Lucene search
K

14318 matches found

Nuclei
Nuclei
added 11 hours ago90 views

NocoBase - SQL Injection

NocoBase versions prior to 2.0.39 contain a SQL injection vulnerability in the @nocobase/database package. The queryParentSQL function in eager-loading-tree.ts constructs a recursive CTE query by directly concatenating user-controlled primary key values into the SQL WHERE IN clause without...

8.8CVSS6.2AI score0.01875EPSS
Exploits1References2
NVD
NVD
added 17 hours ago6 views

CVE-2026-44747

SAP NetWeaver Application Server ABAP allows an authenticated attacker to leverage logical errors in memory management to cause a memory corruption that could lead to unauthorized data access, modification, or system unavailability. This has high impact on confidentiality, integrity, and...

9.9CVSS
Exploits0References2
CVE
CVE
added 18 hours ago16 views

CVE-2026-58233

Summary: CVE-2026-58233 affects SAP Change and Transport System Attach Tool (ctsattach). An authenticated attacker can supply a specially crafted archive that, when processed by the application’s library, triggers insecure deserialization and remote code execution (RCE). Exploitation requires the...

7.6CVSS6.6AI score
Exploits0References2
Cvelist
Cvelist
added 18 hours ago7 views

CVE-2026-44747 Memory Corruption vulnerability in SAP NetWeaver Application Server ABAP

SAP NetWeaver Application Server ABAP allows an authenticated attacker to leverage logical errors in memory management to cause a memory corruption that could lead to unauthorized data access, modification, or system unavailability. This has high impact on confidentiality, integrity, and...

9.9CVSS
Exploits0References2
EUVD
EUVD
added 18 hours ago6 views

EUVD-2026-43586

SAP NetWeaver Application Server ABAP allows an authenticated attacker to leverage logical errors in memory management to cause a memory corruption that could lead to unauthorized data access, modification, or system unavailability. This has high impact on confidentiality, integrity, and...

9.9CVSS6.1AI score
Exploits0References2
NVD
NVD
added yesterday4 views

CVE-2026-6850

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to validate the length and content of message attachment field values, which allows an authenticated attacker to cause a denial of service for all users in a channel via a post containing a specially crafted payload tha...

6.5CVSS0.00235EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday25 views

CVE-2026-6850 Crafted message attachment causes client-side denial of service via markdown parser regex backtracking in Mattermost

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to validate the length and content of message attachment field values, which allows an authenticated attacker to cause a denial of service for all users in a channel via a post containing a specially crafted payload tha...

6.5CVSS0.00235EPSS
Exploits0References1
CVE
CVE
added yesterday12 views

CVE-2026-6850

Mattermost is affected (versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x

6.5CVSS6.1AI score0.00235EPSS
Exploits0References1Affected Software1
CVE
CVE
added 4 days ago10 views

CVE-2026-55474

Snipe-IT (IT asset/license management) is affected by a directory-traversal in ActionlogController::displaySig prior to version 8.5.0. The route filename parameter is concatenated into a private upload-directory path without sanitization, enabling an authenticated attacker to read arbitrary files...

7.1CVSS6.2AI score0.00329EPSS
Exploits0References4Affected Software1
NVD
NVD
added 4 days ago6 views

CVE-2026-59190

grav-plugin-admin is an HTML user interface that provides a way to configure Grav and create and modify pages. In 1.10.52 and earlier, an authenticated attacker with admin.users permission can change the password of any user account, including the super administrator, by sending a direct POST...

8.7CVSS0.00215EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago4 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview 9router is a 9Router CLI - Start and manage 9Router server Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition through the image process in open-sse/translator/concerns/image.js. An attacker can access internal-only HTTP services by...

7.4CVSS6.1AI score0.00154EPSS
Exploits0References2
NVD
NVD
added 4 days ago6 views

CVE-2026-56676

9Router is an AI router & token saver. Prior to 0.5.2, 9router validates image URLs by resolving the host before fetching, but open-sse/translator/concerns/image.js performs the later server-side image fetch with a separate DNS resolution. An authenticated attacker with access to the LLM proxy ca...

7.4CVSS0.00154EPSS
Exploits0References3
OSV
OSV
added 4 days ago3 views

CVE-2026-56676 9router: Image prefetch DNS rebinding allows SSRF to internal services

9Router is an AI router & token saver. Prior to 0.5.2, 9router validates image URLs by resolving the host before fetching, but open-sse/translator/concerns/image.js performs the later server-side image fetch with a separate DNS resolution. An authenticated attacker with access to the LLM proxy ca...

7.4CVSS6.1AI score0.00154EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42905

The Grav API plugin getgrav/grav-plugin-api before 1.0.3 fails to sanitize SVG files uploaded through the POST /api/v1/media endpoint. The HandlesMediaUploads::processUploadedFile method validates only the file extension and never invokes Security::sanitizeSVG, so an authenticated attacker with t...

5.1CVSS6.2AI score0.00141EPSS
Exploits0References2
CVE
CVE
added 4 days ago6 views

CVE-2026-61456

Grav API plugin (getgrav/grav-plugin-api) before 1.0.3 is vulnerable to stored XSS via SVG uploads. The HandlesMediaUploads::processUploadedFile() path only validates file extension and does not call Security::sanitizeSVG(), enabling an authenticated attacker with api.media.write to upload an SVG...

5.1CVSS6.2AI score0.00141EPSS
Exploits0References2
CVE
CVE
added 4 days ago9 views

CVE-2026-41880

CVE-2026-41880: R-SOFT DMS OCR module is vulnerable to OS Command Injection via unsanitized user-controllable file paths passed to the system shell through SSH. An authenticated attacker triggering OCR on an uploaded file can execute commands as root. The issue is mitigated by fixes in v3.19-2862...

9CVSS6.2AI score0.01331EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-41877 Stored XSS in R-SOFT DMS

R-SOFT DMS is vulnerable to Stored XSS in file upload functionality. Authenticated attacker can inject arbitrary HTML and JS into the name of the file being uploaded, which will be executed when visiting file list or upload status by other users. This issue was fixed in version v3.19-2832 and...

5.1CVSS0.0039EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-41876 OS Command Injection in R-SOFT DMS

R-SOFT DMS is vulnerable to OS Command Injection in konwertujAction function. The document converter executes shell commands using unsanitized file paths and format parameters. This allows an authenticated attacker to execute arbitrary system commands with the privileges of the web server user...

8.7CVSS0.01228EPSS
Exploits0References1
Veracode
Veracode
added 4 days ago7 views

Improper Access Control

Coder is vulnerable to Improper Access Control. The vulnerability is due to the tailnet coordinator validating an agent's Addresses but not its AllowedIPs, which allows an authenticated attacker to advertise unauthorized IP prefixes that are propagated to WireGuard peers, potentially enabling...

8.2CVSS6.1AI score0.00405EPSS
Exploits0References9Affected Software2
CVE
CVE
added 4 days ago9 views

CVE-2026-12123

CVE-2026-12123 describes a Server-Side Request Forgery in the WordPress plugin All-in-One Video Gallery (versions

6.4CVSS6AI score0.00246EPSS
Exploits0References12
Rows per page
Query Builder