Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

107423 matches found

CVE
CVEadded 2026/06/02 10:35 p.m.21 views

CVE-2026-32625

LibreChat vulnerability CVE-2026-32625 affects versions up to 0.8.3 where MCP server URL validation expands ${VAR} against process.env during Zod schema checks. An authenticated user can configure a malicious MCP URL to exfiltrate secrets (CREDS_KEY, CREDS_IV, JWT_SECRET, MONGO_URI) to an attacke...

9.6CVSS5.8AI score0.00251EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2026/06/02 10:35 p.m.32 views

CVE-2026-32625 LibreChat Exfiltrates Server Secrets via MCP Server URL Injection

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, the Model Context Protocol MCP server integration resolves $VAR placeholders against the server's process.env during Zod schema validation of user-supplied MCP server URLs. Any...

9.6CVSS0.00251EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/06/02 10:35 p.m.6 views

CVE-2026-32625

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, the Model Context Protocol MCP server integration resolves $VAR placeholders against the server's process.env during Zod schema validation of user-supplied MCP server URLs. Any...

9.6CVSS5.8AI score0.00251EPSS
Exploits1References2Affected Software1
RedHat Linux
RedHat Linuxadded 2026/06/02 10:29 p.m.7 views

PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation

A flaw was found in PHP, specifically within the PHP-FPM status page. Due to improper sanitation of user data, a remote attacker can craft a malicious URL. When a user views the PHP-FPM status page with this crafted URL, it can lead to the execution of arbitrary JavaScript code Cross-Site Scripti...

8.8CVSS6.1AI score0.0021EPSS
Exploits1References5
NVD
NVDadded 2026/06/02 10:16 p.m.10 views

CVE-2026-10661

A vulnerability has been found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. Impacted is the function Open of the file src/blendermcp/server.py. The manipulation of the argument inputimageurl leads to injection. Remote exploitation of the attack is possible. The exploit...

5.3CVSS0.00248EPSS
Exploits0References8
RedhatCVE
RedhatCVEadded 2026/06/02 10:3 p.m.11 views

CVE-2026-40961

A bug in the login redirect route in Apache Airflow allowed authenticated users to craft URLs that bypassed the issafeurl check, enabling redirection from a trusted Airflow domain to an attacker-controlled origin. Users are advised to upgrade to apache-airflow 3.2.2 or later. As a defense-in-dept...

7.2CVSS5.8AI score0.00625EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/02 10:2 p.m.8 views

CVE-2026-10287

A vulnerability was determined in SourceCodester SEO Meta Tag Extractor 1.0. This vulnerability affects the function getheaders of the file /index.php. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been...

7.5CVSS6.8AI score0.00294EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/02 10:2 p.m.9 views

CVE-2026-8726

The extension fails to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "Date Menu of news articles" plugin. Exploitation requires the "Date Menu of news articles" plugin ...

8.2CVSS6AI score0.00386EPSS
Exploits0References1
CVE
CVEadded 2026/06/02 10:0 p.m.14 views

CVE-2026-10662

The CVE concerns ahujasid blender-mcp (up to commit 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b) and targets the ZIP File Handler’s server.py, specifically the requests.get usage. Flaw: manipulation of the argument zip_file_url enables server-side request forgery (SSRF). Impact is described as remot...

6.5CVSS6.1AI score0.00227EPSS
Exploits0References8
ATTACKERKB
ATTACKERKBadded 2026/06/02 9:30 p.m.7 views

CVE-2026-10661

A vulnerability has been found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. Impacted is the function Open of the file src/blendermcp/server.py. The manipulation of the argument inputimageurl leads to injection. Remote exploitation of the attack is possible. The exploit...

5.3CVSS5.3AI score0.00248EPSS
Exploits0References8
Cvelist
Cvelistadded 2026/06/02 9:30 p.m.29 views

CVE-2026-10661 ahujasid blender-mcp server.py open injection

A vulnerability has been found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. Impacted is the function Open of the file src/blendermcp/server.py. The manipulation of the argument inputimageurl leads to injection. Remote exploitation of the attack is possible. The exploit...

5.3CVSS0.00248EPSS
Exploits0References8
Vulnrichment
Vulnrichmentadded 2026/06/02 9:30 p.m.7 views

CVE-2026-10661 ahujasid blender-mcp server.py open injection

A vulnerability has been found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. Impacted is the function Open of the file src/blendermcp/server.py. The manipulation of the argument inputimageurl leads to injection. Remote exploitation of the attack is possible. The exploit...

5.3CVSS5.3AI score0.00248EPSS
Exploits0References8
CVE
CVEadded 2026/06/02 9:30 p.m.16 views

CVE-2026-10661

The CVE concerns ahujasid blender-mcp with a vulnerability in the Open function of src/blender_mcp/server.py. Manipulating the input_image_url parameter leads to injection, with remote exploitation possible. The affected project uses rolling releases, so specific version details are not listed; p...

5.3CVSS5.3AI score0.00248EPSS
Exploits0References8
Circl
Circladded 2026/06/02 9:24 p.m.6 views

CVE-2019-25724

creationtimestamp| type| source ---|---|--- 2026-06-02 21:24:20+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mndjrl62c42m...

7.1CVSS5.8AI score0.00175EPSS
Exploits0References1
NVD
NVDadded 2026/06/02 9:16 p.m.8 views

CVE-2026-41569

authentik is an open-source identity provider. Prior to version 2026.2.3, the WS-Federation provider validates the user-supplied wreply parameter using a raw string prefix check rather than proper URL parsing. An attacker who can craft a login link can supply a wreply value on a different origin...

6.9CVSS0.00182EPSS
Exploits0References1
Circl
Circladded 2026/06/02 9:7 p.m.5 views

CVE-2026-10617

creationtimestamp| type| source ---|---|--- 2026-06-02 21:07:55+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mndiuasktx2d...

7.5CVSS7.1AI score0.00399EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/06/02 7:8 p.m.30 views

CVE-2026-48597 Atom table exhaustion via untrusted URL scheme in Tesla.Adapter.Mint

Allocation of Resources Without Limits or Throttling vulnerability in elixir-tesla tesla allows denial of service via atom table exhaustion in Tesla.Adapter.Mint. Tesla.Adapter.Mint.openconn/2 converts the URL scheme of every outgoing request to a BEAM atom via String.toatomuri.scheme with no...

8.2CVSS0.00301EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/06/02 7:8 p.m.7 views

CVE-2026-48597

Allocation of Resources Without Limits or Throttling vulnerability in elixir-tesla tesla allows denial of service via atom table exhaustion in Tesla.Adapter.Mint. Tesla.Adapter.Mint.openconn/2 converts the URL scheme of every outgoing request to a BEAM atom via String.toatomuri.scheme with no...

8.2CVSS5.8AI score0.00301EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichmentadded 2026/06/02 7:8 p.m.6 views

CVE-2026-48597 Atom table exhaustion via untrusted URL scheme in Tesla.Adapter.Mint

Allocation of Resources Without Limits or Throttling vulnerability in elixir-tesla tesla allows denial of service via atom table exhaustion in Tesla.Adapter.Mint. Tesla.Adapter.Mint.openconn/2 converts the URL scheme of every outgoing request to a BEAM atom via String.toatomuri.scheme with no...

8.2CVSS5.8AI score0.00301EPSS
Exploits0References4
CVE
CVEadded 2026/06/02 7:8 p.m.21 views

CVE-2026-48597

The vulnerability CVE-2026-48597 affects elixir-tesla (Tesla) where Tesla.Adapter.Mint.open_conn/2 converts each outgoing request URL scheme to a BEAM atom using String.to_atom(uri.scheme) without an allow-list. Since BEAM atoms are not garbage-collected, an attacker who can influence the request...

8.2CVSS5.8AI score0.00301EPSS
Exploits0References4
Rows per page
Query Builder