Lucene search
+L

256 matches found

nuclei
nuclei
added 5 hours ago16 views

MagicMirror <= 2.35.0 - Server-Side Request Forgery

An unauthenticated Server-Side Request Forgery SSRF vulnerability in the /cors endpoint allows any remote attacker to force the MagicMirror² server to perform arbitrary HTTP requests to internal networks, cloud metadata services, and localhost services. The endpoint also expands environment...

9.2CVSS6.2AI score0.01623EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2 days ago5 views

PT-2026-60111

Name of the Vulnerable Software and Affected Versions Woodpecker CI versions v1.0.0 through v3.15.0 Description A privilege escalation issue exists in instances using the Kubernetes backend. The pipeline option backend options.kubernetes.serviceAccountName is passed directly to the pod spec witho...

8.2CVSS6.2AI score
Exploits0References5
ptsecurity
ptsecurity
added 2026/07/09 12:0 a.m.8 views

PT-2026-56826

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.61 n8n versions prior to 2.27.4 n8n versions prior to 2.28.1 Description An authenticated member with use-only editor access to a shared workflow can read credential-populated headers exposed via the $request object...

7.1CVSS6.1AI score0.00294EPSS
Exploits0References8
euvd
euvd
added 2026/07/08 3:8 p.m.8 views

EUVD-2026-42299

ToolJet is an open-source low-code platform for building internal tools. Prior to 3.20.180, ToolJet's render preview deployment workflow interpolates github.event.comment.body directly into a bash conditional in a run step, allowing any GitHub user who can comment on an open pull request with a...

4.7CVSS6.1AI score0.00171EPSS
Exploits0References1
cvelist
cvelist
added 2026/07/06 8:48 p.m.33 views

CVE-2026-34038 Coolify authenticated remote command injection leading to RCE and secret exfiltration

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, an authenticated remote command injection vulnerability in application deployment handling allows users with application write permissions to achieve remote code execution...

9.9CVSS0.02539EPSS
Exploits1References4
cve
cve
added 2026/07/06 8:48 p.m.14 views

CVE-2026-34038

CVE-2026-34038 affects Coolify prior to 4.0.0-beta.469. An authenticated user with application write permissions could trigger remote command execution via the deployment handling pipeline, and exfiltrate sensitive environment variables through deployment logs (e.g., via dockerfile_location and d...

9.9CVSS6.6AI score0.02539EPSS
Exploits1References4
osv
osv
added 2026/07/06 8:48 p.m.4 views

CVE-2026-34038 Coolify authenticated remote command injection leading to RCE and secret exfiltration

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, an authenticated remote command injection vulnerability in application deployment handling allows users with application write permissions to achieve remote code execution...

9.9CVSS6.6AI score0.02539EPSS
Exploits1References6
nvd
nvd
added 2026/06/30 5:16 p.m.8 views

CVE-2026-58370

Woodpecker before 3.15.0 matches the ApprovalAllowedUsers bypass list against pipeline.Author. For the GitLab forge driver, pipeline.Author is populated from the git commit author name commit.author.name carried in the webhook payload, which is attacker-controlled and not verified by GitLab. A us...

9.2CVSS0.00546EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/30 12:0 a.m.9 views

PT-2026-53928

Name of the Vulnerable Software and Affected Versions Woodpecker versions prior to 3.15.0 Description When using the GitLab forge driver, the system matches the ApprovalAllowedUsers bypass list against the pipeline.Author variable. The pipeline.Author is populated from the commit.author.name...

9.2CVSS6.1AI score0.00546EPSS
Exploits0References10
ossf
ossf
added 2026/06/26 2:13 p.m.7 views

Malicious code in @epsteinlovekids483/crossmint-wallets-sdk-pentest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e43e5a418541bb3e485010eba536ecc9f1483dba866af53ff4a760684409213 Package's main entry dist/index.cjs unconditionally requires dist/shai-hulud.js at module load. On require, the code harvests installer secrets —...

5.9AI score
Exploits0References9
osv
osv
added 2026/06/25 6:43 p.m.5 views

GO-2026-5365 Gitea: API Fork Missing CanCreateOrgRepo Check Allows Org Secret Exfiltration in code.gitea.io/gitea

Gitea: API Fork Missing CanCreateOrgRepo Check Allows Org Secret Exfiltration in code.gitea.io/gitea...

8.1CVSS5.8AI score0.00304EPSS
Exploits0References1
snyk
snyk
added 2026/06/17 6:8 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the POST /api/v1/repos/owner/repo/forks API endpoint, which fails to enforce the required organization repository creation permissions. An attacker can gain administrative control over a new repository within...

8.6CVSS5.9AI score0.00304EPSS
Exploits0References2
github
github
added 2026/06/17 6:8 p.m.24 views

Gitea: API Fork Missing CanCreateOrgRepo Check Allows Org Secret Exfiltration

Summary The API endpoint POST /api/v1/repos/owner/repo/forks only checks IsOrgMember when a user forks a repository into an organization, but does not check CanCreateOrgRepo. The web UI fork handler correctly checks both. This allows a read-only organization member — in a team with...

8.1CVSS6AI score0.00304EPSS
Exploits0References2Affected Software1
osv
osv
added 2026/06/17 6:8 p.m.6 views

GHSA-FHX7-M96W-MV29 Gitea: API Fork Missing CanCreateOrgRepo Check Allows Org Secret Exfiltration

Summary The API endpoint POST /api/v1/repos/owner/repo/forks only checks IsOrgMember when a user forks a repository into an organization, but does not check CanCreateOrgRepo. The web UI fork handler correctly checks both. This allows a read-only organization member — in a team with...

8.1CVSS6AI score0.00304EPSS
Exploits0References2
osv
osv
added 2026/06/17 5:4 p.m.14 views

MAL-2026-6067 Malicious code in scan-only (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a7779ff21d9783e1026e13a7abf65e448c5f3d3d111f3cae539f3690e53a2b4 The CLI binary at bin/scan-only.js, when invoked e.g., via npx scan-only --diagnose, harvests installer-side secrets and ships them to a hardcoded...

6.2AI score
Exploits0References14
osv
osv
added 2026/06/16 10:20 p.m.8 views

MAL-2026-5934 Malicious code in ssr-auth-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fe43338279cb894ffacc18ef9ec757d4b4fa8b603672b0bedcb4c00d9f8a806 On require'ssr-auth-sync', index.js loads lib/writer.js, which immediately fetches a base64-hidden URL https://www.jsonkeeper.com/b/PJNZP, an anonymo...

5.8AI score
Exploits0References2
osv
osv
added 2026/06/16 9:0 p.m.8 views

GHSA-F989-C77F-R2CQ Crawl4AI: LLM credential exfiltration in Docker server via request base_url and env: token resolution

Summary The Docker API server let a request control where LLM calls were sent and which environment variable an LLM token resolved from. Both could be abused to exfiltrate server-held secrets. The Docker API is unauthenticated by default. Vector 1 - attacker baseurl /md, /llm, and /llm/job accept...

8.2CVSS5.6AI score0.00254EPSS
Exploits0References2
ossf
ossf
added 2026/06/15 5:23 p.m.11 views

Malicious code in flowdefi (npm)

flow/surf-lending DeFi cred-exfil campaign sibling c1655. preinstall node index.js || true exfils env secrets to raw C2 2.25.140.71:8443/surflending/npm-confusion verified identical. No-renotify. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

5.4AI score
Exploits0References3
osv
osv
added 2026/06/15 5:23 p.m.9 views

MAL-2026-5806 Malicious code in flowdefi (npm)

flow/surf-lending DeFi cred-exfil campaign sibling c1655. preinstall node index.js || true exfils env secrets to raw C2 2.25.140.71:8443/surflending/npm-confusion verified identical. No-renotify. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

5.5AI score
Exploits0References3
ossf
ossf
added 2026/06/15 5:23 p.m.21 views

Malicious code in surf-lending (npm)

Sibling of [email protected] campaign C2 path /surflending/. Sentinel-9.9.9 dep-confusion squat; preinstall node index.js || true exfils env secrets mnemonic/key/token/blockfrost to raw C2 2.25.140.71:8443/surflending/npm-confusion. c913 + c252. --- -= Per source details. Do not edit below this...

5.4AI score
Exploits0References3
Rows per page
Query Builder