Lucene search
+L

18652 matches found

EUVD
EUVD
added 4 days ago8 views

EUVD-2026-44682

The NGINX Agent configdirs directive allows a low-privileged attacker to gain limited read and write access to files outside of the designated secure directory. The configdirs directive required for this issue can also be configured through NGINX Instance Manager. A successful exploit may allow a...

6.4CVSS5.8AI score0.00197EPSS
Exploits0References1
CVE
CVE
added 4 days ago11 views

CVE-2026-60062

The CVE-2026-60062 affects the NGINX Agent via the config_dirs directive. A low-privileged, remotely authenticated attacker can gain limited read and write access to files outside the designated secure directory, potentially crossing a security boundary. The config_dirs requirement can also be co...

6.4CVSS5.8AI score0.00197EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago44 views

CVE-2026-60062 NGINX Agent Vulnerability

The NGINX Agent configdirs directive allows a low-privileged attacker to gain limited read and write access to files outside of the designated secure directory. The configdirs directive required for this issue can also be configured through NGINX Instance Manager. A successful exploit may allow a...

6.4CVSS0.00197EPSS
Exploits0References1
CVE
CVE
added 4 days ago10 views

CVE-2026-61613

Cursor: Cloud Agent browser sandbox escape where attacker-controlled web content inside the agent container could reach an unauthenticated local agent endpoint, allowing code execution and access to files, repository contents, environment variables, credentials, and GitHub App tokens. Fixed 2026-...

7.7CVSS6.4AI score0.00388EPSS
Exploits0References1
F5 Networks
F5 Networks
added 4 days ago18 views

K000161837: Out-of-band Security Notification (July 15, 2026)

Security Advisory Description On July 15, 2026, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities to help determine the impact to your F5 devices. You can find the details of each issue in the associated articles. Article CVE|...

9.2CVSS6.1AI score0.0083EPSS
Exploits1
F5 Networks
F5 Networks
added 4 days ago16 views

K000161971: NGINX Agent vulnerability CVE-2026-60062

Security Advisory Description The NGINX Agent configdirs directive allows a low-privileged attacker to gain limited read and write access to files outside of the designated secure directory. The configdirs directive required for this issue can also be configured through NGINX Instance Manager. A...

6.4CVSS5.8AI score0.00197EPSS
Exploits0Affected Software2
SUSE Linux
SUSE Linux
added 4 days ago7 views

Security update for terraform-provider-aws, terraform-provider-azurerm, terraform-provider-external, terraform-provider-google, terraform-provider-helm, terraform-provider-kubernetes, terraform-provid

This update for terraform-provider-aws, terraform-provider-azurerm, terraform-provider-external, terraform-provider-google, terraform-provider-helm, terraform-provider-kubernetes, terraform-provider-local, terraform-provider-null, terraform-provider-random, terraform-provider-tls fixes the...

9.1CVSS6.8AI score0.04561EPSS
Exploits3References164
OSV
OSV
added 4 days ago3 views

SUSE-SU-2026:3056-1 Security update for terraform-provider-aws, terraform-provider-azurerm, terraform-provider-external, terraform-provider-google, terraform-provider-helm, terraform-provider-kubernetes, terraform-provider-local, terraform-provider-null, terraform-provider-random, terraform-provider-tls

This update for terraform-provider-aws, terraform-provider-azurerm, terraform-provider-external, terraform-provider-google, terraform-provider-helm, terraform-provider-kubernetes, terraform-provider-local, terraform-provider-null, terraform-provider-random, terraform-provider-tls fixes the...

10CVSS6.8AI score0.04561EPSS
Exploits3References85
NCSC
NCSC
added 4 days ago15 views

Vulnerabilities exist in several Fortinet products

Fortinet has identified vulnerabilities in several versions of FortiSIEM Windows Agent and general product versions, FortiOS, FortiPAM, and FortiProxy. One vulnerability exists in the FortiSIEM Windows Agent versions 7.4.0 through 7.4.1 with the identifier CVE-2026-59841. This vulnerability allow...

7.5CVSS6.2AI score0.00291EPSS
Exploits0References4
NVD
NVD
added 4 days ago10 views

CVE-2026-61435

PraisonAI before 4.6.78 contains an authentication bypass in the Call API agent invocation endpoints src/praisonai/praisonai/api/agentinvoke.py when PRAISONAICALLAUTH=disabled is configured. The safeguard intended to restrict the disabled-auth opt-out to localhost binding derives the bind host fr...

8.8CVSS0.00384EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 4 days ago9 views

undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy

A flaw was found in undici. When undici's ProxyAgent is configured with a SOCKS5 proxy Uniform Resource Identifier URI, it silently ignores Transport Layer Security TLS options, such as custom Certificate Authorities CAs. This allows a remote attacker to perform a Man-in-the-Middle MITM attack,...

7.4CVSS6.8AI score0.00476EPSS
Exploits0References6
CVE
CVE
added 4 days ago8 views

CVE-2026-61435

PraisionAI before 4.6.78 contains an authentication bypass in the Call API agent invocation endpoints (src/praisonai/praisonai/api/agent_invoke.py) when PRAISONAI_CALL_AUTH=disabled is configured. The localhost-only restriction is derived from request.url.hostname via the client-controlled Host h...

8.8CVSS6.1AI score0.00384EPSS
Exploits0References4
OSV
OSV
added 4 days ago5 views

CVE-2026-61435 PraisonAI before 4.6.78 Authentication Bypass via Host Header Spoofing

PraisonAI before 4.6.78 contains an authentication bypass in the Call API agent invocation endpoints src/praisonai/praisonai/api/agentinvoke.py when PRAISONAICALLAUTH=disabled is configured. The safeguard intended to restrict the disabled-auth opt-out to localhost binding derives the bind host fr...

8.8CVSS6.1AI score0.00384EPSS
Exploits0References6
Cvelist
Cvelist
added 4 days ago28 views

CVE-2026-61435 PraisonAI before 4.6.78 Authentication Bypass via Host Header Spoofing

PraisonAI before 4.6.78 contains an authentication bypass in the Call API agent invocation endpoints src/praisonai/praisonai/api/agentinvoke.py when PRAISONAICALLAUTH=disabled is configured. The safeguard intended to restrict the disabled-auth opt-out to localhost binding derives the bind host fr...

8.8CVSS0.00384EPSS
Exploits0References4
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-44641

PraisonAI before 4.6.78 contains an authentication bypass in the Call API agent invocation endpoints src/praisonai/praisonai/api/agentinvoke.py when PRAISONAICALLAUTH=disabled is configured. The safeguard intended to restrict the disabled-auth opt-out to localhost binding derives the bind host fr...

8.8CVSS6.1AI score0.00384EPSS
Exploits0References4
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-56699 Wazuh Manager - NDJSON Injection in inventory_sync via Agent-Controlled DataValue.index

Wazuh Manager before 5.0.0-beta3 fails to escape the DataValue.index field when constructing OpenSearch bulk requests, allowing enrolled agents to inject arbitrary NDJSON operations. Attackers can smuggle delete, index, or update operations into bulk requests executed under the manager's admin...

10CVSS0.00351EPSS
Exploits0References2
OSV
OSV
added 4 days ago5 views

CVE-2026-56699 Wazuh Manager - NDJSON Injection in inventory_sync via Agent-Controlled DataValue.index

Wazuh Manager before 5.0.0-beta3 fails to escape the DataValue.index field when constructing OpenSearch bulk requests, allowing enrolled agents to inject arbitrary NDJSON operations. Attackers can smuggle delete, index, or update operations into bulk requests executed under the manager's admin...

10CVSS6.2AI score0.00351EPSS
Exploits0References4
GithubExploit
GithubExploit
added 4 days ago40 views

Exploit for CVE-2025-60357

CVE-2025-60357- NoSQLMongoDB Injection Vulnerab...

6.1AI score0.00401EPSS
Exploits1
EUVD
EUVD
added 5 days ago14 views

EUVD-2026-37897

Woodpecker gRPC agentid metadata can be spoofed- cross-tenant agent impersonation...

7.1CVSS6.1AI score0.00246EPSS
Exploits0References6
NVD
NVD
added 5 days ago5 views

CVE-2026-47632

Improper certificate validation in Azure Monitor Agent allows an unauthorized attacker to elevate privileges over an adjacent network...

8.8CVSS0.00313EPSS
Exploits0References1
Rows per page
Query Builder