Lucene search
K

128 matches found

CVE
CVE
added 2 hours ago4 views

CVE-2026-59516

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Reflected XSS.This issue affects ICS Calendar: from n/a through = 12.1.1...

7.1CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-55873 SeaweedFS: Improper authorization in the S3Tables / Iceberg REST management API lets a low-privileged S3 user enumerate administrator-owned table buckets

SeaweedFS is a distributed storage system. In versions 4.08 through 4.33, requests signed with SigV4 service s3tables are routed to the S3Tables management API where authorization collapses account-less S3 identities into the shared admin account and fails open, allowing an authenticated...

4.3CVSS0.00199EPSS
Exploits0References4
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-42286

SeaweedFS is a distributed storage system. In versions 4.08 through 4.33, requests signed with SigV4 service s3tables are routed to the S3Tables management API where authorization collapses account-less S3 identities into the shared admin account and fails open, allowing an authenticated...

4.3CVSS5.9AI score0.00199EPSS
Exploits0References4
CVE
CVE
added 5 days ago14 views

CVE-2026-55874

SeaweedFS's S3 API gateway is affected prior to version 4.34 by a path traversal issue in the X-Amz-Copy-Source header (dot-dot segments) that can enable an authenticated user scoped to one bucket to read objects from other buckets via server-side copy. The issue is documented across CVE-2026-558...

7.7CVSS6AI score0.00327EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added last week7 views

Coder vulnerable to denial of service via unbounded request body in AI Bridge provider endpoints

Summary AI Bridge provider handlers read request bodies with io.ReadAll without a maximum size so an authenticated user with AI Bridge access could send an arbitrarily large body and exhaust memory. Note: Exploitation requires authenticated access to the AI Bridge endpoints and the impact is...

6.5CVSS6AI score0.00552EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/07/05 5:19 a.m.10 views

ROOT-OS-UBUNTU-2404-CVE-2026-43495 CVE-2026-43495 in rootio-linux - Patched by Root

Root has patched CVE-2026-43495 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

8.8CVSS5.8AI score0.00272EPSS
Exploits0
EUVD
EUVD
added 2026/06/26 10:59 p.m.7 views

EUVD-2026-39492

pnpm Vulnerable to Arbitrary File Write/Delete via Malicious Patch File Path Traversal...

7.3CVSS5.8AI score0.0027EPSS
Exploits1References2
NVD
NVD
added 2026/06/25 6:16 p.m.8 views

CVE-2026-50014

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm passes the lockfile-controlled git resolution.commit value to git fetch without a -- separator or commit-format validation. For git dependencies fetched through the shallow-fetch path, a malicious lockfile can replace the expected...

7.3CVSS0.0018EPSS
Exploits1References1
Fedora
Fedora
added 2026/06/21 1:1 a.m.6 views

[SECURITY] Fedora 44 Update: kubernetes1.34-1.34.9-1.fc44

Production-Grade Container Scheduling and Management. Installs kubelet, the kubernetes agent on each machine in a cluster. The kubernetes-client sub-package, containing kubectl, is recommended but not strictly required. The kubernetes-client sub-package should be installed on control plane machin...

8.7CVSS5.7AI score0.00656EPSS
Exploits0
Chainguard
Chainguard
added 2026/06/11 1:18 p.m.8 views

GHSA-5PG7-F6XV-J6M4 vulnerabilities

Vulnerabilities for packages: openssl, libcrypto3-2.34...

6.1AI score
Exploits0
OSV
OSV
added 2026/06/05 10:43 a.m.7 views

MINI-5V34-7RFR-7687

Bulletin has no description...

6.1CVSS5.1AI score0.00178EPSS
Exploits0
NVD
NVD
added 2026/06/02 8:16 p.m.12 views

CVE-2026-40181

React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can trigger an open redirect to an external domain due to path values starting with // being reinterpreted as protocol-relative URLs. The level of impact...

8.7CVSS0.00162EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in binutils

There is a flaw in binutils /bfd/pef.c. An attacker who can submit a crafted input file for processing by the objdump program could cause a null pointer dereference. The greatest threat of this flaw is to the availability of the application. This flaw affects binutils versions prior to 2.34...

5.5CVSS6.4AI score0.01156EPSS
Exploits1References2
OSV
OSV
added 2026/05/11 1:33 p.m.4 views

MINI-M353-5CHP-34QP

Bulletin has no description...

7.5CVSS5.7AI score0.00781EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/08 1:35 p.m.40 views

CVE-2026-44338 PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution

PraisonAI is a multi-agent teams system. From version 2.5.6 to before version 4.6.34, PraisonAI ships a legacy Flask API server with authentication disabled by default. When that server is used, any caller that can reach it can access /agents and trigger the configured agents.yaml workflow throug...

7.3CVSS0.26799EPSS
Exploits3References1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.22 views

PT-2026-39003

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.6.34 Description The Model Context Protocol MCP server in PraisonAI contains a path traversal flaw in its file-handling tools. The server registers four tools by default: 'praisonai.rules.create',...

9.6CVSS6.3AI score0.00619EPSS
Exploits1References11
Packet Storm News
Packet Storm News
added 2026/05/07 12:0 a.m.12 views

LCC-LLM: Leveraging Code-Centric Large Language Models for Malware Attribution

LLMs are increasingly explored for malware analysis; however, current LLM-based malware attribution remains limited by unsupported indicators and insufficient code-level grounding for identifying malicious and vulnerable code segments. To address these limitations, this research introduces LCC-LL...

5.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/03 12:0 a.m.17 views

PT-2026-39005

Name of the Vulnerable Software and Affected Versions PraisonAI versions 2.5.6 through 4.6.33 Description PraisonAI ships a legacy Flask API server that has authentication disabled by default due to hard-coded AUTH ENABLED = False and AUTH TOKEN = None variables in the api server.py file. This...

7.5CVSS6AI score0.26799EPSS
Exploits3References65
RedhatCVE
RedhatCVE
added 2026/03/27 10:51 p.m.6 views

CVE-2026-33541

TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Prior to version 34, a flaw in TSPortal allowed attackers to create arbitrary user records in the database by abusing validation logic. Whil...

6.5CVSS5.9AI score0.00293EPSS
Exploits1References1
NVD
NVD
added 2026/03/26 9:17 p.m.5 views

CVE-2026-33541

TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Prior to version 34, a flaw in TSPortal allowed attackers to create arbitrary user records in the database by abusing validation logic. Whil...

6.5CVSS0.00293EPSS
Exploits1References1
Rows per page
Query Builder