Lucene search
+L

28 matches found

CVE
CVE
added 6 days ago8 views

CVE-2026-61502

CVE-2026-61502 affects Rejetto HFS versions 3.0.0 through 3.2.0. The root cause is that state-changing API requests can be issued via GET and are exempt from the anti-CSRF header check, enabling a remote attacker to perform administrative actions (e.g., account creation, configuration changes) an...

5.1CVSS6.4AI score0.00182EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.12 views

view_component 安全漏洞

viewcomponent is an open-source framework developed by ViewComponent, designed for building reusable and testable view components. There are security vulnerabilities in the viewcomponent version 3.0.0 to 4.9.0. These vulnerabilities arise from the system’s testing entry point using File.realpath ...

5.9CVSS5.8AI score0.00412EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in node-brace-expansion

A vulnerability was discovered in the juliangruber brace-expansion library, up to versions 1.1.11/2.0.1/3.0.0/4.0.0. This issue has been identified as problematic. The affected function is the “expand” function of the file index.js. Manipulation of this function leads to inefficient use of regula...

3.1CVSS4.7AI score0.00459EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/16 1:11 a.m.11 views

SUSE CVE-2026-44699

LibJWT is a C JSON Web Token Library. From 3.0.0 to 3.3.2, libjwt accepts an RSA JWK that does not contain an alg parameter as the verification key for an HS256/HS384/HS512 token. In the OpenSSL backend, this causes HMAC verification to run with a zero-length key, so an attacker can forge a valid...

9.1CVSS5.8AI score0.00209EPSS
Exploits0References3
CVE
CVE
added 2026/05/08 3:17 a.m.28 views

CVE-2026-41645

CVE-2026-41645 affects Nuclei up to version 3.8.0, where the expression evaluation engine can be tricked by HTTP response-derived DSL expressions reused in multi-step templates. If -env-vars (-ev) is explicitly enabled, response data containing DSL expressions can expose host environment variable...

5.3CVSS5.8AI score0.00344EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/04/02 8:31 p.m.7 views

EUVD-2026-18423

Rack: Forwarded Header semicolon injection enables Host and Scheme spoofing...

4.8CVSS5.8AI score0.00179EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/03/31 10:32 p.m.11 views

acpx-teams (=0.1.0), arifos (>=2026.2.22 <=2026.4.16) +58 more potentially affected by CVE-2026-27124 via fastmcp (>=3.0.0 <=3.1.1)

fastmcp PYPI version =3.0.0, =2026.2.22, =2026.3.13, =1.0.0, =0.56.0, =0.1.0, =0.3.2, =0.2.0, =0.3.0, =1.1.0, =0.0.1, =0.1.0, =0.5.12b18, =0.5.12b19 - efn-mcp =0.1.0 and more Source cves: CVE-2026-27124 Source advisory: SNYK:PYTHON-FASTMCP-15871030...

8.2CVSS5.7AI score0.00207EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.6 views

PT-2026-29125

Name of the Vulnerable Software and Affected Versions Botan versions 3.0.0 through 3.10.9 Description Botan is a C++ cryptography library. During X509 path validation, versions prior to 3.11.0 did not verify the signature of Online Certificate Status Protocol OCSP responses, only checking for an...

5.9CVSS5.9AI score0.00154EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2026/03/17 12:46 p.m.4 views

airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plug (=1.6.2) +39 more potentially affected by CVE-2026-28779 via apache-airflow-core (>=3.0.0 <=3.1.8)

apache-airflow-core PYPI version =3.0.0, =0.7.0, =1.5.0, =0.6.1, =1.10.7, =0.6.0, =0.1.0, =1.4.3, =0.2.0, =1.2.10, =0.1.1, =3.0.0, =1.6.0, =1.5.3, =1.25.0, =1.28.0rc1 and more Source cves: CVE-2026-28779 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-15674486...

7.5CVSS7AI score0.00677EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/02/27 3:20 a.m.8 views

com.github.psi-probe:psi-probe-tomcat10 (>=5.0.0 <=5.3.0), com.github.psi-probe:psi-probe-tomcat11 (>=5.0.0 <=5.3.0) +5 more potentially affected by CVE-2026-3270 via com.github.psi-probe:psi-probe-core (>=3.0.0 <=5.3.0)

com.github.psi-probe:psi-probe-core MAVEN version =3.0.0, =5.0.0, =5.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =5.3.0 Source cves: CVE-2026-3270 Source advisory: SNYK:JAVA-COMGITHUBPSIPROBE-15369739...

8.8CVSS6.5AI score0.00362EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2026/02/24 9:8 p.m.5 views

CVE-2026-25891

Fiber is an Express inspired web framework written in Go. A Path Traversal CWE-22 vulnerability in Fiber allows a remote attacker to bypass the static middleware sanitizer and read arbitrary files on the server file system on Windows. This affects Fiber v3 through version 3.0.0. This has been...

8.7CVSS5.9AI score0.00618EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/15 3:31 p.m.13 views

Duplicate Advisory: Google Keras Allocates Resources Without Limits or Throttling in the HDF5 weight loading component

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mgx6-5cf9-rr43. This link is maintained to preserve external references. Original Description Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 throu...

7.6CVSS6.7AI score0.00299EPSS
Exploits3References6Affected Software1
NVD
NVD
added 2025/12/11 12:16 a.m.12 views

CVE-2025-67644

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. Versions 3.0.0 and below are vulnerable to SQL injection through the checkpoint implementation. Checkpoint allows attackers to manipulate SQL queries through...

7.8CVSS0.02109EPSS
Exploits2References2
OSV
OSV
added 2025/12/10 11:37 p.m.13 views

CVE-2025-67644 LangGraph SQLite Checkpoint is vulnerable to SQL Injection via metadata filter key in checkpointer list method

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. Versions 3.0.0 and below are vulnerable to SQL injection through the checkpoint implementation. Checkpoint allows attackers to manipulate SQL queries through...

7.3CVSS7.8AI score0.02109EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2025/08/28 12:0 a.m.14 views

PT-2025-42765

Name of the Vulnerable Software and Affected Versions Apache Syncope versions 3.0.0 through 3.0.13 Apache Syncope versions 4.0.0 through 4.0.1 Description Apache Syncope allows a malicious administrator to inject Groovy code that can be executed remotely by a running Apache Syncope Core instance...

9CVSS5.9AI score0.23107EPSS
Exploits0References29
vulnersOsv
vulnersOsv
added 2025/08/21 2:53 p.m.6 views

@hpcc-js/esbuild-plugins (>=1.4.2 <=1.4.9), @yangzw/bruce-app (>=1.3.7 <=1.3.8) +1 more potentially affected by CVE-2025-57753 via vite-plugin-static-copy (>=3.0.0 <=3.1.1)

vite-plugin-static-copy NPM version =3.0.0, =1.4.2, =1.3.7, =1.3.8 - auto-reveal =0.7.0 Source cves: CVE-2025-57753 Source advisory: OSV:GHSA-PP7P-Q8FX-2968...

6CVSS5.8AI score0.00394EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/05/30 6:43 a.m.9 views

cn.acyou:leo-gateway (>=1.0.0.RELEASE <=1.1.1.RELEASE), cn.bctools:jvs-gateway (=1.1.0) +59 more potentially affected by CVE-2025-41235 via org.springframework.cloud:spring-cloud-gateway-server (>=3.0.0 <=3.1.1)

org.springframework.cloud:spring-cloud-gateway-server MAVEN version =3.0.0, =1.0.0.RELEASE, =8.1.0.286, =8.1.0.286, =2.0.1, =1.1.93, =1.0.0.Beta9, =1.1.0, =0.3.3, =1.1.1, =1.0.1, =1.0.4, =1.0.5 and more Source cves: CVE-2025-41235 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKCLOUD-10265481...

8.6CVSS7.5AI score0.0029EPSS
Exploits0
CNNVD
CNNVD
added 2025/01/25 12:0 a.m.9 views

Nuxt 安全漏洞

Nuxt is a free open source framework from Nuxt Open Source. A security vulnerability exists in Nuxt version 3.0.0 through versions prior to 3.15.3, which stems from a potential source code theft during development if a victim opens a malicious website...

5.3CVSS6.7AI score0.00325EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2024/12/23 5:54 p.m.4 views

a-api-server (=1.3.0), aau-ais-dipaal (>=0.1.22 <=0.1.29) +2287 more potentially affected by CVE-2024-56201 via jinja2 (>=3.0.0 <=3.1.4)

jinja2 PYPI version =3.0.0, =0.1.22, =1.0.2, =0.0.2, =0.0.1, =0.0.1, =1.0.0, =1.3.0, =1.5.2, =1.5.6 and more Source cves: CVE-2024-56201 Source advisory: OSV:GHSA-GMJ6-6F8F-6699...

8.8CVSS7.1AI score0.00307EPSS
Exploits0
OSV
OSV
added 2024/03/13 4:15 p.m.7 views

CVE-2024-1763

The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wpsocial/v1/ REST API endpoint in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to...

5.3CVSS5.8AI score0.0044EPSS
Exploits0References2
Rows per page
Query Builder