Lucene search
K

18196 matches found

Positive Technologies
Positive Technologies
added 5 days ago10 views

PT-2026-53303

Name of the Vulnerable Software and Affected Versions Devolutions PowerShell Universal version 2026.2.0 Description An information disclosure issue exists in the AI Agent job API. An authenticated user with AI Agent read access can obtain reusable, potentially higher-privileged authentication...

6.5CVSS5.8AI score0.00255EPSS
Exploits0References4
NVD
NVD
added 6 days ago10 views

CVE-2026-13511

A vulnerability was determined in VoltAgent up to 2.1.17. Affected by this issue is the function handleGetMemoryConversation of the file packages/server-core/src/handlers/memory.handlers.ts of the component Memory REST API. Executing a manipulation of the argument conversationId can lead to...

3.1CVSS0.0022EPSS
Exploits0References7
Cvelist
Cvelist
added 6 days ago27 views

CVE-2026-13508 khoj-ai khoj Conversation Sharing api_chat.py authorization

A flaw has been found in khoj-ai khoj up to 2.0.0-beta.28. This impacts an unknown function of the file src/khoj/routers/apichat.py of the component Conversation Sharing Handler. This manipulation of the argument conversation.agent causes incorrect authorization. Remote exploitation of the attack...

6.5CVSS0.00165EPSS
Exploits0References7
CVE
CVE
added 6 days ago13 views

CVE-2026-13508

Affects khoj-ai khoj versions up to 2.0.0-beta.28; vulnerable component is the Conversation Sharing Handler in src/khoj/routers/api_chat.py, where manipulation of conversation.agent leads to incorrect authorization. The issue enables remote exploitation (exploit published) with attack vector over...

6.5CVSS5.6AI score0.00165EPSS
Exploits0References7
Nuclei
Nuclei
added 6 days ago19 views

Kaseya VSA < 9.5.7 - Credential Disclosure via Windows Agent

Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offers a download page where the clients for the installation can be downloaded. The default URL for this page is https://x.x.x.x/dl.asp When an attacker download a client...

10CVSS7.5AI score0.85619EPSS
Exploits1References5
Chainguard
Chainguard
added 6 days ago9 views

CVE-2026-48496 vulnerabilities

Vulnerabilities for packages: elastic-agent, elastic-agent-fips...

5.9AI score0.00017EPSS
Exploits0
Chainguard
Chainguard
added 6 days ago5 views

GHSA-F2R5-5M7W-P5CX vulnerabilities

Vulnerabilities for packages: elastic-agent, elastic-agent-fips...

5.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 6 days ago10 views

PT-2026-53164

Name of the Vulnerable Software and Affected Versions khoj-ai khoj versions prior to 2.0.0-beta.29 Description A flaw in the Conversation Sharing Handler component within the file src/khoj/routers/api chat.py allows for incorrect authorization. This occurs through the manipulation of the...

6.5CVSS6AI score0.00165EPSS
Exploits0References11
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:7 a.m.13 views

undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent

...

7.4CVSS5.8AI score0.00431EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/27 12:0 a.m.6 views

SUSE SLES12 Security Update : google-osconfig-agent (SUSE-SU-2026:2665-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2665-1 advisory. - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header...

10CVSS7.4AI score0.01557EPSS
Exploits1References44
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.4 views

GHSA-45GG-VH54-H5M9 vulnerabilities

Vulnerabilities for packages: argo-workflows-fips, fscrypt, external-dns, flux-source-controller, loki, flux-image-automation-controller, kots, frankenphp-8.2, terraform, prometheus-fips, gitlab-kas, tekton-pipelines-fips, reports-server, prometheus-elasticsearch-exporter, seaweedfs-rocksdb-fips,...

5.9AI score
Exploits0
Wolfi
Wolfi
added 2026/06/26 8:22 p.m.6 views

GHSA-X527-X647-Q7GG vulnerabilities

Vulnerabilities for packages: cloud-provider-aws, knative-serving, aactl, kubernetes, flux-image-automation-controller, gitea, kots, minio, zarf, kyverno, argo-cd, zot, kubescape, istio, kubernetes-dashboard, telegraf, fscrypt, gitlab-kas, external-dns, snyk-cli, containerd,...

5.9AI score
Exploits0
Wolfi
Wolfi
added 2026/06/26 8:22 p.m.5 views

GHSA-JPPX-RXG9-JMRX vulnerabilities

Vulnerabilities for packages: cloud-provider-aws, knative-serving, aactl, kubernetes, kots, minio, kyverno, argo-cd, zot, istio, kubernetes-dashboard, telegraf, buildah, fscrypt, gitlab-kas, external-dns, snyk-cli, containerd, opentelemetry-collector, prometheus-operator, vitess, cert-manager,...

5.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/26 6:24 p.m.5 views

Malicious code in @appupdate/cdn-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 445a7b613694730e29915d732e3df0700d145622b279b62b0a141c76211e6f14 Package @appupdate/cdn-sync ships as a thin koffi wrapper around prebuilt Go cgo native libraries 12MB linux.so, 11MB darwin.dylib for x64/arm64. The...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/26 6:24 p.m.5 views

MAL-2026-6531 Malicious code in @appupdate/cdn-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 445a7b613694730e29915d732e3df0700d145622b279b62b0a141c76211e6f14 Package @appupdate/cdn-sync ships as a thin koffi wrapper around prebuilt Go cgo native libraries 12MB linux.so, 11MB darwin.dylib for x64/arm64. The...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/26 4:32 p.m.2 views

GHSA-PR7J-96CJ-549H Fluentd is Vulnerable to Exposure of Sensitive Information via Monitor Agent API

Fluentd's Monitor Agent plugin inmonitoragent exposes internal metrics and plugin information via a REST API. It was discovered that the API response /api/plugins.json and related endpoints unintentionally includes internal instance variables of loaded plugins. If any plugins store sensitive...

7.5CVSS5.8AI score
Exploits0References3
OSV
OSV
added 2026/06/26 2:5 p.m.2 views

SUSE-SU-2026:2665-1 Security update for google-osconfig-agent

This update for google-osconfig-agent fixes the following issues: - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header bsc1260264. - CVE-2026-39821: Update golang.org/x/net/idna dependency bsc1266603. - CVE-2026-39827: Update...

10CVSS7.3AI score0.01557EPSS
Exploits1References26
OSV
OSV
added 2026/06/26 8:51 a.m.4 views

BIT-NODE-MIN-2026-48931

A flaw in Node.js HTTP Agent can cause a client to accept as valid a response that is send before the client has sent the request. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

3.7CVSS6.1AI score0.00359EPSS
Exploits1References4
OSV
OSV
added 2026/06/26 8:51 a.m.4 views

BIT-NODE-2026-48931

A flaw in Node.js HTTP Agent can cause a client to accept as valid a response that is send before the client has sent the request. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

3.7CVSS5.8AI score0.00359EPSS
Exploits1References4
NVD
NVD
added 2026/06/26 5:16 a.m.7 views

CVE-2026-8797

An access control deficiency vulnerability exists in ExpressUpdate Agent for Windows. If a malicious user gains access to the product, arbitrary code could be executed with SYSTEM privileges...

8.5CVSS0.00122EPSS
Exploits0References1
Rows per page
Query Builder