Lucene search
K

2836 matches found

EUVD
EUVD
added 4 hours ago3 views

EUVD-2026-43559

9Router through version 0.4.41 contains an unauthenticated access vulnerability that allows remote attackers to interact with provider management API endpoints by sending requests without any credentials due to missing authentication middleware in the Next.js API routes under...

9.8CVSS6.1AI score
Exploits0References3
EUVD
EUVD
added 4 hours ago3 views

EUVD-2026-43544

Argo CD Helm Chart before 10.0.0 fails to install network policies by default, allowing any pod on a cluster to access repo-server and other Argo APIs. Attackers can exploit this unrestricted network access through combined attacks to achieve cluster compromise and remote code execution...

8.6CVSS6.2AI score
Exploits0References3
Nuclei
Nuclei
added yesterday26 views

CyberPower - Missing Authentication

An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. id: CVE-2024-32735 info: name: CyberPower - Missing Authentication author: DhiyaneshDK severity: critical description: | An issue regarding missing authentication for certai...

9.8CVSS7AI score0.06765EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday129 views

Vanna - SQL injection

Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web APIs. Attackers can inject malicious SQL training data and generate corresponding queries to write arbitrary files on the victim's file system, such as backdoor.php with contents . This can lead to...

9.8CVSS7.2AI score0.03452EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago9 views

Malicious code in polygon-gama-apis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0e5efa9d57dae04a6082dfa776d2c2664f3ce5a838ed9cf56f40656937b7e92 polygon-gama-apis exports getPlugin, which fetches JSON from https://bet.slotgambit.com/icons/111 and passes the response field data.credits directly...

6.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago6 views

Malicious code in polygon-gamma-apis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a49bd3ddb3340e0ef3c76465b6e275d45ddc8eecdbd742747acde8588a2018b4 [email protected] advertises itself as a 'TypeScript SDK for the Polymarket CLOB API' but ships no Polymarket API surface. The exported...

6.1AI score
Exploits0References3
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42811

Improper access control in IAFDService prior to SMR Jul-2026 Release 1 allows local privileged attackers to use the privileged APIs...

6.9CVSS5.9AI score0.00099EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-21040

Improper access control in IAFDService prior to SMR Jul-2026 Release 1 allows local privileged attackers to use the privileged APIs...

6.9CVSS5.9AI score0.00099EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-21040

Improper access control in IAFDService prior to SMR Jul-2026 Release 1 allows local privileged attackers to use the privileged APIs...

6.9CVSS0.00099EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago7 views

Malicious code in polymarket-apis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd77c8861490c0b5607b4029f8f9e51f12efb83a6696fc51b953b0a3cde1356b The package impersonates the Polymarket brand name polymarket-apis, author polymarket but contains no Polymarket API integration. Its exported...

6.4AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago8 views

Malicious code in polymarket-trader-apis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 54436b6dea3d66e295c1ca82184b4f4b904d8441a68e77845f37cbb039c5f3c9 [email protected] advertises itself as a Polymarket trading helper but its main entry is a remote code loader. The default-exported...

6.6AI score
Exploits0References3
RedHat Linux
RedHat Linux
added last week14 views

Important: Red Hat Security Advisory: Assisted Installer RHEL 9 components for Multicluster Engine for Kubernetes 2.6.12

Assisted installer RHEL 9 components for the multicluster engine for Kubernetes 2.6.12 General Availability release, with updates to container images. Assisted Installer RHEL 9 integrates components for the general multicluster engine for Kubernetes 2.6.12 release that simplify the process of...

9.6CVSS6.7AI score0.00478EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added last week8 views

Important: Red Hat Security Advisory: Assisted Installer RHEL 8 components for Multicluster Engine for Kubernetes 2.6.12

Assisted installer RHEL 8 components for the multicluster engine for Kubernetes 2.6.12 General Availability release, with updates to container images. Assisted Installer RHEL 8 integrates components for the general multicluster engine for Kubernetes 2.6.12 release that simplify the process of...

9.6CVSS6AI score0.00478EPSS
Exploits0References4
Fedora
Fedora
added 2026/07/06 2:55 p.m.32 views

[SECURITY] Fedora 44 Update: rust-wayland-scanner-0.31.10-3.fc44

Wayland Scanner for generating rust APIs from XML wayland protocol files...

5.9AI score
Exploits0
Snyk
Snyk
added 2026/07/03 10:19 p.m.6 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the organization permission APIs due to insufficient visibility checks for hidden members and private organizations. An attacker can access private visibility information by querying these APIs. Remediation...

7.5CVSS6AI score0.00353EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 12:34 a.m.7 views

EUVD-2026-40640

Inappropriate implementation in PerformanceAPIs in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00201EPSS
Exploits0References3
CVE
CVE
added 2026/06/30 10:38 p.m.165 views

CVE-2026-13952

CVE-2026-13952 describes an inappropriate implementation in Chrome's PerformanceAPIs prior to 150.0.7871.47, allowing a remote attacker to leak cross-origin data through a crafted HTML page. The issue affects Google Chrome (Chromium-based). The vulnerability’s root cause is an insecure data expos...

4.3CVSS5.8AI score0.00201EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/30 10:38 p.m.27 views

CVE-2026-13952

Inappropriate implementation in PerformanceAPIs in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

0.00201EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 10:34 p.m.6 views

GO-2026-5402 SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs in github.com/siyuan-note/siyuan/kernel

SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs in github.com/siyuan-note/siyuan/kernel...

7.2CVSS5.9AI score0.00207EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 4:53 p.m.6 views

EUVD-2026-39493

AES-GCM encryption/decryption with extremely large cumulative single message sizes 64 GiB were not properly rejected by the streaming APIs, allowing counter wrap, keystream reuse, and consequent plaintext recovery...

2CVSS5.8AI score0.00114EPSS
Exploits0References2
Rows per page
Query Builder