Lucene search
K

681 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/30 11:5 a.m.9 views

CVE-2026-41882

In JetBrains IntelliJ IDEA before 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, 2026.1.1 reading arbitrary local files was possible via built-in web server...

7.4CVSS5.3AI score0.00401EPSS
Exploits0References2
CVE
CVE
added 2026/04/30 11:5 a.m.19 views

CVE-2026-41882

CVE-2026-41882 affects JetBrains IntelliJ IDEA prior to 2024.3.7.1 and versions 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, and 2026.1.1. The issue enables reading arbitrary local files via the built‑in web server. The root cause details are not provided in the given documents. A patch is indicated by th...

7.5CVSS5.3AI score0.00401EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.7 views

PT-2026-36089

Name of the Vulnerable Software and Affected Versions JetBrains IntelliJ IDEA versions prior to 2024.3.7.1 JetBrains IntelliJ IDEA versions prior to 2025.1.7.1 JetBrains IntelliJ IDEA versions prior to 2025.2.6.2 JetBrains IntelliJ IDEA versions prior to 2025.3.4.1 JetBrains IntelliJ IDEA version...

7.5CVSS5.9AI score0.00401EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.11 views

JetBrains IntelliJ IDEA 后置链接漏洞

JetBrains IntelliJ IDEA is an integrated development environment for Java language developed by the Czech company JetBrains. Versions of JetBrains IntelliJ IDEA prior to 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, and 2026.1.1 have a post-link vulnerability. This vulnerability stems from issu...

7.5CVSS5.9AI score0.00401EPSS
Exploits0References1
NVD
NVD
added 2026/04/29 2:16 p.m.5 views

CVE-2026-42520

Jenkins Credentials Binding Plugin 719.v80e905ef14eb and earlier does not sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to write files to arbitrary locations on the node filesystem, which can lead to remote code execution if Jenkins...

7.5CVSS0.00411EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/29 1:31 p.m.34 views

CVE-2026-42520

Jenkins Credentials Binding Plugin 719.v80e905ef14eb and earlier does not sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to write files to arbitrary locations on the node filesystem, which can lead to remote code execution if Jenkins...

0.00411EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/29 1:31 p.m.3 views

CVE-2026-42520

Jenkins Credentials Binding Plugin 719.v80e905ef14eb and earlier does not sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to write files to arbitrary locations on the node filesystem, which can lead to remote code execution if Jenkins...

6.5AI score0.00411EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.5 views

PT-2026-35914

Name of the Vulnerable Software and Affected Versions Jenkins Credentials Binding Plugin versions prior to 719.v80e905ef14eb Description Insufficient sanitization of file names for file and zip file credentials allows attackers who can provide credentials to a job to write files to arbitrary...

7.5CVSS6.7AI score0.00411EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/04/27 12:0 a.m.11 views

Juniper Junos OS Vulnerability (JSA100058)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA100058 advisory. - An Out-of-bounds Write vulnerability in the connectivity fault management CFM daemon of Juniper Networks Junos OS on MX Series with MPC-BUILTIN, MPC1 through MPC9 line...

7.1CVSS5.6AI score0.00275EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/23 7:15 p.m.36 views

CVE-2026-41270 Flowise: SSRF Protection Bypass via Unprotected Built-in HTTP Modules in Custom Function Sandbox

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery SSRF protection bypass vulnerability exists in the Custom Function feature. While the application implements SSRF protection via HTTPDENYLIST for axios and...

7.1CVSS0.00234EPSS
Exploits1References1
CVE
CVE
added 2026/04/23 7:15 p.m.13 views

CVE-2026-41270

Flowise (drag‑and‑drop UI for building LLM flows) contains an SSRF protection bypass in the Custom Function sandbox prior to version 3.1.0. The app blocks SSRF via HTTP_DENY_LIST for axios and node-fetch, but it allows use of built‑in Node.js http, https, and net modules inside the NodeVM sandbox...

8.3CVSS5.8AI score0.00234EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2026/04/21 12:16 a.m.11 views

CVE-2026-41295

OpenClaw before 2026.4.2 contains an improper trust boundary vulnerability allowing untrusted workspace channel shadows to execute during built-in channel setup and login. Attackers can clone a workspace with a malicious plugin claiming a bundled channel id to achieve unintended in-process code...

8.5CVSS0.00133EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/20 11:8 p.m.4 views

CVE-2026-41295 OpenClaw < 2026.4.2 - Untrusted Workspace Channel Shadow Code Execution during Built-in Channel Setup

OpenClaw before 2026.4.2 contains an improper trust boundary vulnerability allowing untrusted workspace channel shadows to execute during built-in channel setup and login. Attackers can clone a workspace with a malicious plugin claiming a bundled channel id to achieve unintended in-process code...

8.5CVSS6.3AI score0.00133EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/04/18 12:0 a.m.10 views

Enclawed: A Configurable, Sector-Neutral Hardening Framework for Single-User AI Assistant Gateways

We present enclawed, a hard-fork hardening framework built on top of the OpenClaw single-user personal artificial intelligence AI assistant gateway. enclawed targets deployments that need attestable peer trust, deny-by-default external connectivity, signed-module loading, and a tamper-evident aud...

6AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/17 10:31 p.m.6 views

built-in-math-eval (>=0.1.0 <=0.3.1), function-plot (>=1.0.0 <=1.14.0) +1 more potentially affected by CVE-2026-41507 via math-codegen (>=0.2.5 <=0.4.2)

math-codegen NPM version =0.2.5, =0.1.0, =1.0.0, =0.2.0, =0.5.2 Source cves: CVE-2026-41507 Source advisory: SNYK:JS-MATHCODEGEN-16420747...

9.8CVSS5.8AI score0.00393EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/17 10:31 p.m.8 views

built-in-math-eval (>=0.1.0 <=0.3.1), function-plot (>=1.0.0 <=1.14.0) +1 more potentially affected by CVE-2026-41507 via math-codegen (>=0.2.5 <=0.4.2)

math-codegen NPM version =0.2.5, =0.1.0, =1.0.0, =0.2.0, =0.5.2 Source cves: CVE-2026-41507 Source advisory: OSV:GHSA-P6X5-P4XF-CC4R...

9.8CVSS5.8AI score0.00393EPSS
Exploits0
OSV
OSV
added 2026/04/16 9:50 p.m.5 views

GHSA-XHMJ-RG95-44HV Flowise: SSRF Protection Bypass via Unprotected Built-in HTTP Modules in Custom Function Sandbox

Summary A Server-Side Request Forgery SSRF protection bypass vulnerability exists in the Custom Function feature. While the application implements SSRF protection via HTTPDENYLIST for axios and node-fetch libraries, the built-in Node.js http, https, and net modules are allowed in the NodeVM sandb...

7.1CVSS6AI score0.00234EPSS
Exploits1References3
NVD
NVD
added 2026/04/13 7:16 a.m.6 views

CVE-2026-5085

Solstice::Session versions through 1440 for Perl generates session ids insecurely. The generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand function and the process id. The same method is used in the generateID method in...

9.1CVSS0.00339EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/10 6:31 p.m.9 views

Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters

Apache Log4j Core's XmlLayout, in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 specification, producing invalid XML output whenever a log message or MDC value contains such characters. The impact depends on the StAX implementation in use: JRE built-in...

7.5CVSS5.7AI score0.0086EPSS
Exploits0References8Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/09 7:23 p.m.3 views

CVE-2026-22682

OpenHarness prior to commit 166fcfe contains an improper access control vulnerability in built-in file tools due to inconsistent parameter handling in permission enforcement, allowing attackers who can influence agent tool execution to read arbitrary local files outside the intended repository...

8.4CVSS6.2AI score0.00127EPSS
Exploits0References1
Rows per page
Query Builder