Lucene search
K

3177 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.9 views

CVE-2026-40884

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs contains an SFTP authentication bypass when the documented empty-username basic-auth syntax is used. If the server is started with -b ':pass' together with -sftp, goshs accepts that configuration but does not install any SFTP...

9.8CVSS5.5AI score0.00478EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.11 views

CVE-2026-39356

Drizzle is a modern TypeScript ORM. Prior to 0.45.2 and 1.0.0-beta.20, Drizzle ORM improperly escaped quoted SQL identifiers in its dialect-specific escapeName implementations. In affected versions, embedded identifier delimiters were not escaped before the identifier was wrapped in quotes or...

7.5CVSS5.6AI score0.00392EPSS
Exploits0References1
NVD
NVD
added 2026/06/05 2:17 a.m.28 views

CVE-2026-41567

Moby is an open source container framework. In versions prior to 29.5.1 and in moby/moby v2 prior to v2.0.0-beta.14, when a compressed archive is uploaded to a container via PUT /containers/id/archive or piped through docker cp -, the daemon resolves decompression binaries such as xz or unpigz fr...

7.5CVSS0.00153EPSS
Exploits0References4
OSV
OSV
added 2026/06/05 2:17 a.m.4 views

UBUNTU-CVE-2026-41567

Moby is an open source container framework. In versions prior to 29.5.1 and in moby/moby v2 prior to v2.0.0-beta.14, when a compressed archive is uploaded to a container via PUT /containers/id/archive or piped through docker cp -, the daemon resolves decompression binaries such as xz or unpigz fr...

7.5CVSS6AI score0.00153EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/05 12:35 a.m.7 views

CVE-2026-41567

Moby is an open source container framework. In versions prior to 29.5.1 and in moby/moby v2 prior to v2.0.0-beta.14, when a compressed archive is uploaded to a container via PUT /containers/id/archive or piped through docker cp -, the daemon resolves decompression binaries such as xz or unpigz fr...

7.5CVSS6AI score0.00153EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/06/05 12:35 a.m.5 views

CVE-2026-41567

Moby is an open source container framework. In versions prior to 29.5.1 and in moby/moby v2 prior to v2.0.0-beta.14, when a compressed archive is uploaded to a container via PUT /containers/id/archive or piped through docker cp -, the daemon resolves decompression binaries such as xz or unpigz fr...

7.2CVSS6.2AI score0.00153EPSS
Exploits0References2Affected Software3
Snyk
Snyk
added 2026/06/03 9:0 p.m.7 views

Malicious Package

Overview chai-beta is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.5AI score
Exploits0References2
Cvelist
Cvelist
added 2026/06/02 8:36 p.m.34 views

CVE-2026-45289 CloudburstMC Protocol: Partially missing validation for FULL type authentication tokens

CloudburstMC Protocol is a protocol library for Minecraft Bedrock Edition. Prior to version 3.0.0.Beta12-20260420.182526-15, CloudburstMC Protocol is partially missing validation for FULL type authentication tokens Cloudburst/Protocol. This vulnerability impacts publicly accessible software...

5.3CVSS0.0014EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/02 8:36 p.m.11 views

CVE-2026-45289

CloudburstMC Protocol is a protocol library for Minecraft Bedrock Edition. Prior to version 3.0.0.Beta12-20260420.182526-15, CloudburstMC Protocol is partially missing validation for FULL type authentication tokens Cloudburst/Protocol. This vulnerability impacts publicly accessible software...

5.3CVSS5.8AI score0.0014EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.5 views

Protocol 授权问题漏洞

Protocol is a multi-version Minecraft support protocol library developed by Cloudburst. Versions of Protocol prior to 3.0.0.Beta12-20260420.182526-15 contained vulnerabilities related to authorization issues. These vulnerabilities stemmed from a lack of verification for FULL type authentication...

5.3CVSS5.3AI score0.0014EPSS
Exploits0References1
NVD
NVD
added 2026/06/01 9:16 p.m.14 views

CVE-2026-10285

A vulnerability has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this issue is the function KanbanScrumHelper::recordUpdated of the file app/Helpers/KanbanScrumHelper.php of the component Ticket Handler. The manipulation leads to improper authorization. The attack i...

5.5CVSS0.0023EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/01 7:15 p.m.29 views

CVE-2026-10285 DevaslanPHP project-management Ticket KanbanScrumHelper.php recordUpdated improper authorization

A vulnerability has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this issue is the function KanbanScrumHelper::recordUpdated of the file app/Helpers/KanbanScrumHelper.php of the component Ticket Handler. The manipulation leads to improper authorization. The attack i...

5.5CVSS0.0023EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/01 4:3 p.m.11 views

CVE-2026-44287

FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, the JavaScript sandbox worker at projects/code-sandbox/src/pool/worker.ts:356 blocks dynamic import with the regex /\bimport\s\/.testcode. JavaScript syntax accepts a block comment between import and ; the regex matches only ASCII...

6.3CVSS6AI score0.00239EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/06/01 2:12 p.m.6 views

@vitest/browser-playwright (>=5.0.0-beta.1 <=5.0.0-beta.2), @vitest/browser-preview (>=5.0.0-beta.1 <=5.0.0-beta.2) +1 more potentially affected by CVE-2026-47428 via @vitest/browser (>=5.0.0-beta.1 <=5.0.0-beta.2)

@vitest/browser NPM version =5.0.0-beta.1, =5.0.0-beta.1, =5.0.0-beta.1, =5.0.0-beta.1, =5.0.0-beta.2 Source cves: CVE-2026-47428 Source advisory: SNYK:JS-VITESTBROWSER-17120486...

5.4AI score0.0005EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.16 views

PT-2026-45550

A vulnerability has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this issue is the function KanbanScrumHelper::recordUpdated of the file app/Helpers/KanbanScrumHelper.php of the component Ticket Handler. The manipulation leads to improper authorization. The attack i...

5.5CVSS5.4AI score0.0023EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/29 7:33 p.m.19 views

EUVD-2026-33431

FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, the JavaScript sandbox worker at projects/code-sandbox/src/pool/worker.ts:356 blocks dynamic import with the regex /\bimport\s/.testcode. JavaScript syntax accepts a block comment between import and ; the regex matches only ASCII...

6.3CVSS6AI score0.00239EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/29 7:33 p.m.38 views

CVE-2026-44287 FastGPT: sandbox escape to RCE - code-sandbox regex /\bimport\s*\(/ is bypassable

FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, the JavaScript sandbox worker at projects/code-sandbox/src/pool/worker.ts:356 blocks dynamic import with the regex /\bimport\s/.testcode. JavaScript syntax accepts a block comment between import and ; the regex matches only ASCII...

6.3CVSS0.00239EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/29 7:32 p.m.9 views

CVE-2026-44285 FastGPT: SSRF Protection Bypass via `externalFile` in Dataset Preview API

FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery SSRF vulnerability allows an authenticated attacker to bypass the global isInternalAddress network protection and make arbitrary HTTP GET requests to internal network services. This is achieved by...

7.7CVSS5.9AI score0.00263EPSS
Exploits0References1
NVD
NVD
added 2026/05/29 1:16 p.m.17 views

CVE-2026-45043

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, improper validation in the PUT /rustfs/admin/v3/import-iam endpoint allows a user with ImportIAMAction to create service accounts under arbitrary parent identities, including the root user minioadmin. The endpoint...

9.3CVSS0.00226EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2026/05/29 12:0 a.m.61 views

📄 Grav CMS Shell Upload

The Grav CMS Direct Install feature in the Admin plugin allows administrators to upload plugins as ZIP files. The system failed to adequately validate the contents of the ZIP archive or prevent path traversal Zip Slip during extraction. By crafting a malicious plugin that hooks into Grav events...

9.1CVSS6.1AI score0.03934EPSS
Exploits4
Rows per page
Query Builder