Lucene search
K

4541 matches found

Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-57575 Misskey: SSRF bypass in URL Preview

Misskey is an open source, federated social media platform. Prior to 2026.6.0, Misskey contains a Server-Side Request Forgery SSRF vulnerability in URL preview functionality in UrlPreviewService. Due to missing network restrictions before establishing outbound connections, a remote attacker can...

6.9CVSS0.00347EPSS
Exploits0References3
CVE
CVE
added 4 days ago9 views

CVE-2026-57575

Misskey (open source federated social platform) contains a Server-Side Request Forgery (SSRF) vulnerability in the UrlPreviewService prior to version 2026.6.0. The issue arises from insufficient network restrictions before outbound requests, allowing an attacker to trigger the Misskey server to i...

6.9CVSS6.1AI score0.00347EPSS
Exploits0References3
NVD
NVD
added 4 days ago7 views

CVE-2026-56329

Capgo before 12.128.2 contains a cross-tenant preview namespace collision vulnerability caused by non-bijective decoding of double underscores to dots in preview hostname parsing. Attackers can register app IDs with underscores that collide with other tenants' dotted app IDs, causing preview...

6.4CVSS0.00237EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42885

Capgo before 12.128.2 contains a cross-tenant preview namespace collision vulnerability caused by non-bijective decoding of double underscores to dots in preview hostname parsing. Attackers can register app IDs with underscores that collide with other tenants' dotted app IDs, causing preview...

6.4CVSS6.1AI score0.00237EPSS
Exploits0References2
CVE
CVE
added 4 days ago7 views

CVE-2026-56329

CVE-2026-56329 affects Capgo before 12.128.2. The issue arises from non-bijective decoding of double underscores to dots in preview hostname parsing, causing a cross-tenant preview namespace collision. Attackers can register app IDs with underscores that collide with other tenants’ dotted app IDs...

6.4CVSS6.1AI score0.00237EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago29 views

CVE-2026-56329 Capgo - Cross-Tenant Preview Namespace Collision via Non-Bijective Underscore Decoding

Capgo before 12.128.2 contains a cross-tenant preview namespace collision vulnerability caused by non-bijective decoding of double underscores to dots in preview hostname parsing. Attackers can register app IDs with underscores that collide with other tenants' dotted app IDs, causing preview...

6.4CVSS0.00237EPSS
Exploits0References2
NVD
NVD
added 5 days ago7 views

CVE-2026-59833

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, SiYuan renders note and package content to HTML through the Lute engine with sanitization enabled, but Lute's dangerous javascript scheme block does not check form action or SVG xlink:href attributes, allowing stored...

8.6CVSS0.00388EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-59833

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, SiYuan renders note and package content to HTML through the Lute engine with sanitization enabled, but Lute's dangerous javascript scheme block does not check form action or SVG xlink:href attributes, allowing stored...

8.6CVSS5.9AI score0.00388EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-54004

Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites with content.fileRedirects enabled could redirect unauthenticated clean file URL requests for files stored in top-level draft pages to physical media URLs without checking page access permissions or preview...

6.3CVSS5.9AI score0.00312EPSS
Exploits0References6Affected Software1
RedHat Linux
RedHat Linux
added 5 days ago7 views

Important: Red Hat Security Advisory: RHTAS 1.4.2 - Tech Preview Release Of the Model Validation Operator

The Tech Preview release of the RHTAS Model Validation Operator. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.4 The RHTAS Model Validation Operator can be used with OpenShift Container Platform 4.16, 4.17,...

9.1CVSS6.8AI score0.00533EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 5 days ago7 views

Important: Red Hat Security Advisory: RHTAS 1.4.2 - Tech Preview Release Of the Go based Model Transparency CLI

The Tech Preview release of the Go based RHTAS Model Transparency CLI image. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.4 The Go based RHTAS Model Transparency CLI image can be used to sign and verify AI/M...

9.1CVSS6.8AI score0.00533EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-57008

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.1 Description SiYuan uses the Lute engine to render note and package content into HTML. A flaw in the sanitization process occurs because the dangerous javascript scheme block fails to validate the form action and...

8.6CVSS6.1AI score0.00388EPSS
Exploits0References5
NVD
NVD
added last week6 views

CVE-2026-55418

FastGPT is an open source AI knowledge base platform. Prior to v4.15.0-beta5, two FastGPT file handlers authorize an unrelated resource and then sign or read an S3 object using a key taken directly from the request, without checking that the key belongs to the caller's team. Because S3 object key...

8.6CVSS0.00299EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added last week7 views

CVE-2026-55418

FastGPT is an open source AI knowledge base platform. Prior to v4.15.0-beta5, two FastGPT file handlers authorize an unrelated resource and then sign or read an S3 object using a key taken directly from the request, without checking that the key belongs to the caller's team. Because S3 object key...

8.6CVSS6AI score0.00299EPSS
Exploits0References5Affected Software1
NVD
NVD
added last week8 views

CVE-2026-53730

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the /de2api/datasetData/previewSql endpoint lacks the mandatory @DePermit permission validation annotation, allowing any authenticated user to specify datasourceId=-1, access the built-in engine database, execute...

8.7CVSS0.00235EPSS
Exploits0References2
Cvelist
Cvelist
added last week34 views

CVE-2026-53730 DataEase: Unauthorized Access to Engine Database via previewSql Endpoint

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the /de2api/datasetData/previewSql endpoint lacks the mandatory @DePermit permission validation annotation, allowing any authenticated user to specify datasourceId=-1, access the built-in engine database, execute...

8.7CVSS0.00235EPSS
Exploits0References2
OSV
OSV
added last week6 views

CVE-2026-53730 DataEase: Unauthorized Access to Engine Database via previewSql Endpoint

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the /de2api/datasetData/previewSql endpoint lacks the mandatory @DePermit permission validation annotation, allowing any authenticated user to specify datasourceId=-1, access the built-in engine database, execute...

8.7CVSS6.2AI score0.00235EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added last week7 views

Important: Red Hat Security Advisory: satellite/foreman-mcp-server-rhel9 container image available as a Technology Preview

A new satellite/foreman-mcp-server-rhel9 container image is now available as a Technology Preview in the Red Hat container registry. Satellite provides a container image that you can use to run an MCP server locally. The MCP server for Satellite is designed for advanced reporting and data analysi...

10CVSS5.8AI score0.01011EPSS
Exploits4References9
PyPA
PyPA
added last week8 views

HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering

ImpactThe vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature.A malicious user can access any data that the attacked user has access to as well as perform arbitrary requests acting as the attacked user...

8.8CVSS6.1AI score0.00373EPSS
Exploits0References7Affected Software1
The Hacker News
The Hacker News
added 2026/07/07 1:27 p.m.25 views

Writer AI Flaw Could Let Agent Previews Leak Session Tokens Across Tenants

Cybersecurity researchers have disclosed details of a now-patched critical session isolation vulnerability in Writer, an enterprise generative artificial intelligence AI platform, that could result in cross-tenant compromise. The one-click vulnerability has been codenamed WriteOut by the Sand...

6.1AI score
Exploits0
Rows per page
Query Builder