Lucene search
K

135 matches found

EUVD
EUVD
added 2 days ago6 views

EUVD-2026-40112

Unauthenticated Insecure Direct Object References IDOR in Colissimo Officiel : Méthodes de livraison pour WooCommerce = 2.9.0 versions...

6.5CVSS5.8AI score0.00258EPSS
Exploits0References1
CVE
CVE
added last week9 views

CVE-2026-55583

Twenty, before version 2.9.0, is affected by a cross-workspace insecure direct object reference in the AI agent monitor’s Resolver (agent-turn.resolver.ts). The query paths agentTurns(agentId) and evaluateAgentTurn(turnId) retrieved rows by agentId or id without restricting workspaceId, and guard...

7.6CVSS5.9AI score0.00191EPSS
Exploits0References1
Patchstack
Patchstack
added last week4 views

WordPress ListingPro theme <= 2.9.11 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Theme ListingPro versions = 2.9.11...

6.5CVSS5.8AI score0.00211EPSS
Exploits0Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Ansible

A flaw was discovered in Ansible Engine when using Ansible Vault to edit encrypted files. When a user executes “ansible-vault edit”, another user on the same computer can read the old and new secrets. This occurs because the secrets are created in a temporary file using mkstemp, and after the fil...

4.7CVSS6.6AI score0.00374EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in freerdp2

FreeRDP is a free remote desktop protocol library and client. Versions of FreeRDP affected by this issue lack input length validation in the “drive” channel. A malicious server can trick a FreeRDP-based client into reading out-of-bound data and sending it back to the server. This issue has been...

4.6CVSS5.9AI score0.00719EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.7 views

EUVD-2026-37624

Unauthenticated Cross Site Scripting XSS in WPFunnels Pro = 2.9.4 versions...

7.1CVSS5.1AI score0.00186EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 8:19 p.m.9 views

EUVD-2026-36899

Unauthenticated Sensitive Data Exposure in Affiliates Manager = 2.9.50 versions...

7.5CVSS5.2AI score0.00238EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 4:17 a.m.8 views

CVE-2026-26237

A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions. We have already fixed the vulnerability in the following version: QuMagie 2.9.0 and later...

8.7CVSS0.00322EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 6:20 a.m.8 views

CVE-2026-44083 QuMagie

An authorization bypass through user-controlled key vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to gain unintended privileges. We have already fixed the vulnerability in the following version: QuMagie 2.9.1 and later...

8.7CVSS5.5AI score0.0046EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 4:6 a.m.8 views

CVE-2026-26236 QuMagie

A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions. We have already fixed the vulnerability in the following version: QuMagie 2.9.0 and later...

8.7CVSS5.5AI score0.00322EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/26 8:16 p.m.7 views

CVE-2026-44847

MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.0, MaxKB's webhook trigger endpoint /api/trigger/v1/webhook/triggerid is accessible without authentication. The WebhookAuth class unconditionally returns None, , which Django REST Framework interprets as successful authentication...

7.5CVSS5.9AI score0.00271EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/26 8:16 p.m.35 views

CVE-2026-44847 MaxKB: Webhook Trigger Authentication Bypass

MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.0, MaxKB's webhook trigger endpoint /api/trigger/v1/webhook/triggerid is accessible without authentication. The WebhookAuth class unconditionally returns None, , which Django REST Framework interprets as successful authentication...

7.5CVSS0.00271EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/26 8:14 p.m.35 views

CVE-2026-45412 MaxKB: Unauthenticated SSRF via Workflow Template Import

MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, SSRF via workflowtemplate Import. Authenticated users can supply arbitrary URLs in workflowtemplate.downloadUrl which are fetched server-side without any URL validation or internal IP filtering. This vulnerability is fixed in...

6.3CVSS0.00207EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/26 8:14 p.m.6 views

CVE-2026-45412

MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, SSRF via workflowtemplate Import. Authenticated users can supply arbitrary URLs in workflowtemplate.downloadUrl which are fetched server-side without any URL validation or internal IP filtering. This vulnerability is fixed in...

6.3CVSS5.9AI score0.00207EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.15 views

PT-2026-43406

MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, user passwords are stored using unsalted MD5 hashes, making them trivially crackable via rainbow tables or GPU-accelerated brute force hashcat. This vulnerability is fixed in 2.9.1...

6.9CVSS5.8AI score0.00083EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/19 7:44 a.m.16 views

Important: Red Hat Security Advisory: Assisted Installer RHEL 9 components for Multicluster Engine for Kubernetes 2.9.4

Assisted installer RHEL 9 components for the multicluster engine for Kubernetes 2.9.4 General Availability release, with updates to container images. Assisted Installer RHEL 9 integrates components for the general multicluster engine for Kubernetes 2.9.4 release that simplify the process of...

9.1CVSS6.8AI score0.01557EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/05/18 3:35 p.m.15 views

eduMFA: Unauthenticated Failcounter Increment on Resolver Tokens via /validate/check

Impact If the resolver parameter is passed, but the user does not exist, all failcounters of tokens in that resolver will be increased. Patches This, along with other issues, was fixed in eduMFA v2.9.1. Workarounds Limiting access to /validate/check to client applications i.e. Shibboleth/FreeRADI...

5.7AI score
Exploits0References2Affected Software1
NVD
NVD
added 2026/05/12 6:17 p.m.13 views

CVE-2026-44183

Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, TrustedNetworkAuthenticationHandler.ResolveClientIp parses the leftmost entry of the X-Forwarded-For header as the client IP. That entr...

9.8CVSS0.00222EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 5:33 p.m.33 views

CVE-2026-44184 Cleanuparr: Reflective CORS combined with trusted-network auth allows cross-origin admin API reads

Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, Cleanuparr's global CORS policy reflects every request Origin and combines it with AllowCredentials. When DisableAuthForLocalAddresses ...

8CVSS0.0012EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.9 views

Unity Linux 20.1060e / 20.1070e Security Update: libxml2 (UTSA-2026-017422)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017422 advisory. A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an...

5.9CVSS6.7AI score0.03503EPSS
Exploits0References4
Rows per page
Query Builder