Lucene search
+L

1999 matches found

CVE
CVE
added yesterday42 views

CVE-2026-45799

The CVE-2026-45799 issue affects com.squareup.wire:wire-runtime (and related artifacts) where ByteArrayProtoReader32.skipGroup() and ProtoReader.skipGroup() fail to reject negative LENGTH_DELIMITED lengths before skip(). A crafted protobuf varint of -128 can drive the internal position negative, ...

7.5CVSS5.3AI score0.00055EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added yesterday5 views

Prompty: Arbitrary file read via file reference expansion

Summary Prompty loaders expanded $file:... references in .prompty frontmatter without enforcing that the resolved path stayed within an authorized directory. An attacker-controlled prompt file could use path traversal or an absolute path to cause the host application to read files accessible to t...

7.5CVSS5.2AI score0.01057EPSS
Exploits0References4Affected Software3
EUVD
EUVD
added yesterday7 views

EUVD-2026-44940

Prompty: Arbitrary file read via file reference expansion...

7.5CVSS5.2AI score0.01057EPSS
Exploits0References3
NVD
NVD
added 2 days ago8 views

CVE-2026-44180

Jupyter Enterprise Gateway launches remote Jupyter Notebook kernels across distributed clusters like Apache Spark, Kubernetes, and Docker Swarm. Versions 2.0.0rc1 and above prior to 3.3.0 have a prohibited UID and GID feature that by default prevents launching kernels with UID or GID 0 root, and...

9.8CVSS0.00463EPSS
Exploits0References2
NVD
NVD
added 2 days ago7 views

CVE-2026-54728

bunkerweb is an Open-source and next-generation Web Application Firewall WAF. Prior to BunkerWeb 1.6.12 and BunkerWeb PRO 0.57, authenticated Host header handling in the BunkerWeb UI and API improperly validated and neutralized user-controlled input in a configuration-dependent path, allowing a...

6.1CVSS0.00237EPSS
Exploits0References3
NVD
NVD
added 2 days ago5 views

CVE-2026-47751

Claude Code Action is a general-purpose GitHub action that runs Claude Code on GitHub pull requests and issues. Prior to 1.0.74, because the action checked out attacker-controlled pull request head branches, read .mcp.json from the working directory via default setting sources, and unconditionall...

5.3CVSS0.00426EPSS
Exploits0References4
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-44969

The Janssen Project is an open-source identity and access management IAM platform. Prior to 2.0.0, jans-auth-server accepts unsigned JWE request objects because JwtAuthorizationRequest skips inner signature validation when jwe.getSignedJWTPayload returns null, and...

5.3CVSS6.1AI score0.00159EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-46621

Yamcs is a mission control framework. Prior to 5.12.7, the Yamcs script evaluation engine for Python algorithms dynamically compiled and evaluated user-controlled algorithm text using Jython through the JSR-223 ScriptEngine API without enforcing a secure sandbox, so an authenticated user with the...

9.1CVSS6.6AI score0.0074EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2 days ago5 views

CVE-2026-59860

Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.3, Kiota is affected by a code-generation injection vulnerability in the C XML documentation-comment sink the description, externalDocs label, and externalDocs link fields emitted as /// … comments. When text from an OpenAPI...

8.7CVSS0.01016EPSS
Exploits0References4
OSV
OSV
added 2 days ago4 views

CVE-2026-53598 Prompty: Arbitrary File Read via ${file:path} Reference Expansion

Prompty is a markdown file format .prompty for LLM prompts. Prior to 2.0.0-beta.2, Prompty loaders expanded $file:... references in .prompty frontmatter without enforcing that resolved paths stayed within the prompt directory or allowed roots, allowing an attacker-controlled prompt file to read...

7.5CVSS6.1AI score0.01057EPSS
Exploits0References4
OSV
OSV
added 2 days ago4 views

CVE-2025-71388 stoatchat 20241213-1 Webhook Token Disclosure via Read Permissions

stoatchat delta/Revolt versions from 20241213-1 before 20250210-1 allow users with only ViewChannel read permission on a channel to fetch that channel's webhooks, including their tokens, because the webhook fetch endpoint checked for ViewChannel instead of ManageWebhooks. Using a retrieved token,...

7.6CVSS6.2AI score0.00275EPSS
Exploits0References5
OSV
OSV
added 3 days ago3 views

CVE-2026-56679 9Router: Mass assignment in PATCH /api/settings allows authenticated authorization downgrade

9Router is an AI router & token saver. Prior to 0.5.4, the PATCH /api/settings endpoint writes the entire request body to persistent settings without a field whitelist, allowing an authenticated user to set security-critical fields such as requireLogin and disable authentication for the whole...

8.7CVSS6.1AI score0.00324EPSS
Exploits0References3
OSV
OSV
added 3 days ago3 views

CVE-2026-55410 NocoBase backup restore schema name allows command injection

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to 2.1.19, NocoBase @nocobase/plugin-backups restored PostgreSQL backups by interpolating the database.schema value from metadata.json into shell command strings executed with...

6.7CVSS6.2AI score0.0037EPSS
Exploits0References5
NVD
NVD
added 3 days ago6 views

CVE-2026-45737

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From 3.2.0 until 3.2.12, 3.3.10, and 3.4.2, Argo CD ServerSideDiff can expose Kubernetes Secret values embedded in the kubectl.kubernetes.io/last-applied-configuration annotation because HideSecretDatatarget, live, ... does...

6.3CVSS0.00277EPSS
Exploits0References8
OSV
OSV
added 3 days ago3 views

CVE-2026-56743 Cilium may unexpectedly allow ingress traffic from the local namespace when a Kubernetes NetworkPolicy is configured with an ipBlock match

Cilium is a networking, observability, and security solution. From 1.19.0 to 1.19.4, standard Kubernetes NetworkPolicy specifications using CIDR-based ipBlock rules without pod or namespace selectors erroneously generate a wildcard namespace allow rule when Cilium is configured with a custom...

5.4CVSS6.1AI score0.00158EPSS
Exploits0References8
CVE
CVE
added 3 days ago14 views

CVE-2026-62948

OpenWrt odhcpd/LuCI vulnerability CVE-2026-62948: Before 25.12.5, the DHCPv6 client FQDN option 39 hostname is written into /tmp/odhcpd.leases without escaping, allowing newline injection of forged lease lines. LuCI displays these lines in the Active DHCPv6 Leases page via rpcd-mod-luci getDHCPLe...

9.6CVSS6.1AI score0.00314EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 3 days ago15 views

CVE-2026-45793

Composer is a dependency Manager for the PHP language. Prior to 1.10.28, 2.2.28, and 2.9.8, Composer\IO\BaseIO::loadConfiguration validates GitHub OAuth tokens with the regex ^.A-Za-z0-9+$ and interpolates rejected tokens into an UnexpectedValueException; GitHub Actions GITHUBTOKEN values using t...

7.5CVSS6.1AI score0.00519EPSS
Exploits0
OSV
OSV
added 3 days ago5 views

CVE-2026-55242 ERPNext: Server-Side Template Injection (SSTI) in Batch autonaming via Stock Settings.naming_series_prefix

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.111.0 and 16.22.0, an authenticated user with a standard operational role can trigger server-side template injection through a configuration field, resulting in unauthorized disclosure of data outside the user's norm...

8.8CVSS6.1AI score0.00136EPSS
Exploits0References3
OSV
OSV
added 4 days ago4 views

CVE-2026-49981 Twig: Sandbox filter, tag and function allow-list bypass when sandbox state changes between renders for a cached `Template`

Twig is a template language for PHP. Prior to 3.27.0, the per-template filter, tag, and function allow-list verdict is computed when a Template instance is constructed and can remain cached after sandbox state changes between renders, allowing a later sandboxed render to reuse a template that was...

6CVSS6.1AI score0.00362EPSS
Exploits0References5
CVE
CVE
added 4 days ago36 views

CVE-2026-46638

Twig pre-3.26.0 allowed a cached template to bypass SecurityPolicy::checkSecurity() via {% sandbox %}{% include %} without re-checking; the issue is fixed in 3.26.0. Debian advisories extend the fix to 3.27.0 for the stable release. Affected software: Twig PHP template engine; vulnerability invol...

8.1CVSS6.1AI score0.00265EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder