Lucene search
K

243 matches found

NVD
NVD
added yesterday9 views

CVE-2026-58166

OpenBMB ChatDev through 2.2.0, fixed in commit 4fd4da6, contains a path traversal vulnerability that allows unauthenticated remote attackers to write or delete arbitrary files by supplying a malicious multipart filename in the file upload endpoint. Attackers can send a crafted filename containing...

9.1CVSS
Exploits0References4
NVD
NVD
added 3 days ago10 views

CVE-2026-13491

A vulnerability was detected in 78 xiaozhi-esp32 up to 2.2.6. This vulnerability affects the function Application::GetInstance of the file main/protocols/mqttprotocol.cc of the component MQTT Goodbye Handler. Performing a manipulation of the argument sessionid results in denial of service. The...

6.3CVSS0.00411EPSS
Exploits0References8
CVE
CVE
added 3 days ago12 views

CVE-2026-13489

The CVE-2026-13489 entry describes a vulnerability in 78 xiaozhi-esp32

3.1CVSS5.1AI score0.00228EPSS
Exploits0References7
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Python-Werkzeug

Werkzeug is a comprehensive WSGI web application library. Browsers may allow “nameless” cookies that look like =value instead of key=value. A vulnerable browser may allow a compromised application on a neighboring subdomain to exploit this to set a cookie like =Host-test=bad for another subdomain...

3.5CVSS6.2AI score0.00507EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 2:16 p.m.12 views

CVE-2026-49111

Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allows Privilege Escalation. This issue affects Masteriyo - LMS: from n/a through 2.2.0...

8.8CVSS0.00238EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.12 views

PT-2026-49004

Name of the Vulnerable Software and Affected Versions Nezha Monitoring versions 1.0.0 through 2.1.x Description The getRedirectURL function in oauth2.go constructs the OAuth2 callback URL by concatenating the request's Host header with a fixed path without validating the Host header. This allows...

6.8CVSS5.2AI score0.00234EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/05 9:44 p.m.11 views

EUVD-2026-31860

Bugsink: Project scoping missing in sourcemap and debug-file lookup...

4.3CVSS5.4AI score0.00178EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/05 9:43 p.m.12 views

EUVD-2026-31862

Bugsink: Issue bulk actions can affect another project’s issue if its UUID is known...

3.1CVSS5.4AI score0.00147EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.7 views

PT-2026-49061

Summary In affected versions, Bugsink stores every tag supplied with an incoming event. An event with an unusually large number of custom i.e. supplied by an attacker tags can therefore make ingestion spend more time than intended writing tag rows. Bugsink uses a single-writer database...

4.3CVSS5.5AI score0.00056EPSS
Exploits0References4
CVE
CVE
added 2026/06/02 3:19 p.m.14 views

CVE-2026-33398

NamelessMC 2.2.4 is affected by an insecure access control in modules/Forum/pages/forum/get_quotes.php, which only checks that a caller is logged in and reads a post by an attacker-controlled post ID. The backend helper in modules/Forum/classes/Forum.php does not enforce forum or topic ACLs, allo...

7.1CVSS5.8AI score0.00225EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/02 7:48 a.m.37 views

CVE-2026-4071 BirdSeed <= 2.2.0 - Cross-Site Request Forgery via BirdSeed Token Change

The BirdSeed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing nonce validation in the birdseedpluginsettingspage function. The function processes the 'birdseedtoken' GET parameter and saves it to the database via...

4.3CVSS0.00131EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/28 9:29 p.m.16 views

Important: Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.28.0 Release.

Red Hat OpenShift Dev Spaces 3.28.0 has been released. Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development. The 3.28 release is based on...

10CVSS7AI score0.0115EPSS
Exploits20References41
CVE
CVE
added 2026/05/27 9:49 a.m.18 views

CVE-2026-42729

CVE-2026-42729 documents a DOM-based Cross-Site Scripting (XSS) vulnerability in the WordPress PropertyHive plugin, specifically in versions &lt;= 2.2.2. The root cause is described as improper neutralization of input during web page generation. Affected product: PropertyHive (WordPress plugin); ...

7.1CVSS5.8AI score0.00175EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/18 5:31 a.m.6 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the UERadioCapabilityCheckResponse function in the dispatcher.go file. An attacker can cause a denial of service by sending specially crafted remote requests that trigger a null pointer dereference...

5.3CVSS5.8AI score0.00398EPSS
Exploits0References2
NVD
NVD
added 2026/05/18 4:16 a.m.34 views

CVE-2026-8783

A security vulnerability has been detected in omec-project amf up to 2.1.3-dev. This impacts the function UERadioCapabilityCheckResponse of the file ngap/dispatcher.go. Such manipulation leads to null pointer dereference. The attack can be executed remotely. The exploit has been disclosed publicl...

5.3CVSS0.00398EPSS
Exploits0References7
Snyk
Snyk
added 2026/05/18 3:47 a.m.7 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the file ngap/handler.go of the component NGAP Message Handler. This manipulation causes null pointer dereference. Remote exploitation of the attack is possible. The exploit has been made available to the...

5.3CVSS5.4AI score0.00303EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 3:45 a.m.6 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the function RANConfiguration of the file ngap/handler.go. The manipulation results in null pointer dereference. The attack may be launched remotely. The exploit has been released to the public and may be us...

5.3CVSS5.5AI score0.00303EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 3:45 a.m.6 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the function RANConfiguration of the file ngap/handler.go. The manipulation results in null pointer dereference. The attack may be launched remotely. The exploit has been released to the public and may be us...

5.3CVSS5.5AI score0.00303EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 3:42 a.m.6 views

Out-of-Bounds

Overview Affected versions of this package are vulnerable to Out-of-Bounds via the NGSetupRequest function in the ngap/handler.go file when processing the InformationElement argument. An attacker can cause memory corruption by sending specially crafted requests remotely. Remediation Upgrade...

5.3CVSS5.8AI score0.00303EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 3:42 a.m.5 views

Out-of-Bounds

Overview Affected versions of this package are vulnerable to Out-of-Bounds via the NGSetupRequest function in the ngap/handler.go file when processing the InformationElement argument. An attacker can cause memory corruption by sending specially crafted requests remotely. Remediation Upgrade...

5.3CVSS5.8AI score0.00303EPSS
Exploits0References2
Rows per page
Query Builder