Lucene search
K

57361 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/04 11:22 p.m.5 views

CVE-2025-13192

The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress is vulnerable to generic SQL Injection via the multiple REST API endpoints in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied...

8.2CVSS5.8AI score0.00399EPSS
Exploits0References8
NVD
NVD
added 2026/02/04 11:15 p.m.7 views

CVE-2026-22038

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.46, the AutoGPT platform's Stagehand integration blocks log API keys and authentication secrets in plaintext using...

8.1CVSS0.00433EPSS
Exploits1References2
OSV
OSV
added 2026/02/04 11:15 p.m.5 views

CVE-2026-1894

A vulnerability was detected in WeKan up to 8.20. This impacts an unknown function of the file models/checklistItems.js of the component REST API. Performing a manipulation of the argument item.cardId/item.checklistId/card.boardId results in improper authorization. Remote exploitation of the atta...

5.4CVSS5AI score
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/02/04 10:32 p.m.5 views

CVE-2026-1894

A vulnerability was detected in WeKan up to 8.20. This impacts an unknown function of the file models/checklistItems.js of the component REST API. Performing a manipulation of the argument item.cardId/item.checklistId/card.boardId results in improper authorization. Remote exploitation of the atta...

6.5CVSS6.1AI score0.00236EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/02/04 10:28 p.m.31 views

CVE-2026-22038 AutoGPT's API Keys and Secrets Logged in Plaintext in Stagehand Integration Blocks

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.46, the AutoGPT platform's Stagehand integration blocks log API keys and authentication secrets in plaintext using...

8.1CVSS0.00433EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/04 10:28 p.m.4 views

CVE-2026-22038 AutoGPT's API Keys and Secrets Logged in Plaintext in Stagehand Integration Blocks

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.46, the AutoGPT platform's Stagehand integration blocks log API keys and authentication secrets in plaintext using...

8.1CVSS5.4AI score0.00433EPSS
Exploits1References2
CVE
CVE
added 2026/02/04 10:28 p.m.13 views

CVE-2026-22038

CVE-2026-22038 affects AutoGPT prior to platform-beta-v0.6.46. The vulnerability arises when Stagehand blocks log API keys and authentication secrets in plaintext via logger.info() in StagehandObserveBlock, StagehandActBlock, and StagehandExtractBlock, where api_key.get_secret_value() is logged. ...

8.1CVSS5.4AI score0.00433EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/02/04 10:15 p.m.5 views

CVE-2026-25538

Devtron is an open source tool integration platform for Kubernetes. In version 2.0.0 and prior, a vulnerability exists in Devtron's Attributes API interface, allowing any authenticated user including low-privileged CI/CD Developers to obtain the global API Token signing key by accessing the...

8.8CVSS0.00393EPSS
Exploits1References2
OSV
OSV
added 2026/02/04 10:15 p.m.4 views

CVE-2026-1892

A security vulnerability has been detected in WeKan up to 8.20. This affects the function setBoardOrgs of the file models/boards.js of the component REST API. Such manipulation of the argument item.cardId/item.checklistId/card.boardId leads to improper authorization. The attack may be launched...

5CVSS4.8AI score
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/02/04 10:2 p.m.5 views

CVE-2026-1892 WeKan REST API boards.js setBoardOrgs improper authorization

A security vulnerability has been detected in WeKan up to 8.20. This affects the function setBoardOrgs of the file models/boards.js of the component REST API. Such manipulation of the argument item.cardId/item.checklistId/card.boardId leads to improper authorization. The attack may be launched...

5CVSS4.8AI score0.00241EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/02/04 9:37 p.m.28 views

CVE-2026-25538 Devtron Attributes API Unauthorized Access Leading to API Token Signing Key Leakage

Devtron is an open source tool integration platform for Kubernetes. In version 2.0.0 and prior, a vulnerability exists in Devtron's Attributes API interface, allowing any authenticated user including low-privileged CI/CD Developers to obtain the global API Token signing key by accessing the...

8.7CVSS0.00393EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/02/04 9:37 p.m.5 views

CVE-2026-25538

Devtron is an open source tool integration platform for Kubernetes. In version 2.0.0 and prior, a vulnerability exists in Devtron's Attributes API interface, allowing any authenticated user including low-privileged CI/CD Developers to obtain the global API Token signing key by accessing the...

8.7CVSS5.5AI score0.00393EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/04 9:37 p.m.4 views

CVE-2026-25538 Devtron Attributes API Unauthorized Access Leading to API Token Signing Key Leakage

Devtron is an open source tool integration platform for Kubernetes. In version 2.0.0 and prior, a vulnerability exists in Devtron's Attributes API interface, allowing any authenticated user including low-privileged CI/CD Developers to obtain the global API Token signing key by accessing the...

8.7CVSS5.5AI score0.00393EPSS
Exploits1References2
CVE
CVE
added 2026/02/04 9:37 p.m.16 views

CVE-2026-25538

Devtron CVE-2026-25538 affects the open-source Devtron Kubernetes integration platform (versions up to 2.0.0). A vulnerability in the Attributes API interface allows any authenticated user to access /orchestrator/attributes?key=apiTokenSecret, exposing the global API Token signing key. With the k...

8.8CVSS5.5AI score0.00393EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/02/04 9:37 p.m.5 views

CVE-2026-25538 Devtron Attributes API Unauthorized Access Leading to API Token Signing Key Leakage

Devtron is an open source tool integration platform for Kubernetes. In version 2.0.0 and prior, a vulnerability exists in Devtron's Attributes API interface, allowing any authenticated user including low-privileged CI/CD Developers to obtain the global API Token signing key by accessing the...

8.7CVSS5.5AI score0.00393EPSS
Exploits1References4
OSV
OSV
added 2026/02/04 8:52 p.m.7 views

USN-8015-2 linux-realtime, linux-realtime-6.8, linux-raspi-realtime vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - SMB network file system; - iouring subsystem; CVE-2025-38561, CVE-2025-39698, CVE-2025-40019...

8.8CVSS6.7AI score0.00391EPSS
Exploits2References4
Ubuntu
Ubuntu
added 2026/02/04 8:52 p.m.7 views

USN-8015-2: Linux kernel (Real-time) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - SMB network file system; - iouring subsystem; CVE-2025-38561, CVE-2025-39698, CVE-2025-40019...

8.8CVSS8.3AI score0.00391EPSS
Exploits2
Cvelist
Cvelist
added 2026/02/04 8:52 p.m.24 views

CVE-2024-39724 IBM Db2 Big SQL on Cloud Pak for Data is vulnerable to a denial of service due to lack of throttling on an API

IBM Db2 Big SQL on Cloud Pak for Data versions 7.6 on CP4D 4.8, 7.7 on CP4D 5.0, and 7.8 on CP4D 5.1 do not properly limit the allocation of system resources. An authenticated user with internal knowledge of the environment could exploit this weakness to cause a denial of service...

5.3CVSS0.00293EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/04 8:52 p.m.5 views

CVE-2024-39724 IBM Db2 Big SQL on Cloud Pak for Data is vulnerable to a denial of service due to lack of throttling on an API

IBM Db2 Big SQL on Cloud Pak for Data versions 7.6 on CP4D 4.8, 7.7 on CP4D 5.0, and 7.8 on CP4D 5.1 do not properly limit the allocation of system resources. An authenticated user with internal knowledge of the environment could exploit this weakness to cause a denial of service...

5.3CVSS5.7AI score0.00293EPSS
Exploits0References1
CVE
CVE
added 2026/02/04 8:52 p.m.12 views

CVE-2024-39724

CVE-2024-39724 pertains to IBM Db2 Big SQL on Cloud Pak for Data. The issue: insufficient throttling/limits on resource allocation allows an authenticated user with internal knowledge of the environment to cause a denial of service. Affected versions include 7.6 on CP4D 4.8, 7.7 on CP4D 5.0, and ...

5.3CVSS5.7AI score0.00293EPSS
Exploits0References1
Rows per page
Query Builder