Lucene search
+L

13287 matches found

Nuclei
Nuclei
added 18 hours ago72 views

Mlflow < 2.11.0 - Path Traversal

A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '' character can be used to insert a path into the fragment, effectively...

7.5CVSS7.3AI score0.43284EPSS
Exploits1References2
Circl
Circl
added yesterday7 views

CVE-2026-10130

creationtimestamp| type| source ---|---|--- 2026-07-18 22:30:23+00:00| seen| https://infosec.exchange/users/offseq/statuses/116943344312678030 2026-07-18 22:30:26+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mqxcw4d2h424 2026-07-18 23:35:46+00:00| seen|...

8.8CVSS4.8AI score
Exploits0References5
Nuclei
Nuclei
added yesterday280 views

ChatGPT个人专用版 - Server Side Request Forgery

A Server-Side Request Forgery SSRF in pictureproxy.php of ChatGPT commit f9f4bbc allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the urlparameter. id: CVE-2024-27564 info: name: ChatGPT个人专用版 - Server Side Request Forgery author: DhiyaneshDK...

6.5CVSS7.5AI score0.40637EPSS
Exploits2References2
Github Security Blog
Github Security Blog
added 2 days ago12 views

oapi-codegen: OpenAPI Server Description Escapes Generated Go Comment and Injects Executable Code

Summary The vulnerability in oapi-codegen seems to be similar with CVE-2026-22785, which is a generated-code injection issue where untrusted OpenAPI summary text is embedded into generated TypeScript MCP server source without proper escaping. oapi-codegen has a similar vulnerability in its server...

9.8CVSS6.2AI score0.00709EPSS
Exploits2References4Affected Software1
Circl
Circl
added 2 days ago8 views

CVE-2026-11961

creationtimestamp| type| source ---|---|--- 2026-07-17 08:27:46+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqtdeg53a32x 2026-07-17 09:00:30+00:00| seen| https://infosec.exchange/users/offseq/statuses/116934497361624112 2026-07-17 09:00:32+00:00| seen|...

8.1CVSS4.8AI score0.00226EPSS
Exploits0References4
CVE
CVE
added 2 days ago8 views

CVE-2026-62210

OpenClaw before 2026.6.1 is affected by a denial-of-service vulnerability where remote media URLs trigger slow‑read attacks that exhaust gateway worker resources. Attackers with access to configured input paths can supply remote media URLs to consume resources and reduce availability. The issue i...

6.5CVSS6.1AI score0.00307EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2 days ago5 views

PT-2026-60845

Name of the Vulnerable Software and Affected Versions IBM Engineering AI Hub versions 1.0.0 through 1.2.0 Description A remote attacker can obtain sensitive information because session tokens are exposed within URLs. Recommendations At the moment, there is no information about a newer version tha...

7.5CVSS4.7AI score0.00515EPSS
Exploits0References3
NVD
NVD
added 3 days ago7 views

CVE-2026-44023

Docling Core defines core data types and transformations for the document processing application Docling. In versions 1.5.0 and above, prior to 2.74.1, docling-core did not sufficiently restrict remote request destinations and could resolve a server-provided Content-Disposition to a local path in...

8.6CVSS0.00286EPSS
Exploits0References2
NVD
NVD
added 3 days ago9 views

CVE-2024-32389

Buffer Overflow vulnerability in Kerlink Kerlink Wirnet iStation 868 KerOS v.4.3.320200803132042 allows a remote attacker to obtain sensitive information via the update URLs component...

3.5CVSS0.00209EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 3 days ago7 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.1AI score0.00728EPSS
Exploits0References8
CVE
CVE
added 3 days ago8 views

CVE-2024-32389

Kerlink Wirnet iStation 868 KerOS v.4.3.3_20200803132042 exposes a Buffer Overflow in the update URLs component, allowing a remote attacker to obtain sensitive information. This CVE (CVE-2024-32389) has a CVSS v3.1 base score of 3.5 (LOW) with an adjacent attack vector, low confidentiality impact...

3.5CVSS6.1AI score0.00209EPSS
Exploits0References2
NVD
NVD
added 4 days ago8 views

CVE-2026-53446

Wekan is open source kanban built with Meteor. Prior to 9.32, Wekan webhook integration URLs in models/integrations.js are stored from user input and later fetched by server/notifications/outgoing.js without applying the existing validateAttachmentUrl private-network checks from...

6.2CVSS0.00286EPSS
Exploits0References3
CVE
CVE
added 4 days ago8 views

CVE-2026-53446

CVE-2026-53446 affects Wekan prior to 9.32, where webhook integration URLs stored in models/integrations.js are fetched by server/notifications/outgoing.js without applying the private-network checks in models/lib/attachmentUrlValidation.js. This enables a board administrator to configure webhook...

6.2CVSS6.1AI score0.00286EPSS
Exploits0References3
NVD
NVD
added 4 days ago6 views

CVE-2026-54562

Cloudreve is a self-hosted file management and sharing system. Prior to 4.16.1, Cloudreve's remote download workflow accepts user-supplied URLs at POST /api/v4/workflow/download and passes them to the configured downloader without blocking loopback, localhost, IPv6 localhost, or...

6.5CVSS0.00231EPSS
Exploits0References3
SUSE Linux
SUSE Linux
added 4 days ago3 views

Security update for python-cryptography

This update for python-cryptography fixes the following issues: CVE-2026-41676: openssl: Deriver:derive and PkeyCtxRef:derive can overflow short buffers on OpenSSL 1.1.1 bsc1270208. CVE-2026-41677: openssl: out-of-bounds read in PEM password callback when returning an oversized length bsc1270620...

8.7CVSS6.2AI score0.00359EPSS
Exploits0References32
OSV
OSV
added 4 days ago3 views

SUSE-SU-2026:3040-1 Security update for python-cryptography

This update for python-cryptography fixes the following issues: - CVE-2026-41676: openssl: Deriver:derive and PkeyCtxRef:derive can overflow short buffers on OpenSSL 1.1.1 bsc1270208. - CVE-2026-41677: openssl: out-of-bounds read in PEM password callback when returning an oversized length...

9.3CVSS6.2AI score0.00359EPSS
Exploits0References17
SUSE Linux
SUSE Linux
added 4 days ago3 views

Security update for sccache

This update for sccache fixes the following issues: Update to version 0.15.017. CVE-2023-26964: hyper,h2: high resource consumption due to stream stacking when H2 component processes HTTP2 RSTSTREAM frames bsc1210346. CVE-2024-32650: rust-rustls: infinite loop in...

8.7CVSS6.7AI score0.01121EPSS
Exploits2References56
Circl
Circl
added 5 days ago8 views

CVE-2026-15773

creationtimestamp| type| source ---|---|--- 2026-07-14 22:16:10+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqnaaxfcay2b 2026-07-14 23:38:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqneuoukdt2x 2026-07-15 19:46:03+00:00| seen|...

9.6CVSS6.1AI score0.00251EPSS
Exploits0References5
NVD
NVD
added 5 days ago7 views

CVE-2026-45066

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0-BETA1 until 6.4.40, 7.4.12, and 8.0.12, HtmlSanitizer URL sanitization can allow off-allowlist URLs through allowLinkHosts or allowMediaHosts because UrlSanitizer::parse follows RFC 3986...

6.1CVSS0.0029EPSS
Exploits0References5
NVD
NVD
added 5 days ago6 views

CVE-2026-14902

An open redirect in Ivanti Xtraction before version 2026.2.1 allows a remote unauthenticated attacker to redirect users to arbitrary external URLs...

4CVSS0.00512EPSS
Exploits0References1
Rows per page
Query Builder