Lucene search
K

11089 matches found

CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

VMware Spring Cloud Config 路径遍历漏洞

VMware Spring Cloud Config is a configuration management solution for distributed systems developed by VMware, Inc. This product provides server and client support for external configurations in distributed systems. VMware Spring Cloud Config has a path traversal vulnerability, which stems from t...

9.1CVSS5.8AI score0.00727EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.12 views

PT-2026-38595

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions 3.19.1 through 3.19.5 GitHub Enterprise Server versions 3.20.0 through 3.20.1 Description A reflected HTML injection issue exists in the Management Console login page. The redirect to query parameter on the...

5.9CVSS5.8AI score0.00164EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.12 views

Wallos 代码问题漏洞

Wallos is an open-source personal subscription tracker developed by Miguel Ribeiro. Versions of Wallos prior to 4.8.1 contained code vulnerabilities. These vulnerabilities stemmed from the SSRF protection mechanism not preventing the CGNAT address range, which could allow authenticated users to...

4.3CVSS5.9AI score0.00204EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.15 views

PT-2026-38444

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.8.1, the SSRF protection in endpoints/subscription/add.php line 42 and endpoints/payments/add.php line 40 uses an inline IP validation check FILTER FLAG NO PRIV RANGE | FILTER FLAG NO RES RANGE that does not...

4.3CVSS5.7AI score0.00204EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

GitPython 操作系统命令注入漏洞

GitPython is a Python library developed by gitpython-developers, used for interacting with Git repositories. Versions of GitPython from 3.1.30 to 3.1.47 contained an operating system command injection vulnerability. This vulnerability stemmed from allowing dangerous Git options without proper...

8.8CVSS6.1AI score0.00719EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.9 views

n8n-MCP 代码问题漏洞

n8n-MCP is a model context protocol server developed by Romuald Członkowski, an individual developer. There are code vulnerabilities in versions 2.47.4 to 2.47.13 of n8n-MCP. These vulnerabilities stem from the fact that the SSRFRProtection.validateUrlSync URL verifier does not check IPv6...

8.5CVSS5.9AI score0.00206EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2026/05/07 12:0 a.m.68 views

Ghost CMS 6.19.0 - SQLi

Exploit Title: Ghost CMS 6.19.0 - SQLi Date: 2026-03-30 Exploit Author: Maksim Rogov Exploit Licence: GPL-3.0 Software Link: https://ghost.org/ Version: Ghost =3D 3.24.0, = 3.24.0, = 6.19.0 Tested on: Ghost 6.16.1 CVE : CVE-2026-26980 !/usr/bin/env python3 import requests import re import sys...

9.4CVSS6AI score0.69996EPSS
Exploits7
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

DivvyDrive 跨站请求伪造漏洞

DivvyDrive is a file storage and sharing management platform developed by DivvyDrive Inc. in Turkey. Versions of DivvyDrive from 4.8.2.9 to 4.8.3.2 contained a cross-site request forgeing vulnerability. This vulnerability was caused by cross-site request forgeing, and it could lead to cross-site...

6.5CVSS5.7AI score0.0015EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/05/06 11:49 p.m.8 views

lemmy_server (>=0.11.3-rc.5 <=0.16.2-rc.1) potentially affected by unknown CVE via lemmy_api (>=0.11.3-rc.5 <=0.16.2-rc.1)

lemmyapi CARGO version =0.11.3-rc.5, =0.11.3-rc.5, =0.16.2-rc.1 Source cves: unknown CVE Source advisory: OSV:GHSA-QXRW-F6FH-34R7...

5.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/05/06 9:45 p.m.10 views

vLLM: extract_hidden_states speculative decoding crashes server on any request with penalty parameters

Summary The extracthiddenstates speculative decoding proposer in vLLM returns a tensor with an incorrect shape after the first decode step, causing a RuntimeError that crashes the EngineCore process. The crash is triggered when any request in the batch uses sampling penalty parameters...

6.5CVSS5.8AI score0.00367EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2026/05/06 9:43 p.m.9 views

a-mailx (=0.1.0), aaa-ml-datasets-course (=1.0.0) +103 more potentially affected by CVE-2026-42557 via notebook (>=7.0.0 <=7.5.5)

notebook PYPI version =7.0.0, =0.0.7, =1.0.1, =0.1.0, =1.6.4, =0.1.0, =0.0.1, =0.1.0, =0.0.1, =0.1.8, =0.0.2, =0.0.6 - compare-my-stocks =1.0.5 and more Source cves: CVE-2026-42557 Source advisory: OSV:GHSA-MQCG-5X36-VFCG...

9.6CVSS5.7AI score0.00386EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/06 9:20 p.m.9 views

@0xwork/connect (>=0.1.0 <=0.1.7), @agentholdings/agent-passport (>=0.1.0 <=0.1.5) +23 more potentially affected by CVE-2026-43577 via openclaw (>=2026.3.22 <=2026.4.5)

openclaw NPM version =2026.3.22, =0.1.0, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =0.0.0, =27.2.5, =1.1.0, =2.1.3, =2026.3.24-3, =0.14.39, =0.1.0, =0.1.1, =0.2.18 and more Source cves: CVE-2026-43577 Source advisory: SNYK:JS-OPENCLAW-16438147...

7.1CVSS5.7AI score0.00253EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/06 8:21 p.m.9 views

CVE-2026-27960

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. In versions 6.6.0 through 6.9.12, there is a privilege escalation vulnerability that can be exploited by unauthenticated attackers to query the API as any existing user, including the default admi...

9.8CVSS5.7AI score0.0048EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2026/05/06 8:0 p.m.7 views

io.micronaut.aot:micronaut-aot-core (=3.0.0-M2), io.micronaut.aot:micronaut-aot-std-optimizers (=3.0.0-M2) +427 more potentially affected by CVE-2026-44241 via io.micronaut:micronaut-context (>=5.0.0-M1 <=5.0.0-M24)

io.micronaut:micronaut-context MAVEN version =5.0.0-M1, =5.0.0-M1, =5.0.0-M1, =5.0.0-M1, =5.0.0-M1, =5.0.0-M1, =5.0.0-M1, =5.0.0-M1, =5.0.0-M1, =5.0.0-M1, =5.0.0-M1, =5.0.0-M1, =5.0.0-M1, =5.0.0-M1, =5.0.0-M3 and more Source cves: CVE-2026-44241 Source advisory: SNYK:JAVA-IOMICRONAUT-16478697...

7.5CVSS5.8AI score0.00405EPSS
Exploits0
OSV
OSV
added 2026/05/06 7:54 p.m.6 views

GHSA-4RM2-28VJ-FJ39 Scramble vulnerable to remote code execution via evaluation of user-controlled input in validation rules

Impact A remote code execution RCE vulnerability affects versions 0.13.2 through 0.13.21. When documentation endpoints are publicly accessible and validation rules reference user-controlled input, request supplied data may be evaluated during documentation generation, leading to execution of...

9.4CVSS6.5AI score0.0586EPSS
Exploits3References4
vulnersOsv
vulnersOsv
added 2026/05/06 7:38 p.m.7 views

ac-solver (=0.1.0), acedeploy (>=2.4.15 <=2.4.342) +764 more potentially affected by CVE-2026-44243 via gitpython (>=3.0.0 <=3.1.47)

gitpython PYPI version =3.0.0, =2.4.15, =2025.10.17, =0.4.0, =0.4.0, =0.0.5, =1.2.3, =0.4.7, =0.4.7, =0.2.0, =1.0.3, =0.1.8, =0.87.2.dev9, =0.5.0, =0.86.1 and more Source cves: CVE-2026-44243 Source advisory: SNYK:PYTHON-GITPYTHON-16438979...

8.8CVSS7.2AI score0.00419EPSS
Exploits1
OSV
OSV
added 2026/05/06 6:16 p.m.7 views

DEBIAN-CVE-2026-33079

In versions 3.0.0a1 through 3.2.0 of Mistune, there is a ReDoS Regular Expression Denial of Service vulnerability in LINKTITLERE that allows an attacker who can supply Markdown for parsing to cause denial of service. The regular expression used for parsing link titles contains overlapping...

8.7CVSS5.8AI score0.00481EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/06 12:30 p.m.7 views

EUVD-2026-27801

In the Linux kernel, the following vulnerability has been resolved: net/sched: actskbedit: fix divide-by-zero in tcfskbedithash Commit 38a6f0865796 "net: sched: support hash selecting tx queue" added SKBEDITFTXQSKBHASH support. The inclusive range size is computed as: mappingmod = queuemappingmax...

5.7AI score0.00128EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/06 12:30 p.m.7 views

EUVD-2026-27690

In the Linux kernel, the following vulnerability has been resolved: ima: verify the previous kernel's IMA buffer lies in addressable RAM Patch series "Address page fault in imarestoremeasurementlist", v3. When the second-stage kernel is booted via kexec with a limiting command line such as "mem="...

6AI score0.00122EPSS
Exploits0References5
OSV
OSV
added 2026/05/06 12:30 p.m.6 views

GHSA-JVV4-8WXX-M5R6 Apache Wicket has an Exposure of Sensitive Information to an Unauthorized Actor vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, from 9.0.0 through 9.22.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue...

7.5CVSS5.8AI score0.00394EPSS
Exploits0References4
Rows per page
Query Builder