Lucene search
K

1549 matches found

CVE
CVE
added 11 hours ago8 views

CVE-2026-44767

The CVE-2026-44767 issue arises from setThemeRoot() not enforcing the sap-allowed-theme-origins allowlist, allowing an attacker-controlled absolute cross-origin URL to be stored and used in a element even without a sap-allowed-theme-origins meta tag. The same bypass is reachable via the ?sap-the...

6.1CVSS6.2AI score
Exploits0References2
Cvelist
Cvelist
added 11 hours ago9 views

CVE-2026-44767 Allowlist Bypass in setThemeRoot() Enables Cross-Origin CSS Injection

setThemeRoot failed to enforce the sap-allowed-theme-origins allowlist. An attacker-controlled absolute cross-origin URL could be stored and used directly to construct a element, even when no tag was present in the document. The same bypass was reachable via the ?sap-themeRoot URL...

6.1CVSS
Exploits0References2
Nuclei
Nuclei
added yesterday23 views

NocoBase - VM Sandbox Escape to Remote Code Execution

NocoBase Workflow Script Node executes user-supplied JavaScript inside a Node.js vm sandbox with a custom require allowlist controlled by WORKFLOWSCRIPTMODULES env var. The console object passed into the sandbox context exposes host-realm WritableWorkerStdio stream objects via console.stdout and...

9.9CVSS6.3AI score0.36503EPSS
Exploits7References3
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-42899

PraisonAI versions before 4.6.78 contain an allowlist bypass vulnerability in shell command execution that allows attackers to execute restricted commands via find's built-in -exec, -execdir, and -delete actions. Attackers can craft find commands with these built-in actions to read blocked files,...

8.8CVSS6.3AI score0.00579EPSS
Exploits0References2
CVE
CVE
added 4 days ago7 views

CVE-2026-61434

CVE-2026-61434 involves PraisonAI prior to version 4.6.78, where an allowlist bypass in shell command execution enables attackers to abuse find’s built-in -exec, -execdir, and -delete actions. By crafting find commands that use these actions, an attacker can read blocked files, delete files, or r...

8.8CVSS6.3AI score0.00579EPSS
Exploits0References2
CVE
CVE
added 4 days ago6 views

CVE-2026-9838

The CVE-2026-9838 entry concerns the ICS Calendar plugin for WordPress. It describes a Reflected Cross-Site Scripting (XSS) vulnerability via the htmltagtitle parameter in all versions up to and including 12.0.9. The root cause is insufficient input sanitization and output escaping, with exploita...

6.1CVSS6.2AI score0.00296EPSS
Exploits0References10
NVD
NVD
added 4 days ago7 views

CVE-2026-15319

A security vulnerability has been detected in Sipeed PicoClaw up to 0.2.9. This affects the function IPAllowlist of the file web/backend/middleware/accesscontrol.go of the component Launcher. Such manipulation leads to improper access controls. The attack may be performed from remote. The exploit...

7.5CVSS0.00323EPSS
Exploits0References7
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-15319 Sipeed PicoClaw Launcher access_control.go IPAllowlist access control

A security vulnerability has been detected in Sipeed PicoClaw up to 0.2.9. This affects the function IPAllowlist of the file web/backend/middleware/accesscontrol.go of the component Launcher. Such manipulation leads to improper access controls. The attack may be performed from remote. The exploit...

7.5CVSS0.00323EPSS
Exploits0References7
CVE
CVE
added 4 days ago9 views

CVE-2026-15319

The CVE-2026-15319 entry concerns Sipeed PicoClaw up to version 0.2.9, where the IPAllowlist function in web/backend/middleware/access_control.go within the Launcher component can be manipulated, leading to improper access controls. This vulnerability is exploitable remotely, and public disclosur...

7.5CVSS6.4AI score0.00323EPSS
Exploits0References7
NVD
NVD
added 4 days ago5 views

CVE-2026-55615

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.5, Neo4jChatAgent passes LLM-generated Cypher queries straight to the Neo4j driver with no validation, no statement-type allowlist, and no opt-out gate. The query text is influenceable by prompt...

9.2CVSS0.00461EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 5 days ago8 views

CVE-2026-54760

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.1, the SQLChatAgent SQL-injection mitigation, with default allowdangerousoperations=False, combines a raw-text regex blocklist DANGEROUSSQLPATTERNS with a sqlglot SELECT-only statement allowlist...

9.3CVSS6.1AI score0.00646EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 5 days ago5 views

fast-uri: fast-uri: URI authority bypass due to improper delimiter handling

A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by crafting a malicious Uniform Resource Identifier URI that contains percent-encoded authority delimiters. The fast-uri library incorrectly decodes these delimiters during normalization and then re-emits them as raw...

7.5CVSS6AI score0.00475EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 6 days ago5 views

CVE-2026-40047

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Apache Camel Docling component. The camel-docling component invokes the external docling command-line tool by assembling an argument list in DoclingProducer and executing it through...

9.1CVSS5.9AI score0.01569EPSS
Exploits2References4
EUVD
EUVD
added 6 days ago4 views

EUVD-2026-42140

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, coder open app opens external workspace-app URLs without validating the scheme or host. When an external app URL contains the $SESSIONTOKEN placeholder the...

7.7CVSS6AI score0.00336EPSS
Exploits0References6
CVE
CVE
added 6 days ago14 views

CVE-2026-55431

Coder prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2 is vulnerable to session-token leakage via coder open app for external workspace apps. The CLI opens external workspace-app URLs without validating scheme/host, and if a URL contains the placeholder $SESSION_TOKEN, the token is substitute...

7.7CVSS6AI score0.00336EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 6 days ago36 views

CVE-2026-55431 Coder's session token leaked to arbitrary hosts via `coder open app` for external workspace apps

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, coder open app opens external workspace-app URLs without validating the scheme or host. When an external app URL contains the $SESSIONTOKEN placeholder the...

7.7CVSS0.00336EPSS
Exploits0References6
OSV
OSV
added 6 days ago6 views

CVE-2026-55431 Coder's session token leaked to arbitrary hosts via `coder open app` for external workspace apps

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, coder open app opens external workspace-app URLs without validating the scheme or host. When an external app URL contains the $SESSIONTOKEN placeholder the...

7.7CVSS6AI score0.00336EPSS
Exploits0References8
Snyk
Snyk
added last week5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the notification URL validation process. An attacker can access internal network resources and potentially expose sensitive internal data by configuring notification URLs to point to hostnames that...

7.7CVSS6AI score0.00437EPSS
Exploits0References2
NVD
NVD
added 2026/07/07 10:16 a.m.18 views

CVE-2026-33264

A bug in BaseSerialization.deserialize allowed unrestricted importstring of attacker-controlled class paths when the Scheduler / API Server loaded a serialized DAG: a DAG author could embed a malicious trigger into a DAG to gain remote code execution on the API Server / Scheduler process, crossin...

9.8CVSS0.01649EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/07 9:20 a.m.37 views

CVE-2026-33264 Apache Airflow: DAG author RCE on webserver via unrestricted import_string() in BaseSerialization.deserialize()

A bug in BaseSerialization.deserialize allowed unrestricted importstring of attacker-controlled class paths when the Scheduler / API Server loaded a serialized DAG: a DAG author could embed a malicious trigger into a DAG to gain remote code execution on the API Server / Scheduler process, crossin...

0.01649EPSS
Exploits0References3
Rows per page
Query Builder