Lucene search
+L

159 matches found

CVE
CVE
added 1 hour ago7 views

CVE-2026-21761

HCL DevOps Loop is affected by a Cross-Origin Resource Sharing CORS misconfiguration. Improper CORS configuration may allow unauthorized cross-origin requests, potentially exposing application resources to untrusted domains...

4.2CVSS5.3AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 3 days ago5 views

CVE-2026-59835

A exposure of resource to wrong sphere vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.3 through 4.4.8 may allow an unauthenticated attacker to access the VNC server of VMs performing scanning via network requests...

8.6CVSS6.1AI score0.00421EPSS
Exploits0References1
NVD
NVD
added 2026/07/03 9:16 p.m.6 views

CVE-2026-14611

A vulnerability has been found in DeepMyst Mysti up to 0.4.0. The affected element is the function initProjectMemory of the file src/managers/MemoryManager.ts of the component Per-Project Auto-Memory Handler. Such manipulation of the argument workspacePath leads to exposure of resource. The attac...

5.3CVSS0.00253EPSS
Exploits0References8
CVE
CVE
added 2026/07/03 9:0 p.m.20 views

CVE-2026-14611

DeepMyst Mysti (up to 0.4.0) is affected by a vulnerability in MemoryManager.ts initProjectMemory where manipulating workspacePath can cause resource exposure. The issue is exploitable remotely and is fixed by upgrading to version 0.4.0; the patch is identified as 6d709229b5199f6769fb3cf763e5122d...

5.3CVSS5.5AI score0.00253EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.12 views

PT-2026-55651

Name of the Vulnerable Software and Affected Versions DeepMyst Mysti versions prior to 0.4.0 Description Remote manipulation of the workspacePath argument within the initProjectMemory function, located in the src/managers/MemoryManager.ts file of the Per-Project Auto-Memory Handler component, can...

5.3CVSS5.9AI score0.00253EPSS
Exploits0References13
Veracode
Veracode
added 2026/06/23 8:8 a.m.12 views

Improper Access Control

LangGraph Python SDK is vulnerable to Improper Access Control. The vulnerability is due to unsafe URL path construction using unsanitized user-supplied identifiers, where special characters in identifier values can alter the intended request path and target unintended resources, allowing attacker...

9.1CVSS5.8AI score0.00216EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-48108

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, russh did not enforce the SSH identification-string rules as...

5.3CVSS5.6AI score0.00277EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/10 8:24 p.m.12 views

CVE-2026-48108 Russh: SSH identification parsing accepted non-canonical client banners and did not bound pre-banner input

Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, russh did not enforce the SSH identification-string rules as deliberately as OpenSSH. In particular, the server-side identification reader used the same permissive path as the client, allowing...

5.3CVSS5.5AI score0.00277EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/10 8:24 p.m.8 views

CVE-2026-48108

Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, russh did not enforce the SSH identification-string rules as deliberately as OpenSSH. In particular, the server-side identification reader used the same permissive path as the client, allowing...

5.3CVSS5.5AI score0.00277EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.17 views

PT-2026-48546

Name of the Vulnerable Software and Affected Versions russh versions 0.34.0-beta.1 through 0.60.0 Description russh did not strictly enforce SSH identification-string rules. The server-side identification reader used a permissive path that allowed clients to send pre-banner lines and did not...

5.3CVSS5.6AI score0.00277EPSS
Exploits0References5
NVD
NVD
added 2026/04/10 8:16 p.m.6 views

CVE-2026-40168

Postiz is an AI social media scheduling tool. Prior to 2.21.5, the /api/public/stream endpoint is vulnerable to SSRF. Although the application validates the initially supplied URL and blocks direct private/internal hosts, it does not re-validate the final destination after HTTP redirects. As a...

8.2CVSS0.00371EPSS
Exploits1References3
Snyk
Snyk
added 2026/04/09 5:32 p.m.3 views

Exposure of Resource to Wrong Sphere

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere in the handling of shared reply MEDIA references, where paths are treated as trusted. An attacker can cause unauthorized access to local files by...

5.9CVSS5.8AI score0.00181EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.8 views

PT-2026-31033

Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure.This issue affects non release branches...

8.8CVSS5.9AI score0.00263EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/03 9:51 p.m.2 views

Server-side Request Forgery (SSRF)

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the downloadbytesfromurl function. An attacker can cause the server to make arbitrary HTTP or HTTPS requests to...

5.4CVSS6AI score0.00246EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/01 9:9 p.m.5 views

Insecure Default Initialization of Resource

Overview Affected versions of this package are vulnerable to Insecure Default Initialization of Resource due to DNS rebinding protection being disabled by default in HTTP-based servers using StreamableHTTPHandler or SSEHandler. An attacker can access internal resources or invoke tools exposed by...

8.1CVSS5.9AI score0.00455EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.8 views

Intel Processors 安全漏洞

Intel Processors are a series of processors developed by the American company Intel. There are security vulnerabilities in Intel Processors, which stem from the exposure of resources to incorrect ranges, potentially leading to information leaks. System software attackers with privileged access...

5.6CVSS5.8AI score0.00103EPSS
Exploits0References1
NVD
NVD
added 2026/02/24 3:21 p.m.15 views

CVE-2026-27567

Payload is a free and open source headless content management system. Prior to 3.75.0, a Server-Side Request Forgery SSRF vulnerability exists in Payload's external file upload functionality. When processing external URLs for file uploads, insufficient validation of HTTP redirects could allow an...

6.5CVSS0.00288EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/11 7:44 p.m.7 views

CVE-2026-1997

Certain HP OfficeJet Pro printers may expose information if Cross‑Origin Resource Sharing CORS is misconfigured, potentially allowing unauthorized web origins to access device resource. CORS is disabled by default on Pro‑class devices and can only be enabled by an administrator through the Embedd...

6.9CVSS5.5AI score0.00198EPSS
Exploits0References1
OSV
OSV
added 2026/01/27 6:14 p.m.5 views

USN-7981-1 wlc vulnerabilities

It was discovered that wlc did not correctly handle SSL verification. An attacker could possibly use this issue to access sensitive resources. CVE-2026-22250 It was discovered that wlc did not correctly handle API keys. An attacker could possibly use this issue to leak API keys to a malicious...

5.5CVSS5.8AI score0.00164EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/21 9:38 p.m.6 views

EUVD-2026-3774

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.2.0 through 2.54.0, an attacker is able to execute arbitrary JavaScript in a victim user's CVAT UI session, provided that they are able to create a maliciously crafted label in a CVAT task or...

8.6CVSS5.9AI score0.00142EPSS
Exploits0References2
Rows per page
Query Builder