Lucene search
K

199 matches found

CVE
CVE
added yesterday8 views

CVE-2026-15522

The CVE-2026-15522 entry concerns the tugcantopaloglu godot-mcp package, version 2.0.0. Affected is the function validatePath in build/index.js (component run_project); manipulating the argument projectPath enables path traversal. Exploitation requires local access, and a public exploit has been ...

5.3CVSS5.9AI score0.00137EPSS
Exploits0References8
Cvelist
Cvelist
added 5 days ago26 views

CVE-2026-15192 mettle sendportal APIv1 Webhooks mailjet missing authentication

A vulnerability has been found in mettle sendportal up to 3.0.1. This issue affects the function sendgrid/postmark/postal/mailjet of the component APIv1 Webhooks. The manipulation leads to missing authentication. The attack is possible to be carried out remotely. The exploit has been disclosed to...

6.9CVSS0.00572EPSS
Exploits0References6
NVD
NVD
added 6 days ago9 views

CVE-2026-59928

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a Markdown document containing many repeated or distinct reference-link definitions causes quadratic work in src/mistune/blockparser.py and the reflinks environment dictionary handling, allowing denial of service...

7.5CVSS0.00366EPSS
Exploits1References3
EUVD
EUVD
added 2026/07/02 11:15 a.m.7 views

EUVD-2026-41302

Subscriber Broken Access Control in Booked = 3.0.0 versions...

7.1CVSS5.8AI score0.00235EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/26 4:30 p.m.7 views

CVE-2026-55686

Podman is a tool for managing OCI containers and pods. From 3.0.0 until 5.7.1, running a malicious container image where the WORKDIR path contains a symlink can create a directory or modify ownership on the host filesystem. Modified ownership is less likely to happen as that requires help from an...

5.3CVSS5.8AI score0.00317EPSS
Exploits1
NVD
NVD
added 2026/06/15 9:17 p.m.11 views

CVE-2026-52700

Subscriber SQL Injection in WCMultiShipping = 3.0.2 versions...

8.5CVSS0.0037EPSS
Exploits0References1
NVD
NVD
added 2026/06/11 2:16 p.m.16 views

CVE-2026-38581

SQL Injection vulnerability in damasac thaipalliativelte through version 3.0 allows remote attackers to execute arbitrary SQL commands via the idFormMain parameter to /substudy/ezform.php line 14 and the id parameter line 49. The parameters are concatenated directly into SQL queries without...

9.8CVSS0.00329EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/01 2:47 p.m.32 views

CVE-2026-42682 WordPress wpForo Forum plugin <= 3.0.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Tomdever wpForo Forum allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects wpForo Forum: from n/a through 3.0.6...

9.1CVSS0.00291EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 5:31 a.m.24 views

CVE-2026-8898

CVE-2026-8898 concerns the WordPress plugin Events In City with versions up to and including 3.0. The vulnerability is a Stored Cross-Site Scripting issue arising from insufficient input sanitization and output escaping in the org_event_scode() function, where user-supplied shortcode attributes (...

6.4CVSS6AI score0.00235EPSS
Exploits0References3
CVE
CVE
added 2026/05/25 2:58 p.m.32 views

CVE-2026-42782

CVE-2026-42782 affects Apache Syncope 3.0–3.0.16, 4.0–4.0.5, and 4.1.0, caused by improper isolation that lets an administrator with sufficient entitlements load a malicious Groovy class whose static initializer reaches a non-sandboxed execution path. Remediation is to upgrade to 4.0.6 or 4.1.1, ...

7.2CVSS6AI score0.00652EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/04/11 12:0 a.m.7 views

WordPress plugin wpForo Forum 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

7.1CVSS5.9AI score0.00499EPSS
Exploits0References10
OSV
OSV
added 2026/04/01 9:5 a.m.6 views

CLEANSTART-2026-EB74978 Security fixes for CVE-2020-8912, CVE-2025-61732, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, ghsa-9h8m-3fm2-qjrq, ghsa-p77j-4mvh-x3m3 applied in versions: 3.0.2-r0, 3.0.2-r1

Multiple security vulnerabilities affect the grafana-mimir package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS7.1AI score0.01557EPSS
Exploits3References19
NVD
NVD
added 2026/03/28 1:16 p.m.8 views

CVE-2026-4997

A security flaw has been discovered in Sinaptik AI PandasAI up to 3.0.0. This affects the function issqlquerysafe of the file pandasai/helpers/sqlsanitizer.py. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit has been released to the public an...

6.9CVSS0.0055EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/09 12:0 a.m.11 views

DoraCMS 路径遍历漏洞

DoraCMS is an open-source application developed by DoraCMS. It is a content management system built using Nodejs, eggjs, and MongoDB. Version 3.0.x of DoraCMS has a path traversal vulnerability. This vulnerability stems from incorrect operations on the createFileBypath function in the...

9.8CVSS6.6AI score0.00656EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/03/06 1:34 a.m.5 views

CVE-2026-26416

An authorization bypass vulnerability in Tata Consultancy Services Cognix Recon Client v3.0 allows authenticated users to escalate privileges across role boundaries via crafted requests...

8.8CVSS5.9AI score0.00384EPSS
Exploits0References1
CVE
CVE
added 2026/03/05 8:11 p.m.10 views

CVE-2026-28410

CVE-2026-28410 affects The Graph protocol. Prior to v3.0.0, token vesting contracts contained a flaw enabling early access to tokens that should remain locked; the issue has been patched in v3.0.0. Connected sources confirm affected versions are before 3.0.0 and indicate remediation via upgrade t...

8.1CVSS5.8AI score0.00228EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/03/05 7:16 p.m.21 views

CVE-2026-26417

A broken access control vulnerability in the password reset functionality of Tata Consultancy Services Cognix Recon Client v3.0 allows authenticated users to reset passwords of arbitrary user accounts via crafted requests...

8.1CVSS0.00274EPSS
Exploits0References2
NVD
NVD
added 2026/03/05 7:16 p.m.9 views

CVE-2026-26418

Missing authentication and authorization in the web API of Tata Consultancy Services Cognix Recon Client v3.0 allows remote attackers to access application functionality without restriction via the network...

7.5CVSS0.00411EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.9 views

Tata Consultancy Services Cognix Recon Client 安全漏洞

Tata Consultancy Services Cognix Recon Client is a financial reconciliation software developed by Tata Consultancy Services in India. Version 3.0 of Tata Consultancy Services Cognix Recon Client contains a security vulnerability. This vulnerability stems from the lack of authentication and...

7.5CVSS5.8AI score0.00411EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.11 views

Tata Consultancy Services Cognix Recon Client 安全漏洞

Tata Consultancy Services Cognix Recon Client is a financial reconciliation software developed by Tata Consultancy Services in India. Version 3.0 of Tata Consultancy Services Cognix Recon Client contains a security vulnerability. This vulnerability stems from an access control flaw in the passwor...

8.1CVSS5.8AI score0.00274EPSS
Exploits0References2
Rows per page
Query Builder