Lucene search
K

1097 matches found

Vulnrichment
Vulnrichment
added 2026/05/08 10:51 p.m.11 views

CVE-2026-42451 Grimmory: Stored XSS via Malicious EPUB Enables Session Token Theft

Grimmory is a self-hosted digital library. Prior to version 2.3.1, a stored cross-site scripting XSS vulnerability in Grimmory's browser-based EPUB reader allows an attacker to embed arbitrary JavaScript in a crafted EPUB file. When a victim opens the book, the script executes in their browser wi...

6.3CVSS5.7AI score0.00136EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/08 10:51 p.m.32 views

CVE-2026-42451 Grimmory: Stored XSS via Malicious EPUB Enables Session Token Theft

Grimmory is a self-hosted digital library. Prior to version 2.3.1, a stored cross-site scripting XSS vulnerability in Grimmory's browser-based EPUB reader allows an attacker to embed arbitrary JavaScript in a crafted EPUB file. When a victim opens the book, the script executes in their browser wi...

6.3CVSS0.00136EPSS
Exploits0References2
NVD
NVD
added 2026/05/08 10:16 p.m.12 views

CVE-2026-42195

draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.9, the draw.io client accepts a ?gitlab= URL parameter that overrides the GitLab server URL used during OAuth sign-in. A crafted link causes the user's click on draw.io's "Authorize in GitLab" dialog to ope...

3.4CVSS0.00192EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/08 9:22 p.m.9 views

EUVD-2026-28833

draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.9, the draw.io client accepts a ?gitlab= URL parameter that overrides the GitLab server URL used during OAuth sign-in. A crafted link causes the user's click on draw.io's "Authorize in GitLab" dialog to ope...

3.4CVSS5.8AI score0.00192EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/08 7:38 p.m.12 views

Open WebUI has an LDAP Empty Password Authentication Bypass

LDAP Empty Password Authentication Bypass Affected Component LDAP authentication endpoint: - backend/openwebui/routers/auths.py lines 468-477, user bind with empty password - backend/openwebui/models/auths.py lines 58-60, LdapForm model Affected Versions Current main branch commit 6fdd19bf1 and...

9.1CVSS6AI score0.01461EPSS
Exploits1References3Affected Software1
Snyk
Snyk
added 2026/05/08 7:38 p.m.16 views

Improper Authentication

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Improper Authentication in the LdapForm process. An attacker can gain unauthorized access to any LDAP user account, including administrative accounts, by submitting a valid username with an empty password to...

9.3CVSS5.5AI score0.01461EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.8 views

draw.io 信息泄露漏洞

Draw.IO is an open-source configurable chart drawing and whiteboard application. Versions of Draw.IO prior to 29.7.9 had a vulnerability related to information leakage. This vulnerability occurred due to the URL parameter “gitlab” overriding the GitLab server URL used during OAuth login. As a...

3.4CVSS5.8AI score0.00192EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.19 views

PT-2026-39197

Name of the Vulnerable Software and Affected Versions draw.io versions prior to 29.7.9 Description The application accepts a gitlab URL parameter that overrides the GitLab server URL used during OAuth sign-in. An attacker can use a crafted link to cause the "Authorize in GitLab" dialog to open a...

3.4CVSS5.8AI score0.00192EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/07 6:49 p.m.35 views

CVE-2026-42239 Budibase auth session cookies are set with httpOnly:false — any XSS can lead to full account takeover

Budibase is an open-source low-code platform. Prior to version 3.35.10, the budibase:auth cookie containing the JWT session token is set with httpOnly: false at packages/backend-core/src/utils/utils.ts:218. JavaScript can read this cookie via document.cookie. This means every XSS becomes a full...

8.1CVSS0.00283EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/05/06 8:21 p.m.13 views

CVE-2026-42084

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, the OpenC3 password change functionality allows a user to change their password without providing the old password, by accepting a valid...

8.1CVSS5.7AI score0.00305EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.16 views

PT-2026-39268

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description Open WebUI fails to validate that passwords are non-empty before performing LDAP Simple Bind authentication. On LDAP servers that permit unauthenticated empty-password binds, an attacker can...

9.4CVSS5.8AI score0.01461EPSS
Exploits1References14
ATTACKERKB
ATTACKERKB
added 2026/05/04 6:38 p.m.6 views

CVE-2026-42235

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an unauthenticated attacker could register a malicious MCP OAuth client with a crafted clientname. If a victim user authorized the OAuth consent dialog and a second user subsequently revoked that...

8.8CVSS6AI score0.00332EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/05/04 6:16 p.m.10 views

CVE-2026-42084

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, the OpenC3 password change functionality allows a user to change their password without providing the old password, by accepting a valid...

8.1CVSS0.00305EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/05/04 5:11 p.m.5 views

CVE-2026-42084 OpenC3 COSMOS: Hijacked session token can be used to reset password for persistence

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, the OpenC3 password change functionality allows a user to change their password without providing the old password, by accepting a valid...

8.1CVSS5.7AI score0.00305EPSS
Exploits1References4
EUVD
EUVD
added 2026/05/04 5:11 p.m.9 views

EUVD-2026-27057

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, the OpenC3 password change functionality allows a user to change their password without providing the old password, by accepting a valid...

8.1CVSS5.7AI score0.00305EPSS
Exploits1References4
CVE
CVE
added 2026/05/04 5:11 p.m.20 views

CVE-2026-42084

OpenC3 COSMOS is affected by a credential change vulnerability where the password change feature accepts a valid session token in lieu of the old password. This flaw, present prior to versions 6.10.5 and 7.0.0-rc3, allows an attacker who already holds a valid session token to change the password ...

8.1CVSS5.7AI score0.00305EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/05/04 5:11 p.m.33 views

CVE-2026-42084 OpenC3 COSMOS: Hijacked session token can be used to reset password for persistence

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, the OpenC3 password change functionality allows a user to change their password without providing the old password, by accepting a valid...

8.1CVSS0.00305EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/05/04 5:11 p.m.6 views

CVE-2026-42084

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, the OpenC3 password change functionality allows a user to change their password without providing the old password, by accepting a valid...

8.1CVSS5.7AI score0.00305EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 9:23 p.m.10 views

n8n Vulnerable to XSS via MCP OAuth client

Impact An unauthenticated attacker could register a malicious MCP OAuth client with a crafted clientname. If a victim user authorized the OAuth consent dialog and a second user subsequently revoked that access, a toast notification would render the injected script. Clicking the link would execute...

9.6CVSS5.8AI score0.00332EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/25 11:40 p.m.5 views

GHSA-PXF8-6WQM-R6HH Note Mark: OIDC-registered users authenticated by submitting password "null"

Summary IsPasswordMatch in backend/db/models.go falls back to a hard-coded bcrypt"null" placeholder whenever a user has no stored password. OIDC-registered users are created with an empty password, so anyone who submits password: "null" to the internal login endpoint receives a valid session for...

9.4CVSS5.8AI score0.00296EPSS
Exploits0References5
Rows per page
Query Builder