-upload.php, which allows attackers to retrieve,...

9.3CVSS5.8AI score0.00238EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/17 9:31 p.m.14 views

EUVD-2026-23498

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug settings e.g., enabling SSH, allowing unauthorized state changes that can facilitate later compromise...

7.5CVSS5.8AI score0.00285EPSS
Exploits0References4
NVD
NVD
added 2026/04/17 8:16 p.m.7 views

CVE-2026-40461

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug settings e.g., enabling SSH, allowing unauthorized state changes that can facilitate later compromise...

7.5CVSS0.00285EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/16 8:44 p.m.8 views

Allocation of Resources Without Limits or Throttling

Overview mcp-framework is a Framework for building Model Context Protocol MCP servers in Typescript Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the readRequestBody function. An attacker can exhaust system memory and cause a server...

8.7CVSS5.8AI score0.00495EPSS
Exploits0References2
OSV
OSV
added 2026/04/16 8:44 p.m.7 views

GHSA-353C-V8X9-V7C3 MCP-Framework: Unbounded memory allocation in readRequestBody allows denial of service via HTTP transport

Summary The readRequestBody function in src/transports/http/server.ts concatenates HTTP request body chunks into a string with no size limit, allowing a remote unauthenticated attacker to crash the server via memory exhaustion with a single large HTTP POST request. Details File:...

8.7CVSS5.9AI score0.00495EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.6 views

Schneider Electric PowerChute Serial Shutdown 资源管理错误漏洞

Schneider Electric PowerChute Serial Shutdown is a UPS management, normal shutdown and energy management software from Schneider Electric France. Schneider Electric PowerChute Serial Shutdown suffers from a Resource Management Error vulnerability that stems from uncontrolled resource consumption,...

6.5CVSS5.8AI score0.00245EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.9 views

Schneider Electric PowerChute Serial Shutdown 安全漏洞

Schneider Electric PowerChute Serial Shutdown is a UPS management, normal shutdown and energy management software from Schneider Electric France. A security bypass vulnerability exists in Schneider Electric PowerChute Serial Shutdown, which stems from improper output encoding or escaping, and can...

6.9CVSS5.8AI score0.00186EPSS
Exploits0References1
Rows per page
Query Builder