Lucene search
+L

33980 matches found

nuclei
nuclei
added 6 hours ago68 views

Dify v1.6.0 - Server-Side Request Forgery

Dify v1.6.0 contains a server side request forgery caused by improper validation in controllers.console.remotefiles.RemoteFileUploadApi, letting attackers make arbitrary requests from the server, exploit requires network access. id: CVE-2025-56520 info: name: Dify v1.6.0 - Server-Side Request...

5.3CVSS6.2AI score0.00649EPSS
Exploits1References2
nuclei
nuclei
added 6 hours ago121 views

Fastjson Insecure Deserialization - Remote Code Execution

parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi-// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is...

10CVSS7.4AI score0.3897EPSS
Exploits2References6
nuclei
nuclei
added 6 hours ago31 views

webp_server_go 0.4.0 - Path Traversal

webpservergo 0.4.0 contains a path traversal caused by insufficient sanitization in file handling, letting attackers read arbitrary files on the server, exploit requires attacker to send crafted requests. id: CVE-2021-46104 info: name: webpservergo 0.4.0 - Path Traversal author: pikpikcu severity...

7.5CVSS7AI score0.04231EPSS
Exploits1References1
nuclei
nuclei
added 6 hours ago65 views

kkFileView 4.0 - Server-Side Request Forgery

kkFileView 4.0 contains a server-side request forgery caused by improper validation in OnlinePreviewController.java, letting attackers induce the server to make arbitrary requests, exploit requires sending crafted requests. id: CVE-2022-42149 info: name: kkFileView 4.0 - Server-Side Request Forge...

9.8CVSS7.1AI score0.0219EPSS
Exploits0References2
nuclei
nuclei
added 6 hours ago9 views

LobeHub LobeChat <= 2.1.56 - Server-Side Request Forgery

LobeHub LobeChat versions up to and including 2.1.56 are vulnerable to an unauthenticated server-side request forgery vulnerability in the /webapi/proxy endpoint. The endpoint accepts a URL in the POST request body and fetches it server-side without authentication. id: CVE-2026-54157 info: name:...

9CVSS6.1AI score0.0178EPSS
Exploits0References2
nuclei
nuclei
added 6 hours ago33 views

Journyx - XML External Entities Injection (XXE)

The "soapcgi.pyc" API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources. id: CVE-2024-6893 info: name: Journyx - XML...

7.5CVSS7AI score0.32916EPSS
Exploits3
nuclei
nuclei
added 6 hours ago82 views

DATAGERRY - REST API Auth Bypass

Incorrect access control in BECN DATAGERRY v2.2 allows attackers to execute arbitrary commands via crafted web requests. id: CVE-2024-46627 info: name: DATAGERRY - REST API Auth Bypass author: gy741 severity: critical description: | Incorrect access control in BECN DATAGERRY v2.2 allows attackers...

9.1CVSS6.3AI score0.04099EPSS
Exploits0References5
nuclei
nuclei
added 6 hours ago46 views

LoLLMS WebUI - Subfolder Prediction via Path Traversal

A Path Traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'addreferencetolocalmode' function due to the lack of input sanitization. This vulnerability affects versions v9.6 to the latest. id: CVE-2024-4841 info: name: LoLLMS WebUI - Subfolder Prediction via Path...

4CVSS6.1AI score0.00674EPSS
Exploits1
nuclei
nuclei
added 6 hours ago34 views

ChanCMS <= 3.3.0 - Server-Side Request Forgery

yanyutao0402 ChanCMS 3.3.0 contains a server-side request forgery caused by manipulation of the "taskUrl" argument in /cms/collect/getArticle, letting remote attackers make arbitrary requests, exploit requires no special privileges. id: CVE-2025-10211 info: name: ChanCMS = 3.3.0 - Server-Side...

6.5CVSS6.7AI score0.00649EPSS
Exploits0References2
nuclei
nuclei
added 6 hours ago35 views

St. Joe ERP system - SQL Injection

A SQL injection vulnerability exists in the St. Joe ERP system "圣乔ERP系统" that allows unauthenticated remote attackers to execute arbitrary SQL commands via crafted HTTP POST requests to the login endpoint. The application fails to properly sanitize user-supplied input before incorporating it into...

9.8CVSS6.3AI score0.02899EPSS
Exploits1References2
nvd
nvd
added 7 hours ago6 views

CVE-2026-15005

The Loco Translate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.5. This is due to missing or incorrect nonce validation on the execTemplate function. This makes it possible for unauthenticated attackers to execute arbitrary PHP code on...

8.8CVSS
Exploits0References10
euvd
euvd
added 14 hours ago5 views

EUVD-2026-44858

The Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.3.6. This is due to missing or incorrect nonce validation on the ulpbadminajax function. Thi...

4.3CVSS6.1AI score
Exploits0References6
nvd
nvd
added yesterday6 views

CVE-2026-53446

Wekan is open source kanban built with Meteor. Prior to 9.32, Wekan webhook integration URLs in models/integrations.js are stored from user input and later fetched by server/notifications/outgoing.js without applying the existing validateAttachmentUrl private-network checks from...

6.2CVSS0.00018EPSS
Exploits0References3
cvelist
cvelist
added yesterday24 views

CVE-2026-53446 Wekan: Server-Side Request Forgery (SSRF) via webhook integration URLs

Wekan is open source kanban built with Meteor. Prior to 9.32, Wekan webhook integration URLs in models/integrations.js are stored from user input and later fetched by server/notifications/outgoing.js without applying the existing validateAttachmentUrl private-network checks from...

6.2CVSS0.00018EPSS
Exploits0References3
nvd
nvd
added yesterday5 views

CVE-2026-59258

immich before 3.0.3 contains a broken access control vulnerability in the PUT /albums/:id/user/:userId endpoint that allows shared album editors to modify member roles without owner-only restrictions. Attackers with editor access can demote the album owner to editor and promote themselves to owne...

8.3CVSS
Exploits0References5
nvd
nvd
added yesterday5 views

CVE-2026-53518

Better Auth is an authentication and authorization library for TypeScript. From 1.6.0 until 1.6.11, the @better-auth/oauth-provider POST /oauth2/token endpoint for the authorizationcode grant redeems a single-use authorization code through a non-atomic find-then-delete sequence, allowing two...

7.6CVSS0.00029EPSS
Exploits0References3
nvd
nvd
added yesterday6 views

CVE-2026-53517

Better Auth is an authentication and authorization library for TypeScript. From 1.4.8-beta.7 until 1.6.11, the @better-auth/oauth-provider POST /oauth2/token endpoint on the refreshtoken grant performs a non-atomic read, validate, revoke, and mint sequence on the oauthRefreshToken row, allowing...

8.1CVSS0.00029EPSS
Exploits0References3
euvd
euvd
added yesterday4 views

EUVD-2026-44745

Better Auth is an authentication and authorization library for TypeScript. From 1.4.8-beta.7 until 1.6.11, the @better-auth/oauth-provider POST /oauth2/token endpoint on the refreshtoken grant performs a non-atomic read, validate, revoke, and mint sequence on the oauthRefreshToken row, allowing...

8.1CVSS6.1AI score0.00029EPSS
Exploits0References3
cve
cve
added yesterday20 views

CVE-2026-20296

The provided records identify CVE-2026-20296 as a CSRF-based bypass in Splunk Deployment Server within Splunk Enterprise and Splunk Cloud Platform. Affected versions are Splunk Enterprise below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform below 10.5.2605.0, 10.4.2604.7, 10.3.2512...

8.3CVSS6.2AI score
Exploits0References1
cve
cve
added yesterday12 views

CVE-2026-53518

CVE-2026-53518 affects the Better Auth ecosystem, specifically the @better-auth/oauth-provider token endpoint for the authorization_code grant (and legacy paths via oidc-provider/mcp plugins). A race condition arises from a non-atomic find-then-delete when redeeming a single-use authorization cod...

7.6CVSS6.2AI score0.00029EPSS
Exploits0References3
Rows per page
Query Builder