Lucene search
K

109389 matches found

CVE
CVE
added 2 hours ago5 views

CVE-2026-59084

CVE-2026-59084 is an insufficient technical documentation vulnerability in Apache Tomcat related to the EncryptInterceptor configuration. Affected branches include Tomcat 11.0.0-M1 through 11.0.23, 10.1.0-M1 through 10.1.56, 9.0.13 through 9.0.119, 8.5.38 through 8.5.100, and 7.0.100 through 7.0....

6.1AI score
Exploits0References1
CVE
CVE
added 2 hours ago8 views

CVE-2026-59083

Summary: CVE-2026-59083 affects Apache Tomcat due to an improper handling of URL encoding (hex encoding) in the RewriteValve , enabling a security constraint bypass under certain configurations. Affected versions: Tomcat 11.0.0-M1 through 11.0.23, 10.1.0-M1 through 10.1.56, 9.0.0.M1 through 9.0.1...

6.1AI score
Exploits0References1
CVE
CVE
added 7 hours ago10 views

CVE-2026-15628

The CVE-2026-15628 affects zhayujie chatgpt-on-wechat CowAgent ≤ 2.1.1, specifically the Vision Tool’s Vision._download_to_data_url function. A manipulation of the image argument enables server-side request forgery, allowing remote initiation of attacks. Exploitation is supported by public disclo...

6.5CVSS6.3AI score
Exploits0References8
EUVD
EUVD
added 9 hours ago4 views

EUVD-2026-43599

A flaw has been found in poco-ai poco-claw up to 0.5.4. Affected is the function getworkspacefile of the file executormanager/app/api/v1/workspace.py of the component Workspace API. Executing a manipulation of the argument userid can lead to authorization bypass. The attack may be launched...

6.9CVSS5.9AI score
Exploits0References8
IBM Security Bulletins
IBM Security Bulletins
added yesterday6 views

Security Bulletin: Vulnerability in follow-redirects bundled with IBM Fusion and IBM Fusion HCI

Summary IBM Fusion and IBM Fusion HCI include the follow-redirects library, which is affected by an information exposure vulnerability. CVE-2026-40895 Vulnerability Details CVEID:CVE-2026-40895 DESCRIPTION: follow-redirects is an open source, drop-in replacement for Node's http and https modules...

7.5CVSS7AI score0.00486EPSS
Exploits0Affected Software2
CVE
CVE
added yesterday14 views

CVE-2026-59245

The CVE affects Apache Airflow FAB provider: FAB auth manager. A DAG with dag_id/DAGs collides with the global all-DAGs permission name produced by resource_name(), causing a per-DAG access_control grant on that DAG to silently confer the global all-DAGs permission. This yields privilege escalati...

8.1CVSS6.1AI score
Exploits0References3Affected Software1
EUVD
EUVD
added yesterday5 views

EUVD-2026-43500

In the Apache Airflow FAB auth manager, a DAG whose dagid is DAGs collided with the global all-DAGs permission resource name produced by resourcename, so a user granted per-DAG accesscontrol on that one DAG was silently granted the global all-DAGs permission privilege escalation. The escalation...

8.1CVSS6.1AI score
Exploits0References2
CVE
CVE
added yesterday13 views

CVE-2026-58065

The CVE affects the Apache Airflow Git provider when performing git-over-SSH operations with StrictHostKeyChecking=no, which disables SSH host-key verification and enables MITM risk between an Airflow worker and the Git server. Deployments that clone over SSH using a deploy key or involve the Git...

8.1CVSS6.1AI score
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-53538

A flaw was found in Python-Multipart, a tool used for processing web form data. A remote attacker could exploit a vulnerability where the software incorrectly interprets certain characters as separators in web form data. This difference in interpretation compared to standard web practices allows ...

4.8CVSS6.1AI score0.00176EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added yesterday9 views

CVE-2026-62147

The Tempo Operator's gateway component failed to consistently apply namespace-scoped redaction on some query API response paths when query RBAC was enabled, allowing an authenticated user to read span attributes belonging to other tenants' namespaces. Mitigation There is no mitigation or workarou...

6.5CVSS6.1AI score
Exploits0References3
NVD
NVD
added yesterday4 views

CVE-2026-49876

Authenticated SSRF in Gravitino JobManager allows server-side HTTP requests to internal network and cloud metadata endpoints via unvalidated job template URIs. A vulnerability in Apache Gravitino. This issue affects Apache Gravitino: from 1.0.0 through 1.2.1. Users are recommended to upgrade to...

6.5CVSS0.00204EPSS
Exploits0References2
NVD
NVD
added yesterday4 views

CVE-2026-41041

URL path injection via unencoded user-supplied identifiers vulnerability in Apache Gravitino. This issue affects Apache Gravitino: from 1.0.0 before 1.2.1. Users are recommended to upgrade to version 1.2.1, which fixes the issue...

9.1CVSS0.00214EPSS
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-43284

The User Registration & Membership WordPress plugin before 5.2.2 does not perform an authorization check on a membership-upgrade action and derives the user to modify from a caller-supplied identifier instead of the current user, allowing any authenticated user such as a subscriber to change...

8.1CVSS6.1AI score0.00132EPSS
Exploits0References2
Cvelist
Cvelist
added yesterday17 views

CVE-2026-41041 Apache Gravitino: URL path injection via unencoded user-supplied identifiers in MCP REST client f-string URL construction, enabling path traversal to unintended API endpoints.

URL path injection via unencoded user-supplied identifiers vulnerability in Apache Gravitino. This issue affects Apache Gravitino: from 1.0.0 before 1.2.1. Users are recommended to upgrade to version 1.2.1, which fixes the issue...

0.00214EPSS
Exploits0References1
CVE
CVE
added yesterday9 views

CVE-2026-49876

CVE-2026-49876 describes an authenticated SSRF in the Gravitino JobManager. The issue allows server-side HTTP requests to internal networks and cloud metadata endpoints via unvalidated job template URIs. Affected software: Apache Gravitino 1.0.0 through 1.2.1. Impact is tied to the ability to rea...

6.5CVSS6.1AI score0.00204EPSS
Exploits0References2Affected Software1
NVD
NVD
added yesterday5 views

CVE-2026-11963

The User Registration & Membership WordPress plugin before 5.2.2 does not perform an authorization check on a membership-upgrade action and derives the user to modify from a caller-supplied identifier instead of the current user, allowing any authenticated user such as a subscriber to change...

8.1CVSS0.00132EPSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-11963

Affected product: WordPress plugin “User Registration & Membership” (before 5.2.2). Vulnerability: Missing authorization check on a membership-upgrade action; the target user is derived from a caller-supplied identifier rather than the current user, enabling any authenticated user (e.g., a subscr...

8.1CVSS6.1AI score0.00132EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday95 views

Apache ShenYu Admin JWT - Authentication Bypass

Apache ShenYu 2.3.0 and 2.4.0 allow Admin access without proper authentication. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. id: CVE-2021-37580 info: name: Apache ShenYu Admin JWT - Authentication Bypass author: pdteam severity: critical descriptio...

9.8CVSS7AI score0.40058EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday40 views

TileServer GL <=3.0.0 - Cross-Site Scripting

TileServer GL through 3.0.0 is vulnerable to reflected cross-site scripting via server.js because the content of the key GET parameter is reflected unsanitized in an HTTP response for the application's main page. id: CVE-2020-15500 info: name: TileServer GL =3.0.0 - Cross-Site Scripting author:...

6.1CVSS6.4AI score0.12224EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday75 views

Zabbix - SQL Injection

Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggleids array parameter in latest.php and perform SQL injection attacks. id: CVE-2016-10134 info: name: Zabbix - SQL Injection author: princechaddha severity: critical description: Zabbix...

9.8CVSS7.3AI score0.83284EPSS
Exploits24References5
Rows per page
Query Builder