Lucene search
K

141 matches found

Vulnrichment
Vulnrichment
added 2026/05/27 2:13 p.m.11 views

CVE-2026-48923

Jenkins AppSpider Plugin 1.0.17 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to connect to an attacker-specified URL...

5.8AI score0.00187EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 2:13 p.m.42 views

CVE-2026-48923

Jenkins AppSpider Plugin 1.0.17 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to connect to an attacker-specified URL...

0.00187EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.15 views

PT-2026-44016

Name of the Vulnerable Software and Affected Versions Jenkins AppSpider Plugin versions prior to 1.0.18 Description A missing permission check in a method implementing form validation allows users with Overall/Read permissions to trigger a connection to an attacker-specified URL. Recommendations...

4.3CVSS5.8AI score0.00187EPSS
Exploits0References3
CVE
CVE
added 2026/05/26 10:1 p.m.56 views

CVE-2026-45298

Dozzle CVE-2026-45298 describes a pre-auth SSRF in default deployments. Before version 10.5.2, POST /api/notifications/test-webhook accepts an attacker-controlled URL and headers, forwards them to a WebhookDispatcher, and returns the downstream response status code plus up to 1 MB of the response...

8.6CVSS5.9AI score0.01491EPSS
Exploits1References2Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/22 6:36 p.m.13 views

Malicious code in express-enrouten-async (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f944bc544f9368e58a223e76e462ddec4ba325c728a233100182706ad8f0ae0e Package name mimics the legitimate express-enrouten route-discovery library, but the shipped index.js only hardcodes two demo routes rather than...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/05/21 9:0 p.m.9 views

MAL-2026-4664 Malicious code in search-connector-template (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24aea8e5a7338c49dc96e3945ed4d695024c2e169f560e6f3426005ca4666ea4 package.json declares preinstall: node index.js, which fires automatically on npm install. index.js collects host identity hostname, username, homedi...

5.9AI score
Exploits0References1
EUVD
EUVD
added 2026/05/19 3:53 p.m.14 views

EUVD-2026-30956

Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via external URL resolution in uploaded IaC templates when running in server mode. When Terrascan parses uploaded ARM templates or CloudFormation templates, it resolves external URLs referenced within those templates v...

9.2CVSS5.8AI score0.00479EPSS
Exploits0References1
OSV
OSV
added 2026/05/14 7:25 p.m.9 views

MAL-2026-3749 Malicious code in @webapp-next/store (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cbad3803cdda40845fe2aa64e0963b9293f9ee523b3f9205a354da2ae1e317bf package.json declares "preinstall": "node index.js", which runs automatically on npm install. index.js collects os.hostname, os.platform, os.arch,...

5.8AI score
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/14 3:1 a.m.29 views

SUSE CVE-2026-41487

Langfuse is an open source large language model engineering platform. From version 3.68.0 to before version 3.167.0, there is a role-based-access control flaw in the LLM connection update flow. An authenticated, low-privileged user of role “member” in a project could request the update of an...

5.4CVSS5.7AI score0.00181EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.17 views

PT-2026-40548

Name of the Vulnerable Software and Affected Versions SillyTavern versions prior to 1.18.0 Description SillyTavern is a locally installed user interface for interacting with large language models, image generation engines, and text-to-speech voice models. The corsProxyMiddleware function forwards...

6.9CVSS5.8AI score0.00375EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/08 2:27 p.m.36 views

CVE-2026-41487 Langfuse: Improper role-based-access control in Langfuse LLM connection management allowed users of role “member” to retrieve stored LLM provider API keys

Langfuse is an open source large language model engineering platform. From version 3.68.0 to before version 3.167.0, there is a role-based-access control flaw in the LLM connection update flow. An authenticated, low-privileged user of role “member” in a project could request the update of an...

5.3CVSS0.00181EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/08 2:27 p.m.13 views

CVE-2026-41487 Langfuse: Improper role-based-access control in Langfuse LLM connection management allowed users of role “member” to retrieve stored LLM provider API keys

Langfuse is an open source large language model engineering platform. From version 3.68.0 to before version 3.167.0, there is a role-based-access control flaw in the LLM connection update flow. An authenticated, low-privileged user of role “member” in a project could request the update of an...

5.3CVSS5.7AI score0.00181EPSS
Exploits0References6
CVE
CVE
added 2026/04/29 1:31 p.m.23 views

CVE-2026-42522

The vulnerability CVE-2026-42522 affects Jenkins’ GitHub Branch Source Plugin (versions including 1967.vdea_d580c1a_b_a_ and earlier). The root cause is a missing permission check that permits attackers with Overall/Read to connect to an attacker-specified URL using attacker-specified GitHub App ...

4.3CVSS5.2AI score0.00184EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/29 1:31 p.m.31 views

CVE-2026-42522

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdead580c1aba and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials...

0.00184EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.6 views

PT-2026-35916

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdea d580c1a b a and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials...

4.3CVSS5.2AI score0.00184EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.7 views

PT-2026-32399

ChurchCRM is an open-source church management system. Prior to 7.0.0, it was possible in many places across the ChurchCRM application to create a link that, when visited by an authenticated user, would redirect them to any URL chosen by an attacker if they clicked 'Cancel' button on the page. For...

5.3CVSS5.8AI score0.00269EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/07 3:53 p.m.16 views

CVE-2026-35578

...

0.00043EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/04/06 9:33 p.m.4 views

CVE-2026-35411 Directus is an Open Redirect in Admin 2FA Setup Page

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, Directus is vulnerable to an open redirect via the redirect query parameter on the /admin/tfa-setup page. When an administrator who has not yet configured Two-Factor Authentication 2FA visits a...

4.3CVSS5.9AI score0.00256EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/06 9:22 p.m.3 views

CVE-2026-35404

Open edX Platform enables the authoring and delivery of online learning at any scale. The viewsurvey endpoint accepts a redirecturl GET parameter that is passed directly to HttpResponseRedirect without any URL validation. When a non-existent survey name is provided, the server issues an immediate...

6.1CVSS5.8AI score0.00223EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.4 views

PT-2026-30739

Name of the Vulnerable Software and Affected Versions Open edX Platform affected versions not specified Description The Open edX Platform allows for the creation and delivery of online learning content. The view survey API endpoint is susceptible to an open redirect issue due to the lack of...

6.1CVSS5.8AI score0.00223EPSS
Exploits1References6
Rows per page
Query Builder