Lucene search
+L

6055 matches found

Nuclei
Nuclei
added 4 hours ago82 views

Cockpit Web Console < 360 - Remote Code Execution

Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects malicious SSH...

9.8CVSS7AI score0.142EPSS
Exploits4References3
Nuclei
Nuclei
added 4 hours ago29 views

LolLMS < 2.2.0 - Server-Side Request Forgery

A Server-Side Request Forgery SSRF vulnerability exists in parisneo/lollms versions prior to 2.2.0. The /api/files/export-content endpoint processes Markdown image URLs by downloading them via downloadimagetotemp in backend/routers/files.py without any validation, allowing an unauthenticated...

7.5CVSS7.8AI score0.01765EPSS
Exploits1References3
Cvelist
Cvelist
added yesterday20 views

CVE-2026-50151 oras-go: credential forwarding via unvalidated Location header in blob upload

oras-go is a Go library for managing OCI artifacts. Prior to 2.6.1, registry/remote/repository.go in blobStore.completePushAfterInitialPost follows a registry-controlled Location header during monolithic blob upload and reuses the Authorization header from the initial POST request for the...

7.5CVSS
Exploits0References4
Patchstack
Patchstack
added yesterday7 views

NPM: mcp-memory-keeper: Arbitrary local file read in context_import via unvalidated filePath

NPM: mcp-memory-keeper: Arbitrary local file read in contextimport via unvalidated filePath vulnerability discovered by ? in WordPress Npm mcp-memory-keeper versions 0.13.0...

5.3AI score
Exploits0References6Affected Software1
Cvelist
Cvelist
added yesterday19 views

CVE-2026-48487 Zeroconf: Unvalidated rdlength in record payload readers allows LAN-local cache corruption via crafted mDNS packet

Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.16, readcharacterstring and readstring in src/zeroconf/protocol/incoming.py advanced self.offset by attacker-declared RDLENGTH without checking it against self.datalen, allowing unauthenticated hosts on th...

5.3CVSS
Exploits0References5
CVE
CVE
added yesterday16 views

CVE-2026-48487

CVE-2026-48487 (python-zeroconf) : Prior to 0.149.16, _read_character_string and _read_string in zeroconf’s incoming protocol could advance the parser past the end of the payload by using attacker-declared RDLENGTH without checking against data length, enabling unauthenticated LAN-local hosts on ...

5.3CVSS5.2AI score
Exploits0References5
NVD
NVD
added yesterday6 views

CVE-2026-63096

Dendrite through 0.13.8 contains a server-side request forgery vulnerability that allows unauthenticated attackers to cause the server to open outbound TLS connections to arbitrary hosts and ports by supplying an unvalidated serverName parameter to the legacy media download endpoint. Attackers ca...

6.9CVSS
Exploits0References2
EUVD
EUVD
added yesterday7 views

EUVD-2026-45194

Dendrite through 0.13.8 contains a server-side request forgery vulnerability that allows unauthenticated attackers to cause the server to open outbound TLS connections to arbitrary hosts and ports by supplying an unvalidated serverName parameter to the legacy media download endpoint. Attackers ca...

6.9CVSS5.5AI score
Exploits0References2
Cvelist
Cvelist
added yesterday24 views

CVE-2026-63096 Dendrite 0.13.8 SSRF via Unauthenticated Legacy Media Download Endpoint

Dendrite through 0.13.8 contains a server-side request forgery vulnerability that allows unauthenticated attackers to cause the server to open outbound TLS connections to arbitrary hosts and ports by supplying an unvalidated serverName parameter to the legacy media download endpoint. Attackers ca...

6.9CVSS
Exploits0References2
NVD
NVD
added yesterday7 views

CVE-2026-59694

Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to inflate the fee-payer's gas cost per payment by a large multiplier, degrading the sponsor's operating margin. When the mpp Elixir library is configured as fee payer feepayer: true,...

8.3CVSS
Exploits0References4
CVE
CVE
added 2 days ago10 views

CVE-2026-44434

Quicly (QUIC protocol implementation used with H2O HTTP server) was vulnerable to stateless reset injection before commit dccf5d4 due to lack of packet entry validation, allowing an on-path attacker to reset QUIC connections by exploiting zero-initialized secret-pattern slots. The issue has been ...

5.3CVSS6AI score0.00147EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2 days ago7 views

CVE-2026-30623

A flaw was found in LiteLLM. This vulnerability allows a remote attacker to execute arbitrary operating system commands on the host where LiteLLM is running. This is possible because the application's MCP server creation functionality processes JSON configurations that can include unvalidated...

9.8CVSS6.4AI score0.00944EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2 days ago8 views

CVE-2026-14380

A flaw was found in the DBI component for Perl. This vulnerability allows an attacker to inject and execute arbitrary code by manipulating the Profile attribute of a DBI handle. When a string is assigned to this attribute, the component processes it without proper validation, enabling the executi...

8.8CVSS6.5AI score0.00498EPSS
Exploits0References6
CVE
CVE
added 3 days ago10 views

CVE-2026-45313

Summary: Sandboxie-Plus on Windows contains a local privilege escalation in GuiServer.cpp prior to v1.17.6. The GuiServer::WndHookRegisterSlave handler stores attacker-supplied hthread and hproc from GUI_WND_HOOK_REGISTER without validating thread belonging to the sandbox or the function pointer’...

7.7CVSS6.4AI score0.00108EPSS
Exploits0References2
OSV
OSV
added 3 days ago3 views

CVE-2026-62312 9Router: Authenticated RCE via Unvalidated MCP Plugin Arguments

9Router is an AI router & token saver. Prior to 0.5.2, 9Router allows a remote authenticated attacker to achieve arbitrary code execution on the host operating system by combining a Host header bypass of localhost-only routes with unvalidated MCP plugin args passed to childprocess.spawn, allowing...

8.8CVSS6.5AI score0.00719EPSS
Exploits0References5
CVE
CVE
added 3 days ago9 views

CVE-2026-62312

CVE-2026-62312 affects 9Router, an AI router & token saver. Before v0.5.2, an authenticated remote attacker can achieve arbitrary code execution on the host by abusing a Host header bypass of localhost-only routes in combination with unvalidated MCP plugin arguments passed to child_process.spawn(...

8.8CVSS6.5AI score0.00719EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-53513 Better Auth: Server-side request forgery via unvalidated OIDC endpoints on @better-auth/sso provider registration

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, the @better-auth/sso plugin's POST /sso/register and POST /sso/update-provider endpoints accept attacker-controlled oidcConfig.userInfoEndpoint, tokenEndpoint, and jwksEndpoint URLs when skipDiscovery: tru...

9.6CVSS0.00252EPSS
Exploits0References4
OSV
OSV
added 3 days ago5 views

CVE-2026-53513 Better Auth: Server-side request forgery via unvalidated OIDC endpoints on @better-auth/sso provider registration

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, the @better-auth/sso plugin's POST /sso/register and POST /sso/update-provider endpoints accept attacker-controlled oidcConfig.userInfoEndpoint, tokenEndpoint, and jwksEndpoint URLs when skipDiscovery: tru...

9.6CVSS6.1AI score0.00252EPSS
Exploits0References6
OSV
OSV
added 3 days ago4 views

CVE-2026-61451 Grav before 1.0.4 Password Reset Token Poisoning via admin_base_url

The Grav API plugin grav-plugin-api before 1.0.4 does not validate the origin of the client-supplied adminbaseurl field in the POST /api/v1/auth/forgot-password endpoint. The sanitizeHttpUrl function only checks that the URL scheme is http/https and never verifies the host against the server's ow...

9.4CVSS6.2AI score0.00244EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 3 days ago8 views

PT-2026-60267

Name of the Vulnerable Software and Affected Versions TDengine versions prior to 3.4.1.15 Description An unauthenticated out-of-bounds read, uncontrolled allocation, and integer underflow can occur when the server processes malformed RPC packets. This happens because the transDecompressMsg functi...

7.5CVSS5.3AI score0.00324EPSS
Exploits0References3
Rows per page
Query Builder