Lucene search
K

5954 matches found

EUVD
EUVD
added 13 hours ago6 views

EUVD-2026-43317

A weakness has been identified in Shibby Tomato up to 1.28.0000. This affects the function sub2D048 of the component CIFS Mount Handler. Executing a manipulation of the argument cifs1/cifs2 can lead to os command injection. The attack can be executed remotely. The exploit has been made available ...

6.5CVSS6.4AI score
Exploits0References6
Nuclei
Nuclei
added 18 hours ago69 views

Dify User Enumeration via Observable Response Discrepancy

Dify is an open-source LLM app development platform. Prior to 1.9.0, responses from the Dify API to existing and non-existent accounts differ, allowing an attacker to enumerate email addresses registered with Dify. Version 1.9.0 fixes the issue. id: CVE-2026-28288 info: name: Dify User Enumeratio...

6.9CVSS6.1AI score0.00635EPSS
Exploits1References2
CVE
CVE
added yesterday12 views

CVE-2026-15494

AMTT Hotel Broadband Operation System 1.0 contains a SQL injection flaw in an unknown function of file manager/network/switch_status.php. Manipulating the argument ID remotely can lead to SQL injection. An exploit has been published and may be used; vendor contact occurred with no response. Docum...

5.8CVSS6AI score
Exploits0References5
NVD
NVD
added 3 days ago8 views

CVE-2026-55187

Mailpit is an email testing tool and API for developers. Prior to 1.30.2, the remediation shipped for CVE-2026-27808 is incomplete because the tools.IsInternalIP deny-list in internal/tools/net.go relies on Go's standard library classification helpers and does not block IPv6 transition mechanisms...

5.8CVSS0.00282EPSS
Exploits0References3
CVE
CVE
added 3 days ago8 views

CVE-2026-55641

9router (affected component: /v1 LLM proxy logic) had an unauthenticated bypass due to client-controlled Host header processing before version 0.5.2. This allowed a remote attacker to craft Host: localhost to bypass API-key checks, potentially enabling upstream provider calls with stored credenti...

8.2CVSS6.1AI score0.00246EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 3 days ago8 views

CVE-2026-55689

OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, when OpenFGA is configured to use OIDC authentication authn.method=oidc, authn.oidc.issuer set but authn.oidc.audience is left unset, the JWT audience claim on incoming bearer tokens is not validated. As a result...

6.8CVSS6.1AI score0.00298EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 4 days ago5 views

CVE-2026-54695

Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. Prior to 1.4.0, the pipecat development runner registers a /ws WebSocket endpoint for telephony testing that accepts connections without authentication, reads an attacker-supplied callSid...

7.5CVSS6AI score0.00327EPSS
Exploits1References6Affected Software1
RedHat Linux
RedHat Linux
added 4 days ago3 views

netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers

A flaw was found in Netty's HttpObjectDecoder. A remote attacker can exploit this by sending a specially crafted HTTP/1.0 request that includes both Transfer-Encoding: chunked and Content-Length headers. While Netty correctly strips the conflicting Content-Length header for HTTP/1.1 messages, thi...

9.8CVSS6.8AI score0.00607EPSS
Exploits1References5
NVD
NVD
added 5 days ago7 views

CVE-2026-15110

Use after free in Extensions in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: High...

8.8CVSS0.00154EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-59897 Hono: API Gateway v1 adapter can drop a distinct repeated request header value during de-duplication

Hono is a Web application framework that provides support for any JavaScript runtime. From 4.3.3 before 4.12.27, the AWS API Gateway v1 adapter can drop a distinct repeated request header value because it de-duplicates values using a substring comparison instead of an exact match, so middleware o...

4.8CVSS0.00126EPSS
Exploits0References3
Cvelist
Cvelist
added 5 days ago35 views

CVE-2026-59257 n8n - SQL Injection in MySQL v1 executeQuery Operation via Expression Interpolation

n8n before 1.123.61, 2.x before 2.27.4, and 2.28.x before 2.28.1 contains a SQL injection vulnerability in the legacy MySQL v1 node's executeQuery operation. The operation substitutes evaluated ... expression values directly into the raw SQL string without parameterization. When a workflow uses...

5.3CVSS0.00314EPSS
Exploits0References2
Patchstack
Patchstack
added 5 days ago4 views

WordPress Active Products Tables for WooCommerce plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by hhhai in WordPress Plugin Active Products Tables for WooCommerce versions = 1.1.0...

7.1CVSS6.1AI score
Exploits0Affected Software1
OSV
OSV
added 5 days ago6 views

RHSA-2026:36206 Red Hat Security Advisory: 389-ds:1.4 security update

Bulletin has no description...

8.8CVSS5.9AI score0.01038EPSS
Exploits0References12
NVD
NVD
added 5 days ago8 views

CVE-2026-14500

The Bulk Order Update for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 1.6. This is due to the bouwfetchcsvdata AJAX handler being registered on the wpajaxnopriv hook with no capability or nonce check, and passing the attacker-supplied...

5.3CVSS0.00333EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 6 days ago11 views

Important: Red Hat Security Advisory: 389-ds:1.4 security update

An update for the 389-ds:1.4 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Comm...

8.8CVSS6.2AI score0.0067EPSS
Exploits0References3
NVD
NVD
added 6 days ago8 views

CVE-2024-56141

Minosoft is an open-source, multi-version Minecraft Java Edition client written in Kotlin. Starting in commit f1ae30e2b046a490026a8413b075685deb795122, the CryptManager encryption routine CryptManager.kt initializes its AES cipher using an initialization vector IV that is set equal to the secret...

5CVSS0.00111EPSS
Exploits0References2
CVE
CVE
added 2026/07/06 8:59 p.m.14 views

CVE-2026-14468

Terraform Enterprise contains a vulnerability in its VCS ingestion of registry modules where the boundary on packaged module content was not correctly enforced. An authenticated user could include files from outside the intended repository content in a module and then download them, potentially e...

7.7CVSS6AI score0.00295EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/07/06 8:32 p.m.9 views

Dragonfly scheduler v1 and v2 gRPC unauthenticated SSRF via attacker-controlled PeerHost in DownloadTinyFile

Summary The Dragonfly scheduler's v1 gRPC service contains an unauthenticated Server-Side Request Forgery SSRF. When a peer reports a successful download of a TINY task, the scheduler calls Peer.DownloadTinyFile and issues an HTTP GET to a host and port taken verbatim from the attacker-controlled...

6.3AI score
Exploits0References11Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/05 4:30 p.m.14 views

CVE-2026-14764

A vulnerability has been found in code-projects Hotel and Tourism Reservation 1.0. This impacts an unknown function of the file /admin/addevent.php of the component Event Management Page. Such manipulation of the argument fdetails leads to sql injection. The attack can be launched remotely. The...

7.5CVSS6.8AI score0.00269EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.16 views

PT-2026-55761

Name of the Vulnerable Software and Affected Versions code-projects Internship Management System version 1.0 Description An issue exists in the Employer Login Endpoint within the file employer/login.php. The manipulation of the email and password arguments allows for SQL injection, which is a...

7.5CVSS7.1AI score0.00263EPSS
Exploits0References12
Rows per page
Query Builder