Lucene search
K

33935 matches found

Packet Storm
Packet Storm
added 2026/05/11 12:0 a.m.91 views

📄 Grafana 11.2.0 Server-Side Request Forgery

This Python script targets a server-side request forgery vulnerability in Grafana version 11.2.0. It abuses a path traversal flaw in the /render endpoint to make the server send requests to internal or otherwise restricted resources...

7.6CVSS7.3AI score0.97809EPSS
Exploits6
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.8 views

MLflow 代码问题漏洞

MLflow is an open-source platform that simplifies machine learning development. It includes features for tracking experiments, packaging code for reproducible runs, and sharing and deploying models. Versions of MLflow prior to 3.9.0 contained code vulnerabilities. These vulnerabilities stemmed fr...

7.1CVSS7.2AI score0.00288EPSS
Exploits1References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/10 8:29 p.m.10 views

Malicious code in django-b64-img (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f5ebdaebc61cf7a888322348e074f219519b7d09a24ab91732d8bc5061d86b2e The package provides a special image-storing field for Django REST Framework based on a legitimate implementation from the Hipo/drf-extra-fields repository. Th...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/10 8:29 p.m.7 views

MAL-2026-3413 Malicious code in django-b64-img (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f5ebdaebc61cf7a888322348e074f219519b7d09a24ab91732d8bc5061d86b2e The package provides a special image-storing field for Django REST Framework based on a legitimate implementation from the Hipo/drf-extra-fields repository. Th...

5.8AI score
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/10 7:11 a.m.122 views

Exploit for Missing Authentication for Critical Function in Flowiseai Flowise

Overview This repository combines two critical vulnerabilities i...

10CVSS5.9AI score0.90183EPSS
Exploits29
Fedora
Fedora
added 2026/05/10 2:55 a.m.9 views

[SECURITY] Fedora 44 Update: rclone-1.74.0-2.fc44

"rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Driv e, Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex Files...

9.8CVSS5.8AI score0.34734EPSS
Exploits3
Packet Storm News
Packet Storm News
added 2026/05/10 12:0 a.m.9 views

Security Risks in Tool-Enabled AI Agents: A Systematic Analysis of Privileged Execution Environments

Tool-enabled AI agents are increasingly deployed in cloud-hosted environments and offered as services, where they perform side-effecting operations through privileged tools within execution environments. While such agents enable powerful automation, the security implications of hosting autonomous...

5.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/10 12:0 a.m.6 views

openSUSE 16 Security Update : google-cloud-sap-agent (openSUSE-SU-2026:20669-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20669-1 advisory. This update for google-cloud-sap-agent fixes the following issue: - CVE-2026-34986: github.com/go-jose/go-jose/v4: processing of JWE object with empty...

7.5CVSS5.9AI score0.00651EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/09 8:29 a.m.39 views

CVE-2026-32683

Some EZVIZ products utilize older versions of cloud feature modules with legacy API interfaces, which pose a data transmission risk. Attackers can exploit this by eavesdropping on network requests to obtain data.Users are advised to upgrade the app to the latest version and enable the video...

5.3CVSS0.00088EPSS
Exploits1References2
CVE
CVE
added 2026/05/09 8:29 a.m.23 views

CVE-2026-32683

CVE-2026-32683 affects EZVIZ products that use older cloud feature modules with legacy API interfaces. The root issue is data transmission risk due to these outdated modules, potentially allowing an attacker to eavesdrop on network requests and obtain data. The available sources describe the impa...

5.3CVSS5.8AI score0.00088EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/09 8:29 a.m.7 views

CVE-2026-32683

Some EZVIZ products utilize older versions of cloud feature modules with legacy API interfaces, which pose a data transmission risk. Attackers can exploit this by eavesdropping on network requests to obtain data.Users are advised to upgrade the app to the latest version and enable the video...

5.3CVSS5.8AI score0.00088EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/09 8:29 a.m.8 views

CVE-2026-32683

Some EZVIZ products utilize older versions of cloud feature modules with legacy API interfaces, which pose a data transmission risk. Attackers can exploit this by eavesdropping on network requests to obtain data.Users are advised to upgrade the app to the latest version and enable the video...

5.3CVSS5.8AI score0.00088EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/05/09 2:21 a.m.9 views

CVE-2026-35428

Improper neutralization of special elements used in a command 'command injection' in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network...

9.6CVSS5.8AI score0.00933EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/09 12:0 a.m.9 views

EZVIZ APP 安全漏洞

EZVIZ APP is a mobile application developed by EZVIZ, a Chinese company, for remote monitoring and management of smart security devices. The EZVIZ APP has a security vulnerability, which stems from the use of outdated cloud function modules and legacy API interfaces. This vulnerability may allow...

5.3CVSS5.8AI score0.00088EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/09 12:0 a.m.9 views

PT-2026-39324

Name of the Vulnerable Software and Affected Versions EZVIZ products affected versions not specified Description Certain products use outdated cloud feature modules with legacy API interfaces, creating a data transmission risk. This allows attackers to obtain data by eavesdropping on network...

5.3CVSS5.8AI score0.00088EPSS
Exploits1References8
NVD
NVD
added 2026/05/08 11:16 p.m.13 views

CVE-2026-42345

FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress function in packages/service/common/system/utils.ts blocks cloud metadata endpoints using a fullUrl.startsWith check against a hardcoded list. This check can be bypassed using at least 7 different...

7.7CVSS0.00213EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/08 10:11 p.m.9 views

EUVD-2026-28855

FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress function in packages/service/common/system/utils.ts blocks cloud metadata endpoints using a fullUrl.startsWith check against a hardcoded list. This check can be bypassed using at least 7 different...

7.7CVSS5.8AI score0.00213EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/08 10:11 p.m.7 views

CVE-2026-42345 FastGPT: Cloud metadata endpoint SSRF protection bypass via port specification, IPv6 mapping, hex/decimal IP encoding, and trailing dot

FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress function in packages/service/common/system/utils.ts blocks cloud metadata endpoints using a fullUrl.startsWith check against a hardcoded list. This check can be bypassed using at least 7 different...

7.7CVSS5.8AI score0.00213EPSS
Exploits0References1
CVE
CVE
added 2026/05/08 10:11 p.m.18 views

CVE-2026-42345

FastGPT (version 4.14.11 and earlier) exposes an SSRF risk in isInternalAddress() (packages/service/common/system/utils.ts) where a fullUrl.startsWith() hardcoded blocklist can be bypassed by at least 7 URL-encoding techniques that resolve to the cloud metadata endpoint. The broader private IP ch...

7.7CVSS5.8AI score0.00213EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/08 10:11 p.m.34 views

CVE-2026-42345 FastGPT: Cloud metadata endpoint SSRF protection bypass via port specification, IPv6 mapping, hex/decimal IP encoding, and trailing dot

FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress function in packages/service/common/system/utils.ts blocks cloud metadata endpoints using a fullUrl.startsWith check against a hardcoded list. This check can be bypassed using at least 7 different...

7.7CVSS0.00213EPSS
Exploits0References1
Rows per page
Query Builder