Lucene search
K

262 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/15 2:59 a.m.9 views

CVE-2024-36323

Improper isolation of VCN-JPEG HW register space could allow a malicious Guest Virtual Machine VM or a process to perform unauthorized access to the register space of the JPEG cores assigned a victim VM/process, potentially gaining arbitrary read/write access to the victim VM/process data...

8.8CVSS5.9AI score0.00096EPSS
Exploits0References2
Veracode
Veracode
added 2026/05/14 6:14 p.m.17 views

Improper Authentication

Juju is vulnerable to Improper Authentication. The vulnerability is due to improper TLS client and server certificate validation in the internal Dqlite database cluster, which allows an unauthenticated attacker to join the cluster and gain full read and write access to the database...

10CVSS5.8AI score0.00381EPSS
Exploits1References2Affected Software1
Packet Storm News
Packet Storm News
added 2026/05/13 12:0 a.m.73 views

ExploitBench: A Capability Ladder Benchmark for LLM Cybersecurity Agents

Exploitation is not a binary event. It is a ladder of acquiring progressive capabilities, from executing a single buggy line of code to taking full control of the target. However, existing LLM security benchmarks treat a crash as exploitation success. That single binary outcome collapses the hard...

6.4AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/12 10:29 p.m.6 views

CVE-2026-8108

The installation of Fuji Tellus adds a driver to the kernel which grants all users read and write permissions...

7.8CVSS5.8AI score0.00146EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/12 12:42 p.m.32 views

CVE-2026-43912

A flaw was found in Vaultwarden, a Bitwarden-compatible server. A remote attacker with administrative privileges in one organization and low-privileged membership in another could exploit improper enforcement of organization consistency in group management endpoints. This allows the attacker to...

8.7CVSS5.8AI score0.00289EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Fuji Electric Fuji Tellus 安全漏洞

Fuji Electric Fuji Tellus is an interface and control platform for industrial automation and equipment monitoring developed by Fuji Electric in Japan. There is a security vulnerability in Fuji Electric Fuji Tellus, which stems from adding drivers to the kernel during the installation process,...

7.8CVSS5.8AI score0.00146EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/11 9:56 p.m.8 views

CVE-2026-43912 Vaultwarden: Cross-Org Group Binding Enables Unauthorized Read And Write Access Into Another Organization

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, Vaultwarden does not enforce that a groupsusers.usersorganizationsuuid entry belongs to the same organization as groups.groupsuuid, or a collectionsgroups.collectionsuuid entry belongs to the same organization as...

8.7CVSS5.9AI score0.00289EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.12 views

PT-2026-39278

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description In the self-hosted artificial intelligence platform Open WebUI, the is user channel member function fails to verify the is active field when checking channel membership. When a user is removed fro...

5.4CVSS5.8AI score0.00178EPSS
Exploits1References7
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.11 views

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak itself. Keycloak has a security vulnerability, which stems from the fact that the Account REST API is only partially disabled. Five endpoints remain fully functional, and there is no gatekeeper for...

5.4CVSS5.8AI score0.00232EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/16 8:53 p.m.5 views

CVE-2026-40900

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /de2api/datasetData/previewSql endpoint. The user-supplied SQL is wrapped in a subquery without validation that the input is a single SELECT statement...

8.7CVSS6.1AI score0.00342EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/04/14 3:39 p.m.29 views

CVE-2025-61624

An Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' CWE-22 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.7.0, FortiPAM 1.6 all versions,...

6CVSS0.00498EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/11 1:21 a.m.9 views

CVE-2026-39429

kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.30.3 and 0.29.3, the cache server is directly exposed by the root shard and has no authentication or authorization in place. This allows anyone who can access the root shard...

9.1CVSS5.8AI score0.00436EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/08 8:16 p.m.18 views

CVE-2026-39429 kcp's cache server is accessible without authentication or authorization checks

kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.30.3 and 0.29.3, the cache server is directly exposed by the root shard and has no authentication or authorization in place. This allows anyone who can access the root shard...

8.2CVSS0.00436EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/01 8:9 a.m.2 views

CVE-2026-4370 Improper TLS Client/Server authentication and certificate verification on Database Cluster

A vulnerability was identified in Juju from version 3.2.0 until 3.6.19 and from version 4.0 until 4.0.4, where the internal Dqlite database cluster fails to perform proper TLS client and server authentication. Specifically, the Juju controller's database endpoint does not validate client...

10CVSS5.9AI score0.00381EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/01 6:31 a.m.6 views

EUVD-2025-209160

The Order Notification for WooCommerce WordPress plugin before 3.6.3 overrides WooCommerce's permission checks to grant full access to all unauthenticated requests, enabling complete read/write access to store resources like products, coupons, and customers...

9.1CVSS5.9AI score0.00237EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/01 6:0 a.m.4 views

CVE-2025-15484

The Order Notification for WooCommerce WordPress plugin before 3.6.3 overrides WooCommerce's permission checks to grant full access to all unauthenticated requests, enabling complete read/write access to store resources like products, coupons, and customers...

9.1CVSS5.9AI score0.00237EPSS
Exploits0References1
OSV
OSV
added 2026/03/12 2:22 p.m.5 views

GHSA-RCP6-88MM-9VGF Copyparty has unexpected JavaScript execution via crafted URL to folder with `.prologue.html`

If an attacker has been given both read- and write-permissions to the server, they can upload a malicious file with the filename .prologue.html and then craft a link to potentially execute arbitrary JavaScript in the victim's context. Note that it is intended behavior that the JavaScript would...

3.7CVSS5.9AI score0.00162EPSS
Exploits0References4
NVD
NVD
added 2026/03/11 9:16 p.m.8 views

CVE-2026-32109

Copyparty is a portable file server. Prior to 1.20.12, if an attacker has been given both read- and write-permissions to the server, they can upload a malicious file with the filename .prologue.html and then craft a link to potentially execute arbitrary JavaScript in the victim's context. Note th...

4.4CVSS0.00162EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/11 8:16 p.m.4 views

CVE-2026-32109 Copyparty has unexpected JavaScript execution via crafted URL to folder with `.prologue.html`

Copyparty is a portable file server. Prior to 1.20.12, if an attacker has been given both read- and write-permissions to the server, they can upload a malicious file with the filename .prologue.html and then craft a link to potentially execute arbitrary JavaScript in the victim's context. Note th...

3.7CVSS5.9AI score0.00162EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/11 1:19 p.m.7 views

CVE-2025-41710

An unauthenticated remote attacker may use hardcodes credentials to get access to the previously activated FTP Server with limited read and write privileges...

6.5CVSS5.8AI score0.00387EPSS
Exploits0References1
Rows per page
Query Builder