Lucene search
K

4895 matches found

Nuclei
Nuclei
added yesterday478 views

Sonatype Nexus Repository Manager 3 - Local File Inclusion

Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1. id: CVE-2024-4956 info: name: Sonatype Nexus Repository Manager 3 - Local File Inclusion author: ritikchaddha severity: high description: | Path Traversal in Sonatype...

7.5CVSS7AI score0.18245EPSS
Exploits16References4
OSV
OSV
added 4 days ago1 views

CVE-2026-55852 Frappe: TarSlip RCE in Package Import

Frappe is a full-stack web application framework. Prior to 16.23.0 and 15.112.0, TarSlip RCE was possible in Package Import because tarfile members were not sufficiently checked before extraction. This issue is fixed in versions 16.23.0 and 15.112.0...

8.6CVSS6.1AI score0.00457EPSS
Exploits0References11
OSV
OSV
added 4 days ago2 views

CVE-2026-55472 Snipe-IT: API Location Creation Bypasses FMCS Parent-Child Company Boundary Validation

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, when Full Multiple Companies Support and scopelocationsfmcs are enabled, the API location creation endpoint detects an invalid parent-child company mismatch but does not return immediately, allowing creation of a child location...

4.3CVSS6.1AI score0.00197EPSS
Exploits0References5
CVE
CVE
added 4 days ago25 views

CVE-2026-55885

CVE-2026-55885 (Grav) : An authenticated admin with backup permissions can download a ZIP of the Grav installation via the backup/download endpoint, exposing sensitive data: admin.yaml with the administrator password hash and site configuration under user/config. The vulnerability stems from (1) ...

6.8CVSS6AI score0.00174EPSS
Exploits0References2
OSV
OSV
added 4 days ago3 views

ROOT-OS-DEBIAN-12-CVE-2025-61147 CVE-2025-61147 in rootio-libde265 - Patched by Root

Root has patched CVE-2025-61147 in the rootio-libde265 package for Root:Debian:12. Multiple fixed versions available...

6.2CVSS5.9AI score0.00159EPSS
Exploits1
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42629

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.6.27 before 0.10.0, getallmodels handlers in routers/openai.py and routers/ollama.py passed a lambda to aiocache key instead of keybuilder, causing permission-filtered per-user model lists to share a stat...

3.5CVSS6AI score0.00273EPSS
Exploits1References4
OSV
OSV
added 6 days ago14 views

ROOT-APP-PYPI-CVE-2026-42311 CVE-2026-42311 in rootio-pillow - Patched by Root

Root has patched CVE-2026-42311 in the rootio-pillow package for Root:PyPI. Multiple fixed versions available...

7.8CVSS5.8AI score0.0015EPSS
Exploits0
OSV
OSV
added last week5 views

CVE-2026-58266 Anki: User scripts in iframes have access to the internal Anki API

Anki is a program for creating and reviewing flashcards. Prior to 25.09.4, Anki's webview-based pages communicate with the Rust backend using an internal localhost API, and user scripts included via iframes in the editor can access this API despite protections intended to block reviewer and edito...

6.5CVSS6AI score0.00169EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added last week6 views

CVE-2026-55592

Dashy is a self-hostable personal dashboard. Prior to 4.3.7, Dashy's workspace view trusts the url query parameter and assigns it directly to an iframe source without scheme validation. If a logged-in user opens a crafted workspace link containing a javascript: URL, JavaScript runs on the Dashy...

3.9CVSS6AI score0.00255EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/07/07 3:11 a.m.4 views

CVE-2026-34152 Coolify: Command Injection via Newline in Pre/Post Deployment Commands (Heredoc Transport)

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, pre-deployment and post-deployment commands are single-quote escaped but then sent through SSH heredoc transport that preserves newlines, allowing an authenticated user to...

8.8CVSS6.1AI score0.00372EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/07 3:5 a.m.6 views

CVE-2026-34168

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the LocalPersistentVolume.name field is interpolated directly into docker volume shell commands without shell argument escaping, allowing an authenticated user to set a...

8.8CVSS6AI score0.00403EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/07/07 2:56 a.m.5 views

EUVD-2026-41982

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, log drain secret and environment values were interpolated into shell commands without sufficient encoding, allowing an authenticated user to inject commands executed on the...

8.8CVSS6AI score0.0034EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/06 9:35 p.m.7 views

EUVD-2026-41153

Craft CMS: Stored XSS via Structure entry title in table view...

5.9CVSS5.9AI score0.00412EPSS
Exploits0References3
OSV
OSV
added 2026/07/06 8:16 p.m.4 views

DEBIAN-CVE-2026-50134

Hugo is a static site generator. From 0.91.0 until 0.162.0, resources.GetRemote enforces security.http.urls on the URL it is called with, but it did not re-validate intermediate URLs on HTTP 3xx redirects. An allowed server or an attacker controlling its DNS or response could therefore redirect t...

5.8CVSS5.9AI score0.00249EPSS
Exploits0References1
OSV
OSV
added 2026/07/06 1:15 p.m.8 views

ROOT-OS-DEBIAN-12-CVE-2023-49463 CVE-2023-49463 in rootio-libheif - Patched by Root

Root has patched CVE-2023-49463 in the rootio-libheif package for Root:Debian:12. Multiple fixed versions available...

8.8CVSS5.4AI score0.00768EPSS
Exploits1
OSV
OSV
added 2026/07/06 3:50 a.m.11 views

ROOT-OS-DEBIAN-13-CVE-2026-23379 CVE-2026-23379 in rootio-linux - Patched by Root

Root has patched CVE-2026-23379 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

5.5CVSS5.9AI score0.00119EPSS
Exploits0
OSV
OSV
added 2026/07/06 3:50 a.m.9 views

ROOT-OS-DEBIAN-13-CVE-2026-23340 CVE-2026-23340 in rootio-linux - Patched by Root

Root has patched CVE-2026-23340 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

7.8CVSS5.9AI score0.00135EPSS
Exploits0
OSV
OSV
added 2026/07/06 3:50 a.m.6 views

ROOT-OS-DEBIAN-13-CVE-2025-68322 CVE-2025-68322 in rootio-linux - Patched by Root

Root has patched CVE-2025-68322 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

5.4AI score0.00169EPSS
Exploits0
OSV
OSV
added 2026/07/06 3:50 a.m.7 views

ROOT-OS-DEBIAN-13-CVE-2026-46330 CVE-2026-46330 in rootio-linux - Patched by Root

Root has patched CVE-2026-46330 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

7.8CVSS5.3AI score0.00112EPSS
Exploits0
OSV
OSV
added 2026/07/06 3:50 a.m.3 views

ROOT-OS-DEBIAN-13-CVE-2026-23285 CVE-2026-23285 in rootio-linux - Patched by Root

Root has patched CVE-2026-23285 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

5.5CVSS5.9AI score0.00122EPSS
Exploits0
Rows per page
Query Builder