Lucene search
K

252948 matches found

OSV
OSV
added 2026/05/14 2:57 p.m.4 views

GHSA-M99R-2HXC-CP3Q Flowise has an MCP Security Bypass that Enables RCE

Summary There are three bypass methods for the security limitations of the Flowise MCP feature, and attackers can execute arbitrary commands by combining these three methods Details 【Vulnerability one】The Docker build subcommand not being on the blocklist leads to remote code execution The attack...

8.7CVSS6.7AI score
Exploits0References3
Patchstack
Patchstack
added 2026/05/14 2:57 p.m.23 views

NPM: Flowise has an MCP Security Bypass that Enables RCE

NPM: Flowise has an MCP Security Bypass that Enables RCE vulnerability discovered by ? in WordPress Npm flowise-components versions = 3.1.1...

5.8AI score
Exploits0References3Affected Software1
CVE
CVE
added 2026/05/14 2:51 p.m.13 views

CVE-2026-44482

CVE-2026-44482 affects the SoundCloud Client app (soundcloud-rpc) built on Electron. Before 0.1.8, a track title could contain an HTML payload that, via the preload API window.soundcloudAPI.sendTrackUpdate and IPC to the Electron main process, is rendered as raw HTML in privileged views with Node...

9.6CVSS6AI score0.00336EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/14 2:51 p.m.51 views

CVE-2026-44482 soundcloud-rpc: Remote Code Execution via XSS in Track Title

soundcloud-rpc is a SoundCloud Client with Discord Rich Presence, Dark Mode, Last.fm and AdBlock support. Prior to 0.1.8, a track title containing an HTML payload executed locally in the Electron app. This means attacker-controlled SoundCloud track metadata can lead to local command execution on...

9.6CVSS0.00336EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/14 2:51 p.m.8 views

CVE-2026-44482 soundcloud-rpc: Remote Code Execution via XSS in Track Title

soundcloud-rpc is a SoundCloud Client with Discord Rich Presence, Dark Mode, Last.fm and AdBlock support. Prior to 0.1.8, a track title containing an HTML payload executed locally in the Electron app. This means attacker-controlled SoundCloud track metadata can lead to local command execution on...

9.6CVSS6AI score0.00336EPSS
Exploits0References1
CVE
CVE
added 2026/05/14 2:30 p.m.17 views

CVE-2026-41937

Summary: CVE-2026-41937 affects Vvveb prior to 1.0.8.3. An unrestricted file upload in the plugin upload endpoint lets super_admin users craft a ZIP (plugin.php with a valid Slug header and public/index.php) that executes arbitrary PHP code as the web server user when accessed at the plugin’s pub...

8.6CVSS6.2AI score0.00403EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/14 2:30 p.m.39 views

CVE-2026-41937 Vvveb < 1.0.8.3 Unrestricted File Upload RCE via Plugin Upload

Vvveb before 1.0.8.3 contains an unrestricted file upload vulnerability in the plugin upload endpoint that allows superadmin users to execute arbitrary PHP code by uploading a malicious plugin ZIP file. Attackers can craft a ZIP containing a plugin.php with a valid Slug header and a...

8.6CVSS0.00403EPSS
Exploits0References3
Microsoft Secure
Microsoft Secure
added 2026/05/14 2:20 p.m.10 views

When configuration becomes a vulnerability: Exploitable misconfigurations in AI apps

In this article 1. Background 2. What is an exploitable misconfiguration? 3. Exploitable misconfigurations in popular AI applications 4. Minimizing the risk: Practical deployment guidance 5. How Microsoft Defender for Cloud helps detect exposures in Kubernetes 6. Learn more AI and agentic...

6.6AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/05/14 2:20 p.m.14 views

When configuration becomes a vulnerability: Exploitable misconfigurations in AI apps

In this article 1. Background 2. What is an exploitable misconfiguration? 3. Exploitable misconfigurations in popular AI applications 4. Minimizing the risk: Practical deployment guidance 5. How Microsoft Defender for Cloud helps detect exposures in Kubernetes 6. Learn more AI and agentic...

6.6AI score
Exploits0
GithubExploit
GithubExploit
added 2026/05/14 2:7 p.m.128 views

FortiGate-FortiWeb-Multi-Exploit-Extractor

FortiGate-FortiWeb-Multi-Exploit-Extractor markdown Fort...

9.8CVSS7.3AI score0.99999EPSS
Exploits61
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/14 1:48 p.m.14 views

Security Bulletin: Security vulnerability in Python affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak

Summary A security vulnerability in Python affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak. Python is used by IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes...

7.8CVSS7.6AI score0.00315EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 1:18 p.m.10 views

CoreShop Vulnerable to Remote Code Execution (RCE) via Insecure `pull_request_target` Configuration

Summary The GitHub Actions workflow .github/workflows/static.yml uses the pullrequesttarget trigger but dangerously checks out the unverified code from the pull request head ref: $ github.event.pullrequest.head.ref . Subsequently, it executes a script bin/console from this untrusted checkout. Thi...

8.2CVSS6.1AI score0.00433EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/05/14 1:18 p.m.5 views

GHSA-Q58J-G3F4-H26H CoreShop Vulnerable to Remote Code Execution (RCE) via Insecure `pull_request_target` Configuration

Summary The GitHub Actions workflow .github/workflows/static.yml uses the pullrequesttarget trigger but dangerously checks out the unverified code from the pull request head ref: $ github.event.pullrequest.head.ref . Subsequently, it executes a script bin/console from this untrusted checkout. Thi...

8.2CVSS6.1AI score0.00433EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/14 1:9 p.m.11 views

Amazon Redshift Vulnerable to Remote Code Execution via Unsafe Class Loading

Summary Amazon Redshift JDBC Driver is a Type 4 JDBC driver that provides database connectivity through the standard JDBC application program interfaces APIs. An issue exists in versions prior to 2.2.2 where the driver could load arbitrary classes when processing certain connection URL parameters...

9.2CVSS6.4AI score0.00573EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/05/14 1:9 p.m.6 views

GHSA-WMMV-VVG5-993Q Amazon Redshift Vulnerable to Remote Code Execution via Unsafe Class Loading

Summary Amazon Redshift JDBC Driver is a Type 4 JDBC driver that provides database connectivity through the standard JDBC application program interfaces APIs. An issue exists in versions prior to 2.2.2 where the driver could load arbitrary classes when processing certain connection URL parameters...

9.2CVSS6.4AI score0.00573EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/05/14 12:37 p.m.120 views

Exploit for CVE-2026-42945

NGINX Rift RCE Exploit CVE-2026-42945 A professional Proof-...

9.2CVSS6.2AI score0.61469EPSS
Exploits40
RedHat Linux
RedHat Linux
added 2026/05/14 12:9 p.m.7 views

GIMP: GIMP: Arbitrary code execution via specially crafted PSD file

A flaw was found in GIMP. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted PSD Photoshop Document file. This flaw is due to an integer overflow during the parsing of PSD files, which can lead to arbitrary code execution, allowing the attacker to run...

7.8CVSS7.4AI score0.00755EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/05/14 12:9 p.m.12 views

Important: Red Hat Security Advisory: gimp:2.8 security update

An update for the gimp:2.8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.8CVSS7.4AI score0.00755EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/05/14 12:9 p.m.9 views

gimp: GIMP: Remote Code Execution via PSP file parsing

A flaw was found in GIMP. A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted PSP PaintShop Pro file. This flaw is caused by a heap-based buffer overflow, where the application does not properly validate the length of user-supplied data. Successful...

7.8CVSS7.7AI score0.00651EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/05/14 12:9 p.m.13 views

gimp: GIMP: Remote Code Execution via XPM File Parsing Integer Overflow

A flaw was found in GIMP. Remote attackers can exploit this vulnerability by tricking a user into opening a malicious XPM X PixMap image file. This can lead to an an integer overflow during file processing, allowing the attacker to execute arbitrary code on the affected system...

7.8CVSS7.5AI score0.00596EPSS
Exploits0References6
Rows per page
Query Builder