Lucene search
K

22661 matches found

CVE
CVE
added 6 days ago8 views

CVE-2026-59153

Anki’s local HTTP server vulnerability (CVE-2026-59153) affects Anki prior to version 25.09.3. The embedded local server serving media/files did not sufficiently block cross-origin requests from other origins, enabling potential side-effecting requests from malicious sites. The CVSS-based data in...

2.1CVSS6AI score0.00181EPSS
Exploits0References4
OSV
OSV
added 6 days ago15 views

ROOT-APP-MAVEN-CVE-2022-42004 CVE-2022-42004 in io.root.com.fasterxml.jackson.core:jackson-databind - Patched by Root

Root has patched CVE-2022-42004 in the io.root.com.fasterxml.jackson.core:jackson-databind package for Root:Maven. Multiple fixed versions available...

7.5CVSS6.7AI score0.02656EPSS
Exploits1
Github Security Blog
Github Security Blog
added 6 days ago5 views

New API is vulnerable to CSRF through user email binding

Summary The email and WeChat account binding endpoints used GET requests for state-changing account operations. In deployments where session cookies could be sent on cross-site navigations, an attacker could trigger a logged-in user's browser to bind an attacker-controlled email address or OAuth...

5.3CVSS5.9AI score0.00187EPSS
Exploits0References3Affected Software1
OSV
OSV
added 6 days ago5 views

ROOT-APP-PYPI-CVE-2024-23829 CVE-2024-23829 in rootio-aiohttp - Patched by Root

Root has patched CVE-2024-23829 in the rootio-aiohttp package for Root:PyPI. Multiple fixed versions available...

6.5CVSS6.7AI score0.0102EPSS
Exploits1
OSV
OSV
added 6 days ago17 views

ROOT-APP-PYPI-CVE-2026-34525 CVE-2026-34525 in rootio-aiohttp - Patched by Root

Root has patched CVE-2026-34525 in the rootio-aiohttp package for Root:PyPI. Multiple fixed versions available...

5.3CVSS5.8AI score0.00288EPSS
Exploits0
OSV
OSV
added 6 days ago6 views

RLSA-2026:34355 Moderate: mod_http2 security, bug fix, and enhancement update

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: modhttp2: Apache HTTP Server modhttp2: Use After Free vulnerability allows arbitrary code execution or denial of service. CVE-2026-48913 httpd: Apache HTTP Server:...

7.3CVSS6.6AI score0.00525EPSS
Exploits0References3
OSV
OSV
added 6 days ago4 views

RLSA-2026:35826 Important: grafana-pcp security update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via...

8.2CVSS6.6AI score0.00478EPSS
Exploits0References2
PyPA
PyPA
added 6 days ago5 views

Invalid char to bool conversion when printing a tensor

ImpactWhen printing a tensor, we get it's data as a const char array since that's the underlying storage and then we typecast it to the element type. However, conversions from char to bool are undefined if the char is not 0 or 1, so sanitizers/fuzzers will crash. PatchesWe have patched the issue ...

7.5CVSS7.1AI score0.00389EPSS
Exploits0References7Affected Software1
OSV
OSV
added 6 days ago4 views

ROOT-APP-PYPI-CVE-2024-28219 CVE-2024-28219 in rootio-pillow - Patched by Root

Root has patched CVE-2024-28219 in the rootio-pillow package for Root:PyPI. Multiple fixed versions available...

6.7CVSS6.5AI score0.00989EPSS
Exploits0
NVD
NVD
added 6 days ago12 views

CVE-2026-42200

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, PostgreSQL initialization script generateinitscripts method in app/Actions/Database/StartPostgresql.php filename handling did not sufficiently restrict paths, allowing an...

8.8CVSS0.00542EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago29 views

CVE-2026-42143 Coolify: OS Command Injection via Persistent Volume Names - Root RCE on Managed Servers

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, user-controlled persistent volume names are interpolated into shell commands executed on managed servers without escaping or validation, allowing an authenticated member to...

8.8CVSS0.00435EPSS
Exploits0References3
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-34168 Coolify: Command injection via unsanitized persistent storage name in docker volume commands

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the LocalPersistentVolume.name field is interpolated directly into docker volume shell commands without shell argument escaping, allowing an authenticated user to set a...

8.8CVSS0.00403EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-56264

Name of the Vulnerable Software and Affected Versions FastGPT versions prior to v4.15.0-beta5 Description Two file handlers fail to verify if a requested S3 object key belongs to the caller's team. Since S3 object keys are global within a bucket and only include the tenant ID as a path segment, a...

8.6CVSS6.1AI score0.00299EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 6 days ago13 views

PT-2026-56246

Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description Authenticated users can perform unauthorized actions on export tasks belonging to other users by manipulating the task ID parameter. Affected actions include downloading files via the...

8.7CVSS6.1AI score0.00391EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-56138

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.474 Description An issue exists in the file upload endpoint app/Http/Controllers/UploadController.php used for database backup restore uploads. The system fails to enforce file type or size validation, whic...

3.1CVSS6.1AI score0.0025EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-56247

Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description The '/de2api/datasetData/previewSql' endpoint lacks the mandatory @DePermit permission validation annotation. This allows any authenticated user to set the datasourceId variable to -1, granting...

8.7CVSS6.3AI score0.00235EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added last week5 views

CVE-2026-53641

FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have a stored cross-site scripting XSS vulnerability in the client-facing email history views of FOSSBilling. Email HTML content contenthtml is rendered into a JavaScript template literal using t...

4.8CVSS5.9AI score0.00286EPSS
Exploits0References2Affected Software1
NVD
NVD
added last week7 views

CVE-2026-34050

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the Settings/Updates Livewire component does not check isInstanceAdmin in its mount method, allowing non-admin users to access the Updates settings page and potentially...

6.5CVSS0.00213EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added last week7 views

CVE-2026-42204

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. From 4.0.0-beta.471 through 4.0.0-beta.473, a regression in SHELLSAFECOMMANDPATTERN allowed ampersands in custom Docker Compose build, start, and pre/post-deployment command fields, allowing an...

8.8CVSS6AI score0.00359EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added last week6 views

Coder's session token leaked to arbitrary hosts via `coder open app` for external workspace apps

Summary coder open app opens external workspace-app URLs without validating the scheme or host. When an external app URL contains the $SESSIONTOKEN placeholder the CLI replaces it with the user's real session token before handing the URL to the OS open handler. Note: Practical exploitation requir...

7.7CVSS6.1AI score0.00336EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder