Lucene search
K

118 matches found

Nuclei
Nuclei
added 12 hours ago19 views

Emby Server - Authentication Bypass

Emby Server is a user-installable home media server which stores and organizes a user's media files of virtually any format and makes them available for viewing at home and abroad on a broad range of client devices. This vulnerability may allow administrative access to an Emby Server system,...

9.1CVSS6.9AI score0.01713EPSS
Exploits0References2
NVD
NVD
added 2026/07/07 4:17 a.m.10 views

CVE-2026-34047

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, terminal WebSocket bootstrap routes did not enforce the expected authorization middleware, allowing an authenticated user to access terminal functionality for resources...

9.9CVSS0.00373EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/07 3:6 a.m.6 views

EUVD-2026-41987

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, the sentineltoken setting is used in shell commands without sufficient validation, allowing an authenticated user with access to server Sentinel settings to inject shell...

8.8CVSS6AI score0.00403EPSS
Exploits0References3
CVE
CVE
added 2026/07/07 2:58 a.m.12 views

CVE-2026-34058

CVE-2026-34058 : Coolify prior to 4.0.0-beta.471 is vulnerable to OS Command Injection in the Livewire component Server\Resources. The public methods startUnmanaged, stopUnmanaged, and restartUnmanaged accept a container ID directly from the browser without sanitization, and this value is interpo...

8.8CVSS6.2AI score0.00352EPSS
Exploits0References4
OSV
OSV
added 2026/07/06 9:4 p.m.3 views

CVE-2026-32718 Coolify read-scoped API tokens can perform state-changing validation operations

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, mutating API validation endpoints are guarded by read ability, allowing read-scoped API tokens to perform state-changing operations such as validating cloud tokens and...

6.5CVSS5.9AI score0.00213EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.9 views

PT-2026-55770

Name of the Vulnerable Software and Affected Versions nextlevelbuilder GoClaw versions prior to 3.13.0-beta.3 Description An issue exists in the WebSocket RPC Handler component within the MethodRouter.Handle function of the internal/gateway/router.go file. This flaw allows for remote manipulation...

6.5CVSS6.6AI score0.00228EPSS
Exploits0References10
NVD
NVD
added 2026/06/30 3:16 p.m.15 views

CVE-2026-27883

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, the GET /api/v1/deployments/uuid endpoint allows any authenticated user to access deployment details belonging to any team, bypassing team-based authorization. The $teamId ...

5CVSS0.00213EPSS
Exploits0References1
CVE
CVE
added 2026/06/28 9:45 p.m.23 views

CVE-2026-13508

Affects khoj-ai khoj versions up to 2.0.0-beta.28; vulnerable component is the Conversation Sharing Handler in src/khoj/routers/api_chat.py, where manipulation of conversation.agent leads to incorrect authorization. The issue enables remote exploitation (exploit published) with attack vector over...

6.5CVSS5.6AI score0.00165EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/01 7:15 p.m.34 views

CVE-2026-10285 DevaslanPHP project-management Ticket KanbanScrumHelper.php recordUpdated improper authorization

A vulnerability has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this issue is the function KanbanScrumHelper::recordUpdated of the file app/Helpers/KanbanScrumHelper.php of the component Ticket Handler. The manipulation leads to improper authorization. The attack i...

5.5CVSS0.0023EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/01 4:3 p.m.15 views

CVE-2026-44287

FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, the JavaScript sandbox worker at projects/code-sandbox/src/pool/worker.ts:356 blocks dynamic import with the regex /\bimport\s\/.testcode. JavaScript syntax accepts a block comment between import and ; the regex matches only ASCII...

6.3CVSS6AI score0.00239EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/29 7:33 p.m.42 views

CVE-2026-44287 FastGPT: sandbox escape to RCE - code-sandbox regex /\bimport\s*\(/ is bypassable

FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, the JavaScript sandbox worker at projects/code-sandbox/src/pool/worker.ts:356 blocks dynamic import with the regex /\bimport\s/.testcode. JavaScript syntax accepts a block comment between import and ; the regex matches only ASCII...

6.3CVSS0.00239EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/29 7:32 p.m.11 views

CVE-2026-44285 FastGPT: SSRF Protection Bypass via `externalFile` in Dataset Preview API

FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery SSRF vulnerability allows an authenticated attacker to bypass the global isInternalAddress network protection and make arbitrary HTTP GET requests to internal network services. This is achieved by...

7.7CVSS5.9AI score0.00263EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.15 views

Fedora 45 : libcaca (2026-1151ae6bdf)

The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-1151ae6bdf advisory. Automatic update for libcaca-0.99-0.83.beta20.fc45. Changelog Tue May 26 2026 Xavier Bachelot - 0.99-0.83.beta20 - Fix CVE-2026-42046 RHBZ2475408 Tenable has...

7.8CVSS5.8AI score0.00223EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/18 9:0 p.m.7 views

@antv/g6 (>=5.0.0-alpha.1 <=5.0.0-beta.28) potentially affected by unknown CVE via @antv/layout-wasm (=1.3.1)

@antv/layout-wasm NPM version =1.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/layout-wasm and may be impacted: - @antv/g6 =5.0.0-alpha.1, =5.0.0-beta.28 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVLAYOUTWASM-16755070...

5.5AI score
Exploits0
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Grav 安全漏洞

Grav is a scalable content management system CMS developed by the Grav open-source community, suitable for use in personal blogs, small content publishing platforms, and single-page product displays. Version Grav 2.0.0-beta.2 contains a security vulnerability. This vulnerability arises from the...

8.8CVSS5.9AI score0.00336EPSS
Exploits1References1
NVD
NVD
added 2026/05/11 5:16 p.m.32 views

CVE-2026-42843

Grav API Plugin is a RESTful API for Grav CMS that provides full headless access to your site's content, media, configuration, users, and system management. Prior to 1.0.0-beta.15, an insecure direct object reference and logic flaw in the Grav API plugin UsersController::update allows any...

8.8CVSS0.0035EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/11 3:22 p.m.54 views

CVE-2026-42612 Grav: Publisher-Level Stored XSS via Unquoted Event Attributes

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a stored Cross-Site Scripting XSS vulnerability in getgrav/grav allows publisher-level accounts to execute arbitrary JavaScript. The issue arises from a blacklist bypass in the detectXss function when handling unquoted HTML event attribute...

8.5CVSS0.00238EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/05 1:35 p.m.13 views

Missing Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization via the Microsoft Teams SSO invoke handler. An attacker can gain unauthorized access to Teams SSO signin functionality by sending specially crafted SSO invoke reques...

6.3CVSS5.8AI score0.00231EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/04 8:57 p.m.9 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition through a race condition in the write process. An attacker can cause unauthorized file writes outside the intended sandbox mount root by...

9.6CVSS5.8AI score0.02442EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/04/13 11:25 p.m.6 views

SUSE CVE-2026-40188

goshs is a SimpleHTTPServer written in Go. From 1.0.7 to before 2.0.0-beta.4, the SFTP command rename sanitizes only the source path and not the destination, so it is possible to write outside of the root directory of the SFTP. This vulnerability is fixed in 2.0.0-beta.4...

7.7CVSS5.8AI score0.00318EPSS
Exploits1References3
Rows per page
Query Builder