Lucene search
K

12151 matches found

CVE
CVE
added 6 days ago13 views

CVE-2026-48892

CVE-2026-48892 : Apache Airflow's Config API leaks per-key secrets-backend overrides via environment variables (e.g., AIRFLOW__SECRETS__BACKEND_KWARG__SECRET_ID, AIRFLOW__WORKERS__SECRETS_BACKEND_KWARG__SECRET_ID) that are not in sensitive_config_values, allowing an authenticated UI/API user with...

6.5CVSS6AI score0.00664EPSS
Exploits0References3Affected Software1
NVD
NVD
added 6 days ago9 views

CVE-2026-58315

Cross-site request forgery vulnerability exists in SEIKO EPSON Web Config. If a user views a malicious page while logged into Web Config, unintended operations may be performed...

5.1CVSS0.00102EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-58315

Cross-site request forgery vulnerability exists in SEIKO EPSON Web Config. If a user views a malicious page while logged into Web Config, unintended operations may be performed...

5.1CVSS0.00102EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 6 days ago5 views

CVE-2026-58315

Cross-site request forgery vulnerability exists in SEIKO EPSON Web Config. If a user views a malicious page while logged into Web Config, unintended operations may be performed...

5.1CVSS5.9AI score0.00102EPSS
Exploits0References3
CVE
CVE
added 6 days ago19 views

CVE-2026-58315

CVE-2026-58315 describes a Cross-site request forgery in SEIKO EPSON Web Config. The vulnerability could allow unintended operations when a logged-in user visits a malicious page, as reported by both the NVD entry and CVE records. Connected sources confirm the product area (SEIKO EPSON Web Config...

5.1CVSS5.9AI score0.00102EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42007

Cross-site request forgery vulnerability exists in SEIKO EPSON Web Config. If a user views a malicious page while logged into Web Config, unintended operations may be performed...

5.1CVSS5.9AI score0.00102EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-56190

A stored XPATH injection vulnerability exists in opnsense's trust module. Any user if given just System: CA Manager permissions can use a bool side channel/oracle to slowly leak any secret in config.xml character by character. the injection point is in the refid field of a ca object. Write-up for...

6AI score
Exploits1References2
Tenable Nessus
Tenable Nessus
added 6 days ago7 views

Linux Distros Unpatched Vulnerability : CVE-2026-14476

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A path traversal flaw was found in SSSD's AD GPO provider. The adgpoextractsmbcomponents function does not sanitize .. sequences in the gPCFileSysPath LDAP...

8CVSS6.1AI score0.00501EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 6 days ago7 views

PT-2026-56268

Name of the Vulnerable Software and Affected Versions mem0 affected versions not specified Description Unauthenticated config API endpoints expose LLM API keys in plaintext and enable server-side request forgery SSRF, a technique where an attacker induces the server to make requests to an...

9.3CVSS6.1AI score0.00259EPSS
Exploits0References8
Cvelist
Cvelist
added last week33 views

CVE-2026-43921 FOSSBilling vulnerable to arbitrary PHP code injection via unescaped config serialization

FOSSBilling is a free, open-source billing and client management system. Versions 0.6.10 through 0.7.2 have a PHP code injection vulnerability in FOSSBilling's Config::prettyPrintArrayToPHP method. When configuration values are updated, string values are written into config.php without escaping...

8.9CVSS0.00274EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added last week6 views

CVE-2026-43921

FOSSBilling is a free, open-source billing and client management system. Versions 0.6.10 through 0.7.2 have a PHP code injection vulnerability in FOSSBilling's Config::prettyPrintArrayToPHP method. When configuration values are updated, string values are written into config.php without escaping...

8.9CVSS6.2AI score0.00274EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added last week6 views

Coder vulnerable to SSH config injection via unsanitized server-supplied values in `coder config-ssh`

Summary coder config-ssh wrote server-supplied SSH settings HostnameSuffix, SSHConfigOptions into the user's /.ssh/config without sanitizing embedded newlines or restricting directives so a malicious or compromised Coder server could inject arbitrary SSH configuration. Note: Practical exploitatio...

8.3CVSS6.6AI score0.00466EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added last week34 views

CVE-2026-57572 Crawl4AI: Unauthenticated RCE via Chromium launch-argument injection in browser_config.extra_args

Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server accepted request-supplied browserconfig.extraargs, which flowed into Chromium's launch arguments. An attacker could inject Chromium switches that replace a child-process launch command together...

10CVSS0.00523EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added last week6 views

CVE-2026-57572

Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server accepted request-supplied browserconfig.extraargs, which flowed into Chromium's launch arguments. An attacker could inject Chromium switches that replace a child-process launch command together...

10CVSS6.1AI score0.00523EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added last week5 views

EUVD-2026-41919

The web server binary /bin/httpd contains a hidden backdoor authentication mechanism in the login function at 004c88b8. - The function contains a normal authentication path using MD5/hash-based password verification prodencode64/PasswordToMd5/checkrandkey. - After normal authentication fails, it...

6AI score0.00668EPSS
Exploits1References2
Cvelist
Cvelist
added last week49 views

CVE-2026-11405 Hidden backdoor authentication mechanism in multiple versions of Tenda firmware allows admin access to web management interface

The web server binary /bin/httpd contains a hidden backdoor authentication mechanism in the login function at 004c88b8. - The function contains a normal authentication path using MD5/hash-based password verification prodencode64/PasswordToMd5/checkrandkey. - After normal authentication fails, it...

0.00668EPSS
Exploits1References2
NVD
NVD
added last week9 views

CVE-2026-59195

pnpm is a package manager. Prior to 10.34.4 and 11.8.0, pnpm accepts package names from the env lockfile configDependencies section and uses those names directly when creating config dependency symlinks under nodemodules/.pnpm-config. A malicious repository can commit a crafted pnpm-lock.yaml who...

8.2CVSS0.00257EPSS
Exploits1References1
CVE
CVE
added last week73 views

CVE-2026-40138

CVE-2026-40138 is a critical pre-authentication vulnerability in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. The underlying issue is improper validation of authentication data, which could let a network-positioned attacker bypass access controls and ga...

9.2CVSS6AI score0.00417EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added last week34 views

CVE-2026-59195 pnpm: Path traversal in configDependencies env lockfile allows symlink creation outside node_modules/.pnpm-config

pnpm is a package manager. Prior to 10.34.4 and 11.8.0, pnpm accepts package names from the env lockfile configDependencies section and uses those names directly when creating config dependency symlinks under nodemodules/.pnpm-config. A malicious repository can commit a crafted pnpm-lock.yaml who...

8.2CVSS0.00257EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added last week4 views

CVE-2026-59195

pnpm is a package manager. Prior to 10.34.4 and 11.8.0, pnpm accepts package names from the env lockfile configDependencies section and uses those names directly when creating config dependency symlinks under nodemodules/.pnpm-config. A malicious repository can commit a crafted pnpm-lock.yaml who...

8.2CVSS6AI score0.00257EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder