Lucene search
K

122 matches found

Github Security Blog
Github Security Blog
added 2026/03/10 6:48 p.m.6 views

MCP Atlassian has SSRF via unvalidated X-Atlassian-Jira-Url / X-Atlassian-Confluence-Url headers

Summary An unauthenticated attacker who can reach the mcp-atlassian HTTP endpoint can force the server process to make outbound HTTP requests to an arbitrary attacker-controlled URL by supplying two custom HTTP headers without an Authorization header. No authentication is required. The...

8.2CVSS6.1AI score0.14958EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/03/04 9:58 p.m.7 views

EUVD-2026-9499

Langchain Helm Charts are Helm charts for deploying Langchain applications on Kubernetes. Prior to langchain-ai/helm version 0.12.71, a URL parameter injection vulnerability existed in LangSmith Studio that could allow unauthorized access to user accounts through stolen authentication tokens. The...

8.5CVSS6AI score0.00292EPSS
Exploits0References1
CVE
CVE
added 2026/03/04 9:58 p.m.21 views

CVE-2026-25750

Langchain Helm Charts (prior to version 0.12.71) include a URL parameter injection vulnerability in LangSmith Studio that could exfiltrate a victim’s bearer token, user ID, and workspace ID to an attacker-controlled server when an authenticated LangSmith user clicks a malicious link. Affected dep...

8.5CVSS6AI score0.00292EPSS
Exploits0References1Affected Software1
The Hacker News
The Hacker News
added 2026/02/26 6:13 a.m.18 views

Cisco SD-WAN Zero-Day CVE-2026-20127 Exploited Since 2023 for Admin Access

A newly disclosed maximum-severity security flaw in Cisco Catalyst SD-WAN Controller formerly vSmart and Catalyst SD-WAN Manager formerly vManage has come under active exploitation in the wild as part of malicious activity that dates back to 2023. The vulnerability, tracked as CVE-2026-20127 CVSS...

10CVSS7.2AI score0.57793EPSS
Exploits10
Github Security Blog
Github Security Blog
added 2026/01/06 5:48 p.m.26 views

n8n Vulnerable to RCE via Arbitrary File Write

Impact n8n is affected by an authenticated Remote Code Execution RCE vulnerability. Under certain conditions, an authenticated user may be able to cause untrusted code to be executed by the n8n service. This could result in full compromise of the affected instance. Both self-hosted and n8n Cloud...

9.9CVSS7.4AI score0.05258EPSS
Exploits1References2Affected Software1
GithubExploit
GithubExploit
added 2025/12/31 11:45 a.m.177 views

Exploit for Deserialization of Untrusted Data in Facebook React

Agentic Vulnerability Monitor POC An AI-powered, automated vu...

10CVSS6.7AI score0.99562EPSS
Exploits374
Cvelist
Cvelist
added 2025/12/17 12:0 a.m.25 views

CVE-2025-67793

An issue was discovered in DriveLock 24.1 through 24.1., 24.2 through 24.2., and 25.1 before 25.1.6. Users with the "Manage roles and permissions" privilege can promote themselves or other DOC users to the Supervisor role through an API call. This privilege is included by default in the...

0.00268EPSS
Exploits0References1
Qualys Blog
Qualys Blog
added 2025/11/19 7:20 a.m.7 views

What is Patch Management Automation and Why It Matters

Executive Summary Environments rarely stay as orderly as they begin. New workloads, faster releases, and growing attack surfaces stretch manual patching beyond its limits. The real risk emerges in the widening gap between spotting a vulnerability and fixing it. Automated patch management closes...

7AI score
Exploits0
Cvelist
Cvelist
added 2025/11/10 9:51 p.m.9 views

CVE-2025-64504 Langfuse vulnerable to cross‑organization enumeration of member & invitation lists via project membership APIs

Langfuse is an open source large language model engineering platform. Starting in version 2.70.0 and prior to versions 2.95.11 and 3.124.1, in certain project membership APIs, the server trusted a user‑controlled orgId and used it in authorization checks. As a result, any authenticated user on th...

5CVSS0.00325EPSS
Exploits0References6
OSV
OSV
added 2025/10/21 6:3 p.m.4 views

GHSA-27C9-VP3W-6WW8 Shopware exposes sensitive user information via CSV export mapping

Impact Malicious actors can exploit this finding to export sensitive customer information from a Shopware application, including password hashes and password reset tokens. In SaaS deployments, this primarily affects customer accounts. In on-premise deployments, however, it also includes the hashe...

4.9CVSS6.5AI score
Exploits0References3
Cvelist
Cvelist
added 2025/10/13 8:46 p.m.9 views

CVE-2025-61688 Omni leaks information via the API

Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Prior to 1.1.5 and 1.0.2, Omni might leak sensitive information via an API...

8.6CVSS0.00291EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-6202

Malware in sbrugna...

9.3CVSS8.2AI score0.0736EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2025-29069

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.50118EPSS
Exploits14References3
OSV
OSV
added 2025/09/29 9:15 p.m.2 views

CVE-2025-34234

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 VA/SaaS deployments contain two hardcoded private keys that are shipped in the application containers printerlogic/pi, printerlogic/printer-admin-api, and printercloud/pi...

7.5CVSS5.7AI score0.00382EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/09/12 12:0 a.m.3 views

PT-2025-37340

Name of the Vulnerable Software and Affected Versions Flowise versions 3.0.5 and earlier Description The forgot-password endpoint returns sensitive information, including a valid password reset tempToken, without requiring authentication or verification. This allows a remote attacker to generate ...

10CVSS6AI score0.50118EPSS
Exploits14References48
CNNVD
CNNVD
added 2025/07/02 12:0 a.m.4 views

Delinea Secret Server 安全漏洞

Delinea Secret Server is a powerful PAM in the cloud or locally from Delinea USA. A security vulnerability exists in Delinea Secret Server version 11.7.49 and earlier, which stems from insufficient validation in the initial authorization event and could lead to distributed engine impersonation...

3.8CVSS6.6AI score0.00126EPSS
Exploits0References4
OSV
OSV
added 2025/06/04 5:15 p.m.5 views

CVE-2025-20286

A vulnerability in Amazon Web Services AWS, Microsoft Azure, and Oracle Cloud Infrastructure OCI cloud deployments of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, modify system configuration...

9.8CVSS5.9AI score0.01046EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/04/28 12:0 a.m.7 views

The vulnerability of the eval() function in Cloud Deployment modules and the Query Tool, a database management tool for pgAdmin 4, allows a hacker to execute arbitrary code.

The vulnerability of the eval function in the Cloud Deployment and Query Tool modules of the pgAdmin 4 database management tool is related to improper code generation during processing of endpoints like /sqleditor/querytool/download and /cloud/deploy, when the querycommited and highavailability...

9.9CVSS8.4AI score0.46222EPSS
Exploits8References8Affected Software2
Redos
Redos
added 2025/04/24 12:0 a.m.16 views

ROS-20250424-12

A vulnerability in the eval function of the Cloud Deployment and Query Tool modules of the database management tool pgAdmin 4 is related to incorrect code generation control when processing endpoints /sqleditor/querytool/download and /cloud/deploy with querycommitted and highavailability...

9.9CVSS7.5AI score0.46222EPSS
Exploits8
RedhatCVE
RedhatCVE
added 2025/04/05 12:37 p.m.29 views

CVE-2025-2945

Remote Code Execution security vulnerability in pgAdmin 4 Query Tool and Cloud Deployment modules. The vulnerability is associated with the 2 POST endpoints; /sqleditor/querytool/download, where the querycommited parameter and /cloud/deploy endpoint, where the highavailability parameter is unsafe...

9.9CVSS8.6AI score0.46222EPSS
Exploits8References4
Rows per page
Query Builder