Lucene search
K

124037 matches found

EUVD
EUVD
added 7 hours ago3 views

EUVD-2026-42298

repomix contains a server-side request forgery vulnerability in the POST /api/pack endpoint that allows unauthenticated attackers to make arbitrary outbound requests. The endpoint fails to properly validate http://, https://, and file:// URLs before passing them to git clone, enabling attackers t...

9.3CVSS6.1AI score
Exploits0References4
CVE
CVE
added 7 hours ago5 views

CVE-2026-55761

Portainer Community Edition contains a vulnerability where, in versions 2.39.0–2.39.3 and 2.40.0–2.43.0, unauthenticated restore and administrator initialization endpoints (/api/restore and /api/users/admin/init) remain accessible during the five-minute setup window for uninitialized instances. A...

7.1CVSS5.9AI score
Exploits0References6
Cvelist
Cvelist
added 7 hours ago6 views

CVE-2026-55761 Portainer: Unauthenticated Restore Endpoint Allows Admin Takeover on Uninitialised Portainer Instances

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. In versions 2.39.0 through 2.39.3 and 2.40.0 until 2.43.0, unauthenticated restore and administrator initialization...

7.1CVSS
Exploits0References6
EUVD
EUVD
added 7 hours ago2 views

EUVD-2026-42297

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. In versions 2.39.0 through 2.39.3 and 2.40.0 until 2.43.0, unauthenticated restore and administrator initialization...

7.1CVSS5.9AI score
Exploits0References6
CVE
CVE
added 7 hours ago11 views

CVE-2026-59703

repomix is affected by a local file inclusion vulnerability in the git clone endpoint. The isValidRemoteValue function in src/core/git/gitRemoteParse.ts does not block file:// URLs, allowing an unauthenticated user to supply file:// scheme URLs that bypass validation and are passed to git clone, ...

8.7CVSS6.1AI score
Exploits0References4
Cvelist
Cvelist
added 7 hours ago9 views

CVE-2026-59703 repomix - Local File Inclusion via file:// URL Scheme in Git Clone Endpoint

repomix contains a local file inclusion vulnerability in the git clone endpoint that allows unauthenticated attackers to read arbitrary local git repositories. The isValidRemoteValue function in src/core/git/gitRemoteParse.ts fails to block file:// URLs, permitting attackers to supply file://...

8.7CVSS
Exploits0References4
EUVD
EUVD
added 7 hours ago2 views

EUVD-2026-42273

repomix contains a local file inclusion vulnerability in the git clone endpoint that allows unauthenticated attackers to read arbitrary local git repositories. The isValidRemoteValue function in src/core/git/gitRemoteParse.ts fails to block file:// URLs, permitting attackers to supply file://...

8.7CVSS6.1AI score
Exploits0References4
RedHat Linux
RedHat Linux
added 7 hours ago3 views

cups: OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the network

A flaw was found in OpenPrinting CUPS. An unauthorized client can exploit this vulnerability by sending a specially crafted print job to a shared PostScript queue without authentication. The server improperly handles the page-border value, allowing an attacker to embed and reparse malicious text ...

7.5CVSS6.7AI score0.00502EPSS
Exploits1References5
CVE
CVE
added 7 hours ago7 views

CVE-2026-15044

The CVE concerns the TrustyAI Service Operator. In deployments of services such as gorch and NemoGuardrails, if a specific security setting is not enabled, communication channels can be exposed without requiring user authentication, allowing any other program in the cluster to access the AI guard...

6.3CVSS5.9AI score
Exploits0References2
NVD
NVD
added 8 hours ago8 views

CVE-2026-58480

Blocksy Companion Pro plugin for WordPress before 2.1.47 contains an unauthenticated arbitrary file upload vulnerability that allows attackers to upload executable files by bypassing extension validation in the saveattachments function exposed through the Advanced Reviews feature. Attackers can...

9.8CVSS
Exploits0References4
NVD
NVD
added 8 hours ago7 views

CVE-2026-56226

Capgo Cap-go/capgo before 12.128.2 exposes the Supabase PostgREST RPC function public.getorgsv6userid uuid, which is SECURITY DEFINER and granted to the anon role, allowing unauthenticated access. Because the function accepts a caller-supplied user UUID without verifying it matches the...

8.7CVSS
Exploits0References2
NVD
NVD
added 8 hours ago5 views

CVE-2026-54061

Dgraph is an open source distributed GraphQL database. Prior to version 25.3.5, Dgraph Alpha exposes the RPCs used for external snapshot import on the public gRPC port :9080 without authentication or authorization. As a result, an unauthenticated network client can open StreamExtSnapshot and send...

9.1CVSS0.00059EPSS
Exploits0References2
NVD
NVD
added 8 hours ago5 views

CVE-2026-53482

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Integer overflow or wraparound vulnerability. An unauthenticated attacker...

7.5CVSS
Exploits0References1
NVD
NVD
added 8 hours ago6 views

CVE-2026-41122

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain a stored cross-site scripting vulnerability. An unauthenticated attacker wit...

7.1CVSS
Exploits0References1
EUVD
EUVD
added 8 hours ago3 views

EUVD-2026-42270

AVideo Meet plugin through commit e8d6119f3cb1b849149906efeb0a41fc024f59f8 contains a stored cross-site scripting vulnerability in the Meet plugin's getMeetInfo.json.php endpoint. When a participant joins a public meeting, the raw HTTP User-Agent header is stored meetjoinlog.useragent without...

6.1CVSS5.7AI score
Exploits0References3
CVE
CVE
added 8 hours ago8 views

CVE-2026-58656

Grav API plugin before v1.0.0-rc.16: accepts JWT tokens via the ?token= URL query parameter and replies with Access-Control-Allow-Origin: *, enabling unauthenticated cross-origin API requests. This can allow attackers who obtain a leaked JWT from logs/history to create persistent backdoor super-a...

8.7CVSS6AI score
Exploits0References2
EUVD
EUVD
added 8 hours ago4 views

EUVD-2026-42266

Grav API plugin before v1.0.0-rc.16 accepts JWT tokens via the ?token= URL query parameter and responds with Access-Control-Allow-Origin: , allowing unauthenticated attackers to make fully authenticated cross-origin API requests from any malicious website. Attackers who obtain a leaked JWT token...

8.7CVSS6AI score
Exploits0References2
Cvelist
Cvelist
added 8 hours ago5 views

CVE-2026-56284 Capgo - Unauthenticated Metrics Disclosure via get_total_metrics RPC

Capgo Cap-go/capgo before 12.128.2 contains an information disclosure vulnerability in the Supabase PostgREST RPC function public.gettotalmetricsorgid, which is callable by the anon role using only the public sbpublishable key. An unauthenticated attacker can probe organization existence and leak...

6.9CVSS
Exploits0References2
CVE
CVE
added 8 hours ago6 views

CVE-2026-56284

Capgo (Cap-go/capgo) before version 12.128.2 has an information disclosure flaw in the Supabase PostgREST RPC function public.get_total_metrics(org_id). The RPC is callable by the anon role using only the public sb_publishable_* key, allowing an unauthenticated attacker to probe organization exis...

6.9CVSS5.9AI score
Exploits0References2
EUVD
EUVD
added 8 hours ago3 views

EUVD-2026-42253

Capgo Cap-go/capgo before 12.128.2 contains an information disclosure vulnerability in the Supabase PostgREST RPC function public.gettotalmetricsorgid, which is callable by the anon role using only the public sbpublishable key. An unauthenticated attacker can probe organization existence and leak...

6.9CVSS5.9AI score
Exploits0References2
Rows per page
Query Builder