Lucene search
K

3367 matches found

Nuclei
Nuclei
added 10 hours ago17 views

WeGIA <= 3.6.4 - Remote Code Execution

WeGIA = 3.6.5 contains a remote code execution caused by improper validation of backup file names in the database restoration functionality, letting attackers with administrative access execute arbitrary OS commands id: CVE-2026-28409 info: name: WeGIA = 3.6.4 - Remote Code Execution author:...

10CVSS6.6AI score0.03315EPSS
Exploits1References3
Nuclei
Nuclei
added 10 hours ago21 views

Masteriyo LMS <= 1.7.2 - Unauthenticated Privilege Escalation

The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the updateloggedinuser function in all versions up to, and including, 1.7.2. This makes it possible for unauthenticated attackers t...

9.8CVSS7AI score0.02112EPSS
Exploits0References4
Nuclei
Nuclei
added 10 hours ago51 views

Mail Mint < 1.19.5 - Unauthenticated Email Disclosure

Mail Mint WordPress plugin 1.19.5 contains an information disclosure vulnerability caused by lack of authorization in a REST API endpoint, letting unauthenticated users retrieve email addresses of blog users, exploit requires no authentication. id: CVE-2026-2025 info: name: Mail Mint 1.19.5 -...

7.5CVSS6.1AI score0.01379EPSS
Exploits0References3
Nuclei
Nuclei
added 10 hours ago37 views

Broadstreet WordPress plugin - Reflected XSS

Broadstreet WordPress plugin 1.51.8 contains a reflected XSS caused by unsanitised and unescaped parameter output, letting attackers execute scripts against high privilege users such as admin, exploit requires victim interaction. id: CVE-2025-4652 info: name: Broadstreet WordPress plugin -...

6.1CVSS6.1AI score0.00468EPSS
Exploits1References1
CVE
CVE
added 14 hours ago10 views

CVE-2026-15516

Technical details are not publicly available in the provided documents. Monitor for updates on CVE-2026-15516 for affected versions, impact, and remediation.

6.3CVSS5.8AI score
Exploits0References6
CVE
CVE
added yesterday12 views

CVE-2026-15475

Summary: CVE-2026-15475 affects MiniTool Partition Wizard (up to v13.6), specifically the Signed Kernel Driver pwdrvio.sys. A manipulation of an unknown function in pwdrvio.sys leads to improper access controls. The attack is local. Publicly available exploit suggests potential use in attacks. A ...

5.3CVSS5.7AI score0.00105EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 3 days ago6 views

CVE-2026-59180

A flaw was found in Apprise, an open-source library for sending notifications. HTTP-based notification plugins and HTTP attachment and configuration loaders in Apprise, prior to version 1.11.0, automatically follow HTTP redirects. During these redirects, user-configured authentication headers and...

3.1CVSS6.1AI score0.00195EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 3 days ago5 views

CVE-2026-55170

A flaw was found in OpenFGA, an authorization/permission engine. When using MySQL as the datastore, and authorization decisions depend on case-sensitive user strings, the system may incorrectly treat case-distinct values e.g., 'user:Alice' and 'user:alice' as equivalent. This can lead to improper...

5.4CVSS6AI score0.00341EPSS
Exploits0References8
NVD
NVD
added 3 days ago5 views

CVE-2026-40009

Improper Privilege Management, Improper Access Control vulnerability in Apache IoTDB. Authenticated users can escalate to full tree-path access by renaming themselves to internalauditor. This issue affects Apache IoTDB: from 2.0.8 before 2.0.10. Users are recommended to upgrade to version 2.0.10,...

6.5CVSS0.00209EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 3 days ago6 views

CVE-2026-40454

Out-of-bounds Read, Improper Input Validation vulnerability in Apache IoTDB C++ client. Out-of-bounds reads in IoTDB C++ client TsBlock deserializer crash client process on malformed server data. This issue affects Apache IoTDB C++ client: from 1.3.5 before 1.3.8, from 2.0.5 before 2.0.10. Users...

7.5CVSS6.1AI score0.00278EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-15330 zhayujie CowAgent Vision Tool vision.py _download_to_data_url server-side request forgery

A vulnerability was determined in zhayujie CowAgent up to 2.1.1. Impacted is the function buildimagecontent/downloadtodataurl of the file agent/tools/vision/vision.py of the component Vision Tool. Executing a manipulation of the argument image can lead to server-side request forgery. The attack c...

7.5CVSS0.00352EPSS
Exploits0References9
NVD
NVD
added 6 days ago8 views

CVE-2026-14904

AWS Research and Engineering Studio RES is an open-source solution that enables researchers and engineers to create and manage secure virtual desktops and computing resources on AWS. Improper link resolution before file access issue CWE-59 in the Auth.GetUserPrivateKey API. An authenticated remot...

7.1CVSS0.00381EPSS
Exploits0References2
OSV
OSV
added 6 days ago5 views

PYSEC-2026-1145 Apache Airflow Common SQL Provider Vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Airflow Common SQL Provider. When using the partition clause in SQLTableCheckOperator as parameter which was a recommended pattern, Authenticated UI User could inject arbitrary SQL command...

8.8CVSS6.2AI score0.00833EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 6 days ago10 views

CVE-2026-49487

In Apache Airflow before 3.3.0, the REST API task-instance detail and list endpoints returned a deferred task's trigger kwargs without masking. When a deferred operator passed a secret for example a provider API key into its trigger, any authenticated user with DAG-scoped task-instance read acces...

6.5CVSS6AI score0.00664EPSS
Exploits0References3
NOZOMI
NOZOMI
added 6 days ago4 views

Missing authentication in SSH keys synchronization endpoint in Guardian/CMC before 26.2.0

Summary A Missing Authentication vulnerability was discovered in the SSH keys synchronization endpoint. Impact An unauthenticated attacker can send a request to the SSH keys synchronization endpoint and obtain the list of users that have uploaded their public SSH keys, their groups, and the...

6.9CVSS6AI score0.00235EPSS
Exploits0Affected Software2
Positive Technologies
Positive Technologies
added 6 days ago4 views

PT-2026-56298

Name of the Vulnerable Software and Affected Versions @better-auth/sso versions 0.1.0 through 1.6.10 @better-auth/sso versions 1.7.0-beta.x Description An SSRF flaw exists in the provider registration flow where OpenID Connect OIDC endpoint URLs are accepted without proper validation. When...

9.6CVSS6AI score0.00025EPSS
Exploits0References5
Snyk
Snyk
added last week5 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview langroid is a Harness LLMs with Multi-Agent Programming Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the handlemessage process. An attacker can execute arbitrary tool handlers by...

8.6CVSS6.1AI score0.00392EPSS
Exploits0References2
Snyk
Snyk
added last week5 views

Arbitrary Code Injection

Overview langroid is a Harness LLMs with Multi-Agent Programming Affected versions of this package are vulnerable to Arbitrary Code Injection in the eval process used by certain agent components when evaluating external input with fulleval=True. An attacker can execute arbitrary system commands b...

10CVSS6.2AI score0.00912EPSS
Exploits0References2
Snyk
Snyk
added last week5 views

SQL Injection

Overview langroid is a Harness LLMs with Multi-Agent Programming Affected versions of this package are vulnerable to SQL Injection through the SQLChatAgent process. An attacker can access arbitrary files on the server by crafting SQL queries that bypass the regex-based blocklist using quoted...

9.8CVSS6.2AI score0.00646EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:11 a.m.7 views

CVE-2026-49365

Generation of Error Message Containing Sensitive Information vulnerability in Apache Camel Netty HTTP component. The camel-netty-http HTTP server consumer exposes a muteException option that controls what is returned to the client when a route processing error occurs. This option defaulted to fal...

5.8AI score0.00363EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder