Lucene search
K

57420 matches found

ATTACKERKB
ATTACKERKB
added 2026/01/28 8:11 p.m.6 views

CVE-2026-24742

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderators can view sensitive information in staff action logs that should be restricted to administrators only. The exposed information includes webhook payload URLs and...

6.5CVSS5.8AI score0.00255EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/01/28 8:11 p.m.30 views

CVE-2026-24742 Discourse staff action logs expose sensitive information to moderators

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderators can view sensitive information in staff action logs that should be restricted to administrators only. The exposed information includes webhook payload URLs and...

6.5CVSS0.00255EPSS
Exploits0References1
NVD
NVD
added 2026/01/28 6:16 p.m.7 views

CVE-2020-36968

M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to retrieve user password hashes through an administrative API endpoint. Attackers can send requests to the /api/1/admin/users/list and /api/1/admin/users/get endpoints to extract MD5 password hashes for al...

7.1CVSS0.0042EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/01/28 6:16 p.m.2 views

CVE-2020-36968

M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to retrieve user password hashes through an administrative API endpoint. Attackers can send requests to the /api/1/admin/users/list and /api/1/admin/users/get endpoints to extract MD5 password hashes for al...

7.1CVSS5.9AI score0.0042EPSS
Exploits1References4
EUVD
EUVD
added 2026/01/28 5:35 p.m.7 views

EUVD-2020-30882

M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to retrieve user password hashes through an administrative API endpoint. Attackers can send requests to the /api/1/admin/users/list and /api/1/admin/users/get endpoints to extract MD5 password hashes for al...

7.1CVSS5.9AI score0.0042EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/01/28 5:34 p.m.4 views

Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update

An update is now available for Red Hat Ansible Automation Platform 2.5 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

8.9CVSS6.8AI score0.02143EPSS
Exploits2References8
Snyk
Snyk
added 2026/01/28 4:33 p.m.5 views

Malicious Package

Overview api-cache-worker is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/01/28 3:49 p.m.7 views

Operation on a Resource after Expiration or Release

Overview Affected versions of this package are vulnerable to Operation on a Resource after Expiration or Release in the macaroon validation for cross-model authorization. An attacker can maintain unauthorized access to resources by crafting and submitting an invalid macaroon that is incorrectly...

5.5CVSS5.9AI score0.00133EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/01/28 3:32 p.m.11 views

urllib3: urllib3 Streaming API improperly handles highly compressed data

A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...

8.9CVSS5.9AI score0.00622EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/01/28 11:24 a.m.10 views

urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)

urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...

8.9CVSS5.8AI score0.02667EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2026/01/28 9:36 a.m.158 views

BurpSuitePro

Burp Suite Bambda Scripts - Vulnerability Testing Toolkit v2.0...

6AI score
Exploits0
Snyk
Snyk
added 2026/01/28 7:48 a.m.8 views

Malicious Package

Overview ern-picking2-api is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/28 7:48 a.m.11 views

Malicious code in ern-picking2-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4cdd28d37200aac1cd5fc446acddca1c77227c48fbccf070f31a765422439184 The package ern-picking2-api was found to contain malicious code. Source: ghsa-malware 6d206018d9dd4cfb8e95bc0197ea0db4d442ee3b16f5209a2b452bc203dc8d...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/01/28 7:48 a.m.6 views

MAL-2026-569 Malicious code in ern-picking2-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4cdd28d37200aac1cd5fc446acddca1c77227c48fbccf070f31a765422439184 The package ern-picking2-api was found to contain malicious code. Source: ghsa-malware 6d206018d9dd4cfb8e95bc0197ea0db4d442ee3b16f5209a2b452bc203dc8d...

5.8AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/28 6:43 a.m.5 views

CVE-2026-0832 New User Approve <= 3.2.2 - Missing Authorization to Unauthenticated Arbitrary User Approval, Denial, and Information Disclosure

The New User Approve plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple REST API endpoints in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to approve or deny use...

7.3CVSS5.9AI score0.00323EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/01/28 3:16 a.m.12 views

CVE-2026-24477

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant as the vector database with an API key, this QdrantApiKey could be exposed in plain text to unauthenticate...

8.7CVSS5.9AI score0.01566EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2026/01/28 12:25 a.m.6 views

SUSE CVE-2026-22987

In the Linux kernel, the following vulnerability has been resolved: net/sched: actapi: avoid dereferencing ERRPTR in tcfidrinfodestroy syzbot reported a crash in tcactinhw during netns teardown where tcfidrinfodestroy passed an ERRPTR-EBUSY value as a tcaction pointer, leading to an invalid...

5.5CVSS5.8AI score0.00103EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.6 views

Tildeslash M/Monit Security Vulnerability

Tildeslash M/Monit is a server monitoring and management tool developed by Tildeslash Inc. Version 3.7.4 of Tildeslash M/Monit contains a security vulnerability. This vulnerability stems from an authentication flaw in the management API endpoints, which could lead to the retrieval of user passwor...

7.1CVSS5.8AI score0.0042EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.8 views

PT-2026-5218

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 0.301.0 Description An authenticated user with org-level-creator permissions can exploit prototype pollution in the /api/v2/meta/connection/test endpoint. This causes all database write operations to fail...

4.9CVSS5.9AI score0.00348EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.10 views

PT-2026-5067

Name of the Vulnerable Software and Affected Versions New User Approve plugin for WordPress versions up to and including 3.2.2 Description The New User Approve plugin for WordPress is susceptible to unauthorized data access and modification. This is due to a missing capability check on multiple...

7.3CVSS5.2AI score0.00323EPSS
Exploits0References12
Rows per page
Query Builder