Lucene search
K

4492 matches found

Nuclei
Nuclei
added 15 hours ago18 views

Milvus - Unauthenticated Metrics API Access

Milvus 2.5.27 and 2.6.10 contains an authentication bypass caused by weak default token and unauthenticated REST API on TCP port 9091, letting attackers perform arbitrary expression evaluation and data manipulation, exploit requires network access to port 9091. id: CVE-2026-26190 info: name: Milv...

9.8CVSS6.2AI score0.34346EPSS
Exploits1References3
Nuclei
Nuclei
added 15 hours ago50 views

Apache Tomcat - HTTP Request Smuggling

Apache Tomcat from versions 8.5.0 to 8.5.93, 9.0.0-M1 to 9.0.81, 10.1.0-M1 to 10.1.13, and 11.0.0-M1 to 11.0.0-M11 contain an improper input validation caused by incorrect parsing of HTTP trailer headers, letting attackers craft headers to cause request smuggling, exploit requires sending malicio...

5.3CVSS6.7AI score0.05848EPSS
Exploits2References3
Nuclei
Nuclei
added 15 hours ago30 views

Mlflow < 2.17.0 - Local File Inclusion

Mlflow before 2.17.0 is susceptible to local file inclusion due to path traversal in GitHub repository mlflow/mlflow. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2024-8859...

7.5CVSS7AI score0.02484EPSS
Exploits1References3
OSV
OSV
added yesterday3 views

CVE-2026-58065 Apache Airflow Git provider: Git provider hook defaults to StrictHostKeyChecking=no, disabling SSH host-key verification

The Apache Airflow Git provider runs its git-over-SSH operations with StrictHostKeyChecking=no by default, disabling SSH host-key verification. An attacker who can intercept the network path between an Airflow worker and the Git server can impersonate the server man-in-the-middle, capturing the S...

8.1CVSS6.1AI score
Exploits0References5
RedhatCVE
RedhatCVE
added yesterday9 views

CVE-2026-62147

The Tempo Operator's gateway component failed to consistently apply namespace-scoped redaction on some query API response paths when query RBAC was enabled, allowing an authenticated user to read span attributes belonging to other tenants' namespaces. Mitigation There is no mitigation or workarou...

6.5CVSS6.1AI score
Exploits0References3
Snyk
Snyk
added 4 days ago4 views

Protection Mechanism Failure

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

6.9CVSS6.1AI score0.0022EPSS
Exploits0References2
Nuclei
Nuclei
added 4 days ago16 views

Roxy-WI < 6.1.1.0 - Remote Code Execution

Roxy-WI before 6.1.1.0 is susceptible to remote code execution. System commands can be run remotely via the subprocessexecute function without processing the inputs received from the user in the /app/options.py file. id: CVE-2022-31137 info: name: Roxy-WI 6.1.1.0 - Remote Code Execution author:...

10CVSS7.6AI score0.90387EPSS
Exploits15References4
Snyk
Snyk
added 6 days ago6 views

Uncaught Exception

Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Uncaught Exception in the WebSocket listener routing, which dispatches requests for the...

8.2CVSS6.1AI score0.00593EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Uncaught Exception

Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Uncaught Exception in the WebSocket listener routing, which dispatches requests for the...

8.2CVSS6.1AI score0.00593EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-15067 Multiple Security Vulnerabilities in Terraform Provider for Snowflake Could Allow Privilege Escalation and Unauthorized Snowflake Account Takeover

Snowflake Terraform Provider versions prior to 2.18.0 contain several security vulnerabilities, including SQL injection via an unsanitized data source input could result in arbitrary SQL execution under the provider's privileged Snowflake session, potentially enabling sensitive data exfiltration...

8.8CVSS0.00371EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-42284

Snowflake Terraform Provider versions prior to 2.18.0 contain several security vulnerabilities, including SQL injection via an unsanitized data source input could result in arbitrary SQL execution under the provider's privileged Snowflake session, potentially enabling sensitive data exfiltration...

8.8CVSS6.2AI score0.00371EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 6 days ago7 views

PT-2026-56390

Name of the Vulnerable Software and Affected Versions libXfont2 versions prior to 2.0.8 Description A heap bufferflow occurs in the pcfReadFont function due to missing glyph bounds checking. This allows an authenticated X client to execute arbitrary code within the X server. Recommendations Updat...

8.5CVSS6.3AI score0.00529EPSS
Exploits0References19
NVD
NVD
added last week7 views

CVE-2026-55076

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, Coder's OIDC callback checked emailverified with a direct Go bool type assertion. When an IdP returned the claim as a non-boolean for example the string...

7.4CVSS0.00479EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/07/07 10:23 p.m.6 views

CVE-2026-55076

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, Coder's OIDC callback checked emailverified with a direct Go bool type assertion. When an IdP returned the claim as a non-boolean for example the string...

7.4CVSS6AI score0.00479EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/07/07 10:23 p.m.7 views

CVE-2026-55076 Coder's OIDC email_verified type coercion bypass enables account takeover via unverified email linking

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, Coder's OIDC callback checked emailverified with a direct Go bool type assertion. When an IdP returned the claim as a non-boolean for example the string...

7.4CVSS6AI score0.00479EPSS
Exploits0References9
Debian
Debian
added 2026/07/07 8:59 p.m.8 views

[SECURITY] [DSA 6383-1] imagemagick security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6383-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 07, 2026 https://www.debian.org/security/faq -...

9.1CVSS6.4AI score0.00284EPSS
Exploits1
Nuclei
Nuclei
added 2026/07/07 4:50 p.m.107 views

XWiki Platform - Remote Code Execution

Any guest can perform arbitrary remote code execution through a request to SolrSearch. This impacts the confidentiality, integrity, and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 15.10.11, 16.4.1, and 16.5.0RC1. id: CVE-2025-24893 info: name: XWiki...

9.8CVSS7.9AI score0.99898EPSS
Exploits51References2
OSV
OSV
added 2026/07/07 9:17 a.m.3 views

CVE-2026-48891 Apache Airflow: /ui/dependencies scheduling graph leaks unreadable Dag identifiers via trigger/sensor dep.source/dep.target

A bug in Apache Airflow's /ui/dependencies scheduling graph endpoint applied the caller's readable-Dag filter to the top-level serialized Dag key but still emitted referenced Dag IDs through the dep.source and dep.target fields of trigger / sensor dependency entries. An authenticated UI user with...

4.3CVSS6AI score0.00636EPSS
Exploits0References6
NOZOMI
NOZOMI
added 2026/07/07 12:0 a.m.4 views

Open Redirect in SAML Single Sign-On in Guardian/CMC before 26.2.0

Summary An Open Redirect vulnerability was discovered in the SAML Single Sign-On functionality due to insufficient validation of a user-controlled redirection parameter. Impact An unauthenticated attacker can craft a request to the SAML sign-in endpoint and poison the cached SAML redirection for...

7.1CVSS5.9AI score0.00167EPSS
Exploits0Affected Software2
OSV
OSV
added 2026/07/06 4:18 p.m.5 views

BIT-TOMCAT-2026-53404 Apache Tomcat: Bad ornext processing in RewriteValve

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant that if the first condition in an OR chain matched, subsequent non-OR conditions were skipped. This issue affects Apache Tomcat: from 11.0.0 through 11.0.22, from 10.1.0 through 10.1.55, from 9.0.0...

7.3CVSS5.9AI score0.00413EPSS
Exploits0References3
Rows per page
Query Builder