Lucene search
K

54 matches found

Nuclei
Nuclei
added 12 hours ago86 views

Vanna - SQL injection

Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web APIs. Attackers can inject malicious SQL training data and generate corresponding queries to write arbitrary files on the victim's file system, such as backdoor.php with contents . This can lead to...

9.8CVSS7.6AI score0.03452EPSS
Exploits0References4
Veeam
Veeam
added 2026/04/16 12:0 a.m.40 views

Release Information for Veeam Backup for Microsoft 365 8.4

More Recent Version Available Please find the latest version of Veeam Backup for Microsoft 365 here: Veeam Downloads - Latest Version Build Numbers and Versions of Veeam Backup for Microsoft 365 Requirements This release can be used to: upgrade an existing v7, v8, v8.1, v8.2, or v8.3 deployment o...

5.7AI score
Exploits0Affected Software1
CNNVD
CNNVD
added 2026/04/16 12:0 a.m.10 views

Luanti 安全漏洞

Luanti is an open-source voxel game engine developed by Luanti itself, supporting mods and game creation. Versions of Luanti prior to 5.5.2 contained security vulnerabilities. These vulnerabilities were caused by improper security environment configuration, which could allow custom modules to...

8.1CVSS5.8AI score0.00171EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:10 p.m.2 views

CVE-2026-32326

SHARP routers do not perform authentication for some web APIs. The device information may be retrieved without authentication. If the administrative password of the device is left as the initial one, the device may be taken over...

6.9CVSS6.2AI score0.00278EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 7:38 a.m.21 views

CVE-2026-32326

SHARP routers do not perform authentication for some web APIs. The device information may be retrieved without authentication. If the administrative password of the device is left as the initial one, the device may be taken over...

6.9CVSS0.00278EPSS
Exploits0References2
OSV
OSV
added 2026/03/09 8:16 p.m.5 views

UBUNTU-CVE-2026-0846

A vulnerability in the filestring function of the nltk.util module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by...

8.6CVSS5.9AI score0.00428EPSS
Exploits1References7
NVD
NVD
added 2026/02/12 5:16 p.m.6 views

CVE-2025-55210

FreePBX is an open-source web-based graphical user interface GUI that manages Asterisk. Prior to 17.0.5 and 16.0.17, FreePBX module api PBX API is vulnerable to privilege escalation by authenticated users with REST/GraphQL API access. This vulnerability allows an attacker to forge a valid JWT wit...

7.5CVSS0.00296EPSS
Exploits0References4
NVD
NVD
added 2025/12/17 9:16 p.m.7 views

CVE-2025-43526

This issue was addressed with improved URL validation. This issue is fixed in Safari 26.2, macOS Tahoe 26.2. On a Mac with Lockdown Mode enabled, web content opened via a file URL may be able to use Web APIs that should be restricted...

9.8CVSS0.00507EPSS
Exploits0References2
CVE
CVE
added 2025/12/17 8:46 p.m.22 views

CVE-2025-43526

CVE-2025-43526 affects Apple macOS Tahoe < 26.2 and Safari

9.8CVSS5.8AI score0.00507EPSS
Exploits0References2Affected Software2
Vulnrichment
Vulnrichment
added 2025/12/17 8:46 p.m.3 views

CVE-2025-43526

This issue was addressed with improved URL validation. This issue is fixed in macOS Tahoe 26.2, Safari 26.2. On a Mac with Lockdown Mode enabled, web content opened via a file URL may be able to use Web APIs that should be restricted...

5.6AI score0.00507EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/17 8:46 p.m.23 views

CVE-2025-43526

This issue was addressed with improved URL validation. This issue is fixed in Safari 26.2, macOS Tahoe 26.2. On a Mac with Lockdown Mode enabled, web content opened via a file URL may be able to use Web APIs that should be restricted...

0.00507EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2016-2733

Malware in sbrugna...

6.8CVSS7.8AI score0.01054EPSS
Exploits0References16
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-15340

Malware in sbrugna...

6.5CVSS7.9AI score0.01278EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-6594

Malware in sbrugna...

7.5CVSS7.4AI score0.00425EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2025/09/12 12:0 a.m.5 views

Automated Testing of Broken Authentication Vulnerabilities in Web APIs with AuthREST

We present AuthREST, an open-source security testing tool targeting broken authentication, one of the most prevalent API security risks in the wild. AuthREST automatically tests web APIs for credential stuffing, password brute forcing, and unchecked token authenticity. Empirical results show that...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:52 p.m.15 views

CVE-2020-14456

An issue was discovered in Mattermost Desktop App before 4.4.0. The Same Origin Policy is mishandled during access-control decisions for web APIs, aka MMSA-2020-0006...

7.5CVSS7AI score0.00425EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 6:25 a.m.17 views

CVE-2024-5827

Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web APIs. Attackers can inject malicious SQL training data and generate corresponding queries to write arbitrary files on the victim's file system, such as backdoor.php with contents . This can lead to...

9.8CVSS8.1AI score0.03452EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/01/09 6:49 a.m.12 views

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

7.7CVSS6.7AI score0.1307EPSS
Exploits0References8
NVD
NVD
added 2024/06/28 8:15 p.m.48 views

CVE-2024-5827

Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web APIs. Attackers can inject malicious SQL training data and generate corresponding queries to write arbitrary files on the victim's file system, such as backdoor.php with contents . This can lead to...

9.8CVSS0.03452EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/28 7:27 p.m.16 views

CVE-2024-5827 Arbitrary File Write by Prompt Injection via DuckDB SQL in vanna-ai/vanna

Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web APIs. Attackers can inject malicious SQL training data and generate corresponding queries to write arbitrary files on the victim's file system, such as backdoor.php with contents . This can lead to...

9.8CVSS8.1AI score0.03452EPSS
Exploits0References1
Rows per page
Query Builder