Lucene search
K

1369 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/08 3:38 p.m.8 views

CVE-2026-41693

i18next-fs-backend is a backend layer for i18next using in Node.js and for Deno to load translations from the filesystem. Prior to version 2.6.4, i18next-fs-backend substitutes the lng and ns options directly into the configured loadPath / addPath templates and then read / write the resulting fil...

8.2CVSS5.8AI score0.00292EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/08 1:33 p.m.9 views

CVE-2026-44337 PraisonAI knowledge-store backends interpolate unvalidated collection names into SQL and CQL queries

PraisonAI is a multi-agent teams system. From version 2.4.1 to before version 4.6.34, PraisonAI exposes optional SQL/CQL-backed knowledge-store implementations that build table and index identifiers from unvalidated name and collection arguments. Applications that pass untrusted collection names...

6.3CVSS5.8AI score0.00216EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2026/05/08 2:35 a.m.11 views

SUSE CVE-2016-8817

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgDdiEscape where a value passed from a user to the driver is used without validation as the size input to memcpy, causing a buffer overflow, leading to denial of service o...

7.8CVSS7.3AI score0.00397EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.11 views

PT-2026-38906

Name of the Vulnerable Software and Affected Versions Cradle eCommerce platform affected versions not specified Description An open redirection issue exists in the login form endpoint. The application accepts a URL through the returnUrl parameter without proper validation, allowing users to be...

5.3CVSS5.8AI score0.00339EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/07 3:36 a.m.76 views

CVE-2026-41672 xmldom: XML node injection through unvalidated comment serialization

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package allows attacker-controlled comment content to be serialized into XML without validating or...

8.7CVSS0.00365EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/05/06 9:34 p.m.12 views

Flight has reflected XSS through an unvalidated JSONP callback in Flight::jsonp()

Summary Flight::jsonp concatenates the ?jsonp= query parameter directly into an application/javascript response body without validating that the value is a legal JavaScript identifier. An attacker can inject arbitrary JavaScript that executes in the response origin, enabling reflected cross-site...

8.6CVSS5.9AI score0.00341EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/06 6:13 p.m.34 views

CVE-2026-7997

Insufficient validation of untrusted input in Updater in Google Chrome on Mac prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. Chromium security severity: Low...

0.0008EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/06 12:30 p.m.7 views

EUVD-2025-209669

HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability. A flaw in a component's input handling was identified that could permit unauthorized command execution...

8.8CVSS5.8AI score0.00247EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/06 11:47 a.m.9 views

CVE-2025-31951

HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability. A flaw in a component's input handling was identified that could permit unauthorized command execution...

8.8CVSS5.8AI score0.00247EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/06 11:47 a.m.36 views

CVE-2025-31951 HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability

HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability. A flaw in a component's input handling was identified that could permit unauthorized command execution...

8.8CVSS0.00247EPSS
Exploits0References1
Veracode
Veracode
added 2026/05/06 7:27 a.m.13 views

Conversation Isolation Bypass

Spring AI is vulnerable to conversation isolation bypass. The vulnerability is due to insufficient validation of user-supplied input as a conversationId, where an attacker can inject filter logic through conversationId and exfiltrate sensitive memory from other users’ chat histories, including...

5.9CVSS5.8AI score0.00233EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/04 10:4 p.m.3 views

GHSA-75XQ-5H9V-W6PX net-imap vulnerable to command Injection via unvalidated Symbol inputs

Summary Symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via Symbol arguments passed to IMAP commands. Details Symbol arguments represent IMAP "system flags", which are formatted as "atoms" with no quoting with a "" prefix. Vulnerable versions of Net::IMAP...

5.8CVSS5.9AI score0.00685EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2026/05/04 8:50 p.m.9 views

CI4MS Vulnerable to Arbitrary Database Table Drop via Theme deleteProcess

Summary The deleteProcess action accepts a POST parameter tables containing arbitrary table names. These are passed directly to $forge-dropTable without validating that the tables belong to the theme being deleted. The deleteConfirm view correctly populates tables from the theme's own migration...

6.9CVSS5.9AI score0.00344EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/05/04 6:29 p.m.13 views

CVE-2026-25863

Vulnerability summary (CVE-2026-25863): The WordPress plugin “Conditional Fields for Contact Form 7” (CF7 Conditional Fields), affected up to version 2.6.7, contains an uncontrolled resource consumption issue in Wpcf7cfMailParser.hide_hidden_mail_fields_regex_callback(). The method reads an itera...

8.7CVSS5.9AI score0.00435EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/04 6:29 p.m.9 views

EUVD-2026-27083

Conditional Fields for Contact Form 7 WordPress plugin through version 2.6.7 contains an uncontrolled resource consumption vulnerability in the Wpcf7cfMailParser class where the hidehiddenmailfieldsregexcallback method reads an iteration count directly from user-supplied POST parameters without...

8.7CVSS5.9AI score0.00435EPSS
Exploits0References2
CVE
CVE
added 2026/05/04 5:53 p.m.14 views

CVE-2026-42146

CVE-2026-42146 affects the CImg Library (C++) where the nb_colors field read from BMP headers is used to compute an allocation size without validating against the remaining file size, enabling an out-of-memory condition when loading crafted untrusted BMPs. A patch (commit c3aacf5) fixes the issue...

5.5CVSS5.7AI score0.00119EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.15 views

PT-2026-36894

Conditional Fields for Contact Form 7 WordPress plugin through version 2.6.7 contains an uncontrolled resource consumption vulnerability in the Wpcf7cfMailParser class where the hide hidden mail fields regex callback method reads an iteration count directly from user-supplied POST parameters...

8.7CVSS5.9AI score0.00435EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.9 views

WordPress plugin Conditional Fields for Contact Form 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

8.7CVSS5.9AI score0.00435EPSS
Exploits0References3
OSV
OSV
added 2026/04/29 10:26 p.m.4 views

GHSA-JFGF-83C5-2C4M i18next-http-middleware has path traversal / SSRF via user-controlled language and namespace parameters

Summary Versions of i18next-http-middleware prior to 3.9.3 pass the user-controlled lng and ns values from getResourcesHandler directly into i18next.services.backendConnector.loadlanguages, namespaces, … without any sanitisation. Depending on which backend is configured, the unvalidated path...

8.2CVSS5.9AI score0.00387EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/29 9:10 p.m.4 views

SQL Injection

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to SQL Injection via the row:search and row:get operations in the SeaTable node when user-controlled input is passed through expressions into the searchTerm or rowId parameters. An attacker can access...

8.8CVSS5.9AI score0.00342EPSS
Exploits0References2
Rows per page
Query Builder