Lucene search
K

2840 matches found

EUVD
EUVD
added 2026/05/26 8:22 p.m.22 views

EUVD-2026-31989

MaxKB is an open-source AI assistant for enterprise. MaxKB 2.8.0 and prior are vulnerable to a server-side request forgery SSRF bypass in the OSS file service URL fetch functionality due to inconsistent DNS resolution between validation and actual request execution, allowing attackers to access...

5.1CVSS5.8AI score0.00187EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/26 10:30 a.m.10 views

CVE-2026-9540

A vulnerability was identified in vllm-project vllm 0.19.0. This issue affects some unknown processing of the component OpenAI-compatible Serving Path. Such manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit is publicly available and might be used...

6.9CVSS5.8AI score0.00427EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/05/23 12:0 a.m.10 views

OPENSUSE-SU-2026:10847-1 rqlite-10.1.0-1.1 on GA media

These are all security issues fixed in the rqlite-10.1.0-1.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS5.8AI score0.00781EPSS
Exploits0References1
NVD
NVD
added 2026/05/22 7:17 p.m.21 views

CVE-2026-39969

TypeBot is a chatbot builder tool. In versions 3.16.0 and prior, the WhatsApp Cloud API webhook endpoint POST /v1/workspaces/workspaceId/whatsapp/credentialsId/webhook does not verify the x-hub-signature-256 HMAC signature included by Meta in every webhook delivery. The webhook URL exposes both...

6.5CVSS0.0014EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.12 views

Unity Linux 20.1050e / 20.1070e Security Update: LibRaw (UTSA-2026-016597)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016597 advisory. Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRawbufferdatastream::getschar, int in...

7.8CVSS6.4AI score0.00424EPSS
Exploits1References4
EUVD
EUVD
added 2026/05/15 9:31 p.m.15 views

EUVD-2026-30662

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the channel webhook create/update flow accepts arbitrary profileimageurl values, including data:image/svg+xml;base64,... payloads. The profile image endpoint then decodes and serves...

7.4CVSS6AI score0.00212EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 2:58 p.m.10 views

CVE-2026-44457

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, Cache Middleware does not skip caching for responses that declare per-user variance via Vary: Authorization or Vary: Cookie. As a result, a response cached for one authenticated user may be...

5.3CVSS5.8AI score0.00197EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/05/12 10:16 p.m.17 views

CVE-2026-44305

Lemur manages TLS certificate creation. Prior to 1.9.0, when LDAP TLS is enabled LDAPUSETLS = True, Lemur's LDAP authentication module unconditionally disables TLS certificate verification at the global ldap module level. This allows a man-in-the-middle attacker positioned between Lemur and the...

6.8CVSS0.00094EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 4:43 p.m.17 views

CVE-2026-41513

CVE-2026-41513 affects Horilla HR/CRM software (version 1.5.0) where notification endpoints trust an unvalidated next parameter, enabling open redirects to arbitrary external URLs. This can enable phishing/social-engineering redirects by turning legitimate links intomalicious destinations. Connec...

4.8CVSS5.9AI score0.00265EPSS
Exploits0References2
NVD
NVD
added 2026/05/11 9:18 p.m.12 views

CVE-2026-28830

A race condition was addressed with additional validation. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data...

4.7CVSS0.00085EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/10 12:0 a.m.18 views

PT-2026-39460

A vulnerability was found in Dotouch XproUPF 2.0.0-release-088aa7c4. This impacts the function vlib worker loop in the library /usr/xpro/upf/tools/libs/libvlib.so of the component UPF Process. The manipulation results in denial of service. The vendor was contacted early about this disclosure...

5.1CVSS5.6AI score0.0019EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.12 views

PT-2026-38917

Name of the Vulnerable Software and Affected Versions Apache CloudStack versions prior to 4.20.3.0 Apache CloudStack versions prior to 4.22.0.1 Description Multiple time-of-check time-of-use TOCTOU race conditions—where a system checks a condition and then uses the result, but the condition chang...

6.5CVSS5.8AI score0.00433EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.17 views

PT-2026-38892

Name of the Vulnerable Software and Affected Versions User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration versions prior to 4.3.2 Description Insufficient input validation and type checking on the wpuf files parameter during form submission, combine...

8.8CVSS6.2AI score0.00951EPSS
Exploits0References23
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.9 views

HCL BigFix Service Management 信息泄露漏洞

HCL BigFix Service Management is an IT service management and asset management platform developed by the Indian company HCL. HCL BigFix Service Management SM has a vulnerability related to information leakage. This vulnerability stems from the exposure of server banner information, allowing the...

5.3CVSS5.8AI score0.00172EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.9 views

openSUSE 16 Security Update : himmelblau (openSUSE-SU-2026:20658-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20658-1 advisory. Update to version 2.3.9+git0.a9fd29b. Security issues fixed: - CVE-2026-34397: Fixed naming collision that can lead to local privilege escalation...

7CVSS5.8AI score0.00158EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.13 views

PT-2026-36759

Name of the Vulnerable Software and Affected Versions privsim mcp-test-runner version 0.2.0 Description A flaw in the MCP Interface component allows for remote OS command injection. This occurs through the manipulation of the command argument within the child process.spawn function located in the...

6.5CVSS6.6AI score0.01089EPSS
Exploits0References8
Fedora
Fedora
added 2026/05/01 3:6 a.m.8 views

[SECURITY] Fedora 43 Update: rust-rustls-webpki-0.103.13-1.fc43

Web PKI X.509 Certificate Verification...

5.2AI score
Exploits0
NVD
NVD
added 2026/05/01 12:16 a.m.8 views

CVE-2026-7513

A vulnerability has been found in UTT HiPER 1200GW up to 2.5.3-170306. The impacted element is the function strcpy of the file /goform/formRemoteControl. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used...

9CVSS0.00472EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/29 8:48 p.m.4 views

CVE-2026-42432

OpenClaw before 2026.4.8 contains a privilege escalation vulnerability allowing previously paired nodes to reconnect with exec-capable commands without operator.admin scope requirement. Attackers can bypass re-pairing authentication to execute privileged commands on the local assistant system...

7.8CVSS5.5AI score0.00131EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/25 12:0 a.m.9 views

PT-2026-35503

Name of the Vulnerable Software and Affected Versions Note Mark versions prior to 0.19.3 Description An authentication bypass exists in the internal login endpoint. The IsPasswordMatch function in backend/db/models.go uses a hard-coded bcrypt"null" placeholder when a user has no stored password...

9.4CVSS5.8AI score0.00296EPSS
Exploits0References17
Rows per page
Query Builder