Lucene search
K

296 matches found

Nuclei
Nuclei
added 16 hours ago7 views

vLLM <= 0.23.0 - Anthropic Router Heap Address Information Leak

vLLM = 0.23.0 incompletely fixes CVE-2026-22778. The original fix added sanitizemessage to the OpenAI router but the Anthropic-compatible router /v1/messages echoes strexc directly. id: CVE-2026-54236 info: name: vLLM = 0.23.0 - Anthropic Router Heap Address Information Leak author: kenlacroix...

9.8CVSS6.7AI score0.03816EPSS
Exploits1References2
CVE
CVE
added yesterday9 views

CVE-2026-15538

CVE-2026-15538 affects PrimeFaces PrimeReact up to 10.9.8. The vulnerability is in the API function ObjectUtils.mutateFieldData, where manipulation of the argument Field enables prototype attribute modification (prototype pollution). The attack is stated as remotely exploitable. The issue notes t...

6.5CVSS6.4AI score0.00256EPSS
Exploits0References7
EUVD
EUVD
added 2 days ago9 views

EUVD-2026-43199

A vulnerability was detected in Bahmni bahmnicore up to 0.93. This affects the function additionalParams of the file /openmrs/ws/rest/v1/bahmnicore/sql of the component Search Endpoint. Performing a manipulation of the argument test results in sql injection. The attack can be initiated remotely...

6.5CVSS5.9AI score0.00319EPSS
Exploits0References6
Cvelist
Cvelist
added 2 days ago36 views

CVE-2026-15473 Eleveo Call Recording Software Recorded Calls restoreCallAction.do improper authorization

A vulnerability was identified in Eleveo Call Recording Software 9.7.0. This issue affects some unknown processing of the file /callrec/restoreCallAction.do of the component Recorded Calls Page. The manipulation leads to improper authorization. The attack is possible to be carried out remotely. T...

6.5CVSS0.00201EPSS
Exploits0References5
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-15375 Eleveo Call Recording Software LDAP User users_ldap.jsp improper authorization

A vulnerability has been found in Eleveo Call Recording Software 9.7.0. This impacts an unknown function of the file /callrec/usersldap.jsp of the component LDAP User Interface. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed ...

5.3CVSS0.00203EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago9 views

EUVD-2026-42869

Dell PowerFlex Manager, Version prior to 5.1.0.1, contains an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure...

7.7CVSS6.1AI score0.00215EPSS
Exploits0References1
HPE Security Bulletins
HPE Security Bulletins
added 2026/07/07 12:0 a.m.6 views

HPESBNW05038 rev.1 - HPE Networking Instant On Switch Remote Unauthenticated Disclosure of Cryptographic Secrets

Potential Security Impact: Local: Access Restriction Bypass SUPPORTED SOFTWARE VERSIONS: ONLY impacted versions are listed. Aruba Instant On 1930 Switch Series - Please refer to the Vulnerability Summary for Affected Version Information Affected Products HPE Networking Instant On 1830, 1930, and...

6.5CVSS6.1AI score0.00277EPSS
Exploits0
OSV
OSV
added 2026/07/06 5:41 p.m.4 views

GHSA-H9F9-H6GM-WC85 flyto-core has Unauthenticated Command Execution via HTTP MCP `execute_module`

Unauthenticated Command Execution via HTTP MCP executemodule Summary The HTTP MCP endpoint POST /mcp in flyto-core accepts unauthenticated JSON-RPC tools/call requests and dispatches them to arbitrary registered modules, including sandbox.executeshell, which passes attacker-controlled input...

8.4CVSS6.4AI score
Exploits0References2
CVE
CVE
added 2026/07/06 12:0 a.m.12 views

CVE-2026-14784

CVE-2026-14784 affects vxcontrol PentAGI up to 2.1.0, involving the Docker API client (backend/pkg/docker/client.go) and a sandbox issue in an unknown function. The advisory notes a remote-initiated attack vector, with a pull request to fix this issue awaiting acceptance. There are no details in ...

6.5CVSS6.2AI score0.00228EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/05 8:0 p.m.7 views

EUVD-2026-41778

A weakness has been identified in code-projects Real State Services 1.0. This vulnerability affects unknown code of the file /builderHome.php. This manipulation of the argument loc causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the...

7.5CVSS6.8AI score0.00269EPSS
Exploits0References6
NVD
NVD
added 2026/07/05 1:16 p.m.7 views

CVE-2026-14747

A vulnerability was detected in code-projects Real State Services 1.0. Affected by this vulnerability is an unknown functionality of the file /addprojectsale.php. The manipulation of the argument amen results in sql injection. The attack can be launched remotely...

7.5CVSS0.00269EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.10 views

PT-2026-55831

Name of the Vulnerable Software and Affected Versions itsourcecode Hospital Management System version 1.0 Description A SQL injection issue exists in the /paymentdischarge.php endpoint. This occurs when the patientid variable is manipulated, allowing a remote attacker to execute unauthorized...

6.5CVSS6.8AI score0.00204EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/07/04 8:15 a.m.10 views

CVE-2026-14621

A vulnerability has been found in FederatedAI FATE up to 2.2.0. This affects the function QueuePushReqStreamObserver.initEggroll of the file java/osx/osx-broker/src/main/java/org/fedai/osx/broker/grpc/QueuePushReqStreamObserver.java of the component OSX Broker. Such manipulation of the argument...

3.1CVSS5.1AI score0.00299EPSS
Exploits0References7Affected Software1
EUVD
EUVD
added 2026/07/03 9:0 p.m.8 views

EUVD-2026-41610

A vulnerability has been found in DeepMyst Mysti up to 0.4.0. The affected element is the function initProjectMemory of the file src/managers/MemoryManager.ts of the component Per-Project Auto-Memory Handler. Such manipulation of the argument workspacePath leads to exposure of resource. The attac...

5.3CVSS5.5AI score0.00253EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.15 views

PT-2026-54455

Name of the Vulnerable Software and Affected Versions Modem affected versions not specified Description Improper input validation in the modem allows for remote information disclosure. This occurs when a User Equipment UE connects to a rogue base station controlled by an attacker. The exploitatio...

5.3CVSS6.2AI score0.00174EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.15 views

PT-2026-53277

Name of the Vulnerable Software and Affected Versions itsourcecode Hospital Management System version 1.0 Description A SQL injection issue exists in the /insertbillingrecord.php endpoint. This occurs when the patientid argument is manipulated, allowing a remote attacker to execute arbitrary SQL...

6.5CVSS6.9AI score0.002EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/06/19 1:52 p.m.9 views

Tilt: Unauthenticated pprof debug endpoints on the Tilt HUD server

Summary The Tilt HUD server mounts Go's net/http/pprof handlers under /debug with no access control. When the HUD is network-exposed, an attacker can read process memory — including session and apiserver tokens — and hold the process under profiling. Details A blank import of net/http/pprof...

8.3CVSS6AI score0.00384EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.19 views

PT-2026-50978

Name of the Vulnerable Software and Affected Versions Tilt versions 0.19.5 through 0.37.3 Description The Tilt HUD server mounts Go's net/http/pprof handlers under the '/debug' endpoint without access control. When the HUD is network-exposed, an unauthenticated caller can read process memory via...

8.3CVSS6AI score0.00384EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.13 views

Qnap QTS Incorrect Permission Assignment for Critical Resource (CVE-2025-66276)

QuTS hero is not affected. We have already fixed the vulnerability in the following version: QTS 5.2.7.3256 build 20250913 and later This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

9.8CVSS5.3AI score0.0029EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.25 views

PT-2026-47344

OpenBullet2 through version 0.3.2 on Windows contains a credential disclosure vulnerability that allows remote attackers to capture the NTLMv2 hash of the process user by configuring a job proxy source with a UNC path pointing to an attacker-controlled server. When the job starts, the application...

7.1CVSS5.5AI score0.00314EPSS
Exploits0References3
Rows per page
Query Builder