Lucene search
K

575651 matches found

CVE
CVE
added 1 hour ago13 views

CVE-2026-54458

WWBN AVideo is an open source video platform. Versions prior to 29.0 contain a stored DOM Cross-Site Scripting vulnerability in the YPTSocket plugin. Any unauthenticated remote attacker can execute arbitrary JavaScript in the authenticated origin of every administrator currently viewing a page th...

9.6CVSS6.3AI score
Exploits0References2
CVE
CVE
added 1 hour ago8 views

CVE-2026-55445

Qinglong is a timed task management platform supporting Python3, JavaScript, Shell, and Typescript. Prior to 2.20.1, the init guard middleware in back/loaders/express.ts checks /api/user/init but not /open/user/init, while rewrite'/open/', '/api/$1' rewrites the whitelisted /open/ path after JWT...

9.3CVSS6.1AI score
Exploits0References3
CVE
CVE
added 1 hour ago9 views

CVE-2026-55234

Wekan (open source Kanban on Meteor) has a cross-board write flaw in versions before 9.37. The DDP update allow rules in server/permissions/cards.js, server/permissions/lists.js, and server/permissions/swimlanes.js validate only the stored boardId and do not verify a new boardId in the update mod...

8.5CVSS6.1AI score
Exploits0References3
CVE
CVE
added 1 hour ago4 views

CVE-2026-52892

Summary: CVE-2026-52892 affects Wekan, an open‑source Kanban app built on Meteor. Before version 9.32, REST handlers in server/models/customFields.js checked read‑level access (Authentication.checkBoardAccess) for mutating custom-field routes, instead of write‑level access (Authentication.checkBo...

6.5CVSS6.1AI score0.00049EPSS
Exploits0References3
CVE
CVE
added 1 hour ago17 views

CVE-2026-50182

Summary (CVE-2026-50182) WWBN AVideo (API + YouTubeAPI + Layout plugins) is affected. Versions prior to 29.0 contain an unauthenticated Reflected XSS via the $_GET['search'] parameter used in the YouTubeAPI gallery pagination. The payload is injected into the hrefs of the previous/next page links...

6.1CVSS6.3AI score0.00094EPSS
Exploits0References2
CVE
CVE
added 1 hour ago6 views

CVE-2026-62361

CVE-2026-62361 affects listmonk prior to version 6.2.0. The vulnerability arises in the GET /api/subscribers/export endpoint, which injects a user-controlled query parameter into QuerySubscribersForExport without calling validateQueryTables, unlike GET /api/subscribers. An authenticated user with...

5.5CVSS6.2AI score
Exploits0References3
CVE
CVE
added 2 hours ago6 views

CVE-2026-62312

CVE-2026-62312 affects 9Router, an AI router & token saver. Before v0.5.2, an authenticated remote attacker can achieve arbitrary code execution on the host by abusing a Host header bypass of localhost-only routes in combination with unvalidated MCP plugin arguments passed to child_process.spawn(...

8.8CVSS6.5AI score
Exploits0References3
CVE
CVE
added 2 hours ago5 views

CVE-2026-56679

9Router (AI router & token saver) contains a mass-assignment vulnerability in PATCH /api/settings prior to version 0.5.4. The endpoint writes the entire request body to persistent settings without a field whitelist, enabling an authenticated user to modify security-critical fields such as require...

8.7CVSS6.1AI score
Exploits0References1
CVE
CVE
added 2 hours ago15 views

CVE-2026-54052

n8n-MCP (HTTP mode with multi-tenancy enabled via ENABLE_MULTI_TENANT=true) is affected prior to version 2.56.1. An authenticated tenant could read and delete other tenants’ workflow version backups, including full node definitions, credential references, and authorization headers, due to backups...

9.9CVSS6.1AI score0.00043EPSS
Exploits0References2
CVE
CVE
added 2 hours ago5 views

CVE-2026-55399

CVE-2026-55399 affects the Secure Access publisher prior to version 14.55. It is a resource-exhaustion vulnerability where attackers with valid credentials to the Secure Access tunnel can trigger a non-persistent DoS against the publisher. CVSS v4.0 base score is 5.1 (Medium), with network attack...

5.1CVSS6.1AI score
Exploits0References1
NVD
NVD
added 2 hours ago3 views

CVE-2026-52870

The MCP Python SDK, called mcp on PyPI, is a Python implementation of the Model Context Protocol MCP. From 1.23.0 until 1.27.2, default handlers installed by server.experimental.enabletasks for tasks/list, tasks/get, tasks/result, and tasks/cancel operate only on task identifiers without recordin...

7.6CVSS0.00043EPSS
Exploits0References4
CVE
CVE
added 2 hours ago6 views

CVE-2026-55398

CVE-2026-55398 is a memory management vulnerability in Secure Access clients and servers prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can cause a non-persistent DoS on the server. CVSS v4 base score 6.9 (Medium) with network attack, low complexit...

6.9CVSS6.1AI score
Exploits0References1
NVD
NVD
added 2 hours ago3 views

CVE-2026-40956

CVE-2026-40956 is a memory disclosure vulnerability in Secure Access client versions prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can cause a small amount of random memory to leak...

2.1CVSS
Exploits0References1
NVD
NVD
added 2 hours ago3 views

CVE-2026-40958

CVE-2026-40958 is a input validation error in Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client...

2.3CVSS
Exploits0References1
NVD
NVD
added 2 hours ago3 views

CVE-2026-40957

o CVE-2026-40957 is a frameable content vulnerability in the Secure Access server login page prior to 14.55. Attackers with control of a malicious web site could use it to potentially steal credentials from an unwary administrator...

6.1CVSS
Exploits0References1
NVD
NVD
added 2 hours ago3 views

CVE-2026-40955

CVE-2026-40955 is an integer underflow vulnerability in the traffic parsing function of Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client...

2.1CVSS
Exploits0References1
NVD
NVD
added 2 hours ago3 views

CVE-2026-40954

CVE-2026-40954 is an integer underflow vulnerability in the traffic parsing function of Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client...

2.1CVSS
Exploits0References1
NVD
NVD
added 2 hours ago3 views

CVE-2026-40953

CVE-2026-40953 is a heap overflow in the certificate parsing function of Secure Access clients prior to 14.55. Attackers with local access and administrator permissions can create a denial of service attack against the client over which they have control...

6.7CVSS
Exploits0References1
NVD
NVD
added 2 hours ago3 views

CVE-2026-40952

CVE-2026-40952 is a privilege misconfiguration in the Secure Access installer for the Windows client and server prior to version 14.55. Attackers with local access to the client or server can use it to elevate privileges to Administrator when Secure Access is installed in a non-default location...

8.5CVSS
Exploits0References1
NVD
NVD
added 2 hours ago3 views

CVE-2026-33443

CVE-2026-33443 is a memory management error in Secure Access servers prior to 14.55. Attackers with an intimate knowledge of and total control over the tunnel protocol can create a persistent DoS against the server...

7.1CVSS
Exploits0References1
Rows per page
Query Builder