Lucene search
+L

4987 matches found

EUVD
EUVD
added 2026/06/30 6:44 p.m.8 views

EUVD-2026-40377

Orkes Conductor 3.21.21 before 3.30.2 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary OS commands by submitting inline workflow definitions containing malicious JavaScript or Python expressions to the workflow API endpoint prior to...

9.8CVSS6.6AI score0.00938EPSS
Exploits2References5
OSV
OSV
added 2026/06/30 6:44 p.m.4 views

CVE-2026-58138 Orkes Conductor 3.21.21 < 3.30.2 Unauthenticated RCE via GraalVM Script Evaluators

Orkes Conductor 3.21.21 before 3.30.2 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary OS commands by submitting inline workflow definitions containing malicious JavaScript or Python expressions to the workflow API endpoint prior to...

9.3CVSS6.8AI score0.00938EPSS
Exploits2References8
EUVD
EUVD
added 2026/06/30 3:56 p.m.8 views

EUVD-2026-40356

RuoYi-Vue-Plus through 5.6.2, fixed in commit 88d03d9, exposes workflow task management endpoints under /workflow/task FlwTaskController without any permission check: the controller declares no class-level or method-level authorization annotation, so the endpoints are gated only by global...

7.1CVSS5.9AI score0.00264EPSS
Exploits0References3
Nvidia
Nvidia
added 2026/06/30 12:0 a.m.8 views

Security Bulletin: NVIDIA AIStore Framework - June 2026

NVIDIA has released a software update for NVIDIA® AIStore™ framework. To protect your system, download and install the latest version of the NVIDIA AIStore framework. Go to NVIDIA Product Security. Details The following table summarizes the potential vulnerabilities that this security update...

9.8CVSS5.8AI score0.00842EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/06/29 5:20 p.m.9 views

EUVD-2026-40168

Mythic before 3.4.0.60 contains a broken hasura permission filter on the payloadbuildstep table with an always-satisfied or condition that bypasses operation-scoped access controls. Authenticated operators and spectators can query payloadbuildstep to read stepstdout, stepstderr, stepname, and...

7.1CVSS5.8AI score0.00246EPSS
Exploits0References4
OSV
OSV
added 2026/06/29 11:50 a.m.10 views

PYSEC-2026-254 AgentScope path traversal vulnerability

A path traversal vulnerability exists in the modelscope/agentscope application, affecting all versions. The vulnerability is present in the /delete-workflow endpoint, allowing an attacker to delete arbitrary files from the filesystem. This issue arises due to improper input validation, enabling t...

9.1CVSS7.4AI score0.00953EPSS
Exploits1References8
Nuclei
Nuclei
added 2026/06/28 3:8 p.m.19 views

dotCMS Core Publish Audit API - Unauthenticated SQL Injection

dotCMS Core 25.11.04-1 through 26.04.28-02 contains an SQL injection caused by unsanitized input in Publish Audit API endpoints /api/auditPublishing/get and /api/auditPublishing/getAll, letting remote unauthenticated attackers read, modify, or destroy arbitrary database content, exploit requires ...

10CVSS6AI score0.01584EPSS
Exploits1References3
OSV
OSV
added 2026/06/26 8:17 p.m.4 views

UBUNTU-CVE-2026-53289

In the Linux kernel, the following vulnerability has been resolved: ice: fix NULL pointer dereference in iceresetallvfs iceresetallvfs ignores the return value of icevfrebuildvsi. When the VSI rebuild fails e.g. during NVM firmware update via nvmupdate64e, icevsirebuild tears down the VSI on its...

5.5CVSS5.7AI score0.00122EPSS
Exploits0References9
OSV
OSV
added 2026/06/26 7:40 p.m.3 views

CVE-2026-53289 ice: fix NULL pointer dereference in ice_reset_all_vfs()

In the Linux kernel, the following vulnerability has been resolved: ice: fix NULL pointer dereference in iceresetallvfs iceresetallvfs ignores the return value of icevfrebuildvsi. When the VSI rebuild fails e.g. during NVM firmware update via nvmupdate64e, icevsirebuild tears down the VSI on its...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References9
EUVD
EUVD
added 2026/06/26 2:53 p.m.5 views

EUVD-2026-39744

Administrator SQL Injection in WP All Import = 4.0.1 versions...

7.6CVSS5.8AI score0.00279EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:53 p.m.40 views

CVE-2026-57628 WordPress WP All Import plugin <= 4.0.1 - SQL Injection vulnerability

Administrator SQL Injection in WP All Import = 4.0.1 versions...

7.6CVSS0.00279EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:53 p.m.18 views

CVE-2026-57628

CVE-2026-57628 : Concrete details across connected sources show an Admin SQL Injection vulnerability in the WordPress WP All Import plugin, versions

7.6CVSS5.8AI score0.00279EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.33 views

CVE-2026-54837 WordPress Intranet & Private Site – All-In-One Intranet plugin <= 1.8.1 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Intranet & Private Site All-In-One Intranet = 1.8.1 versions...

7.5CVSS0.00278EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.13 views

CVE-2026-54837

The WordPress plugin All-In-One Intranet (Intranet & Private Site) &lt;= 1.8.1 exposes unauthenticated Broken Access Control. Affected software is the All-In-One Intranet WordPress plugin (version

7.5CVSS5.8AI score0.00278EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:52 p.m.5 views

EUVD-2026-39680

Unauthenticated Broken Access Control in Intranet & Private Site All-In-One Intranet = 1.8.1 versions...

7.5CVSS5.8AI score0.00278EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/26 12:18 p.m.8 views

WordPress WP All Import plugin <= 4.0.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin WP All Import versions = 4.0.1...

7.6CVSS5.8AI score0.00279EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/26 10:41 a.m.7 views

CVE-2026-13325 Virt-handler-rhel9: kubevirt: kubevirt: disabletls migration setting removes authentication, exposing unauthenticated virtqemud proxy on all interfaces

A flaw was found in KubeVirt's migration proxy. When spec.configuration.migrations.disableTLS is set to true on the KubeVirt custom resource, the target virt-handler binds a plain TCP listener on all interfaces 0.0.0.0/:: on a random port with no authentication, peer allow-list, or handshake toke...

8.5CVSS5.8AI score0.00175EPSS
Exploits0References2
CVE
CVE
added 2026/06/26 10:41 a.m.21 views

CVE-2026-13325

The CVE-2026-13325 issue affects KubeVirt’s migration proxy. When spec.configuration.migrations.disableTLS is set to true, the target virt-handler binds a plain TCP listener on all interfaces (0.0.0.0/::) on a random port with no authentication, peer allow-list, or handshake token. This listener ...

8.5CVSS5.8AI score0.00175EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.25 views

PT-2026-52799

Administrator SQL Injection in WP All Import = 4.0.1 versions...

7.6CVSS5.8AI score0.00279EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.28 views

PT-2026-53018

Name of the Vulnerable Software and Affected Versions linkify-it versions prior to 5.0.1 Description LinkifyIt.prototype.match, the primary public API of the library, exhibits ON² algorithmic complexity when processing inputs containing numerous fuzzy links or emails. This occurs because the...

8.7CVSS6.1AI score0.00445EPSS
Exploits0References5
Rows per page
Query Builder