Lucene search
K

12285 matches found

ATTACKERKB
ATTACKERKB
added 2026/07/07 9:16 a.m.7 views

CVE-2026-48892

The Config API in Apache Airflow surfaced per-key secrets-backend overrides environment variables like AIRFLOWSECRETSBACKENDKWARGSECRETID and AIRFLOWWORKERSSECRETSBACKENDKWARGSECRETID as synthetic config options whose option names were not in sensitiveconfigvalues, so the masker did not redact...

6.5CVSS6AI score0.00664EPSS
Exploits0References3
NVD
NVD
added 2026/07/07 6:16 a.m.9 views

CVE-2026-58315

Cross-site request forgery vulnerability exists in SEIKO EPSON Web Config. If a user views a malicious page while logged into Web Config, unintended operations may be performed...

5.1CVSS0.00102EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/07 5:33 a.m.32 views

CVE-2026-58315

Cross-site request forgery vulnerability exists in SEIKO EPSON Web Config. If a user views a malicious page while logged into Web Config, unintended operations may be performed...

5.1CVSS0.00102EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/07 5:33 a.m.5 views

CVE-2026-58315

Cross-site request forgery vulnerability exists in SEIKO EPSON Web Config. If a user views a malicious page while logged into Web Config, unintended operations may be performed...

5.1CVSS5.9AI score0.00102EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/07 5:33 a.m.7 views

EUVD-2026-42007

Cross-site request forgery vulnerability exists in SEIKO EPSON Web Config. If a user views a malicious page while logged into Web Config, unintended operations may be performed...

5.1CVSS5.9AI score0.00102EPSS
Exploits0References2
CVE
CVE
added 2026/07/07 5:33 a.m.22 views

CVE-2026-58315

CVE-2026-58315 describes a Cross-site request forgery in SEIKO EPSON Web Config. The vulnerability could allow unintended operations when a logged-in user visits a malicious page, as reported by both the NVD entry and CVE records. Connected sources confirm the product area (SEIKO EPSON Web Config...

5.1CVSS5.9AI score0.00102EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.8 views

PT-2026-56268

Name of the Vulnerable Software and Affected Versions mem0 affected versions not specified Description Unauthenticated config API endpoints expose LLM API keys in plaintext and enable server-side request forgery SSRF, a technique where an attacker induces the server to make requests to an...

9.3CVSS6.1AI score0.00259EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.19 views

PT-2026-56190

A stored XPATH injection vulnerability exists in opnsense's trust module. Any user if given just System: CA Manager permissions can use a bool side channel/oracle to slowly leak any secret in config.xml character by character. the injection point is in the refid field of a ca object. Write-up for...

6AI score
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/07/07 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-14476

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A path traversal flaw was found in SSSD's AD GPO provider. The adgpoextractsmbcomponents function does not sanitize .. sequences in the gPCFileSysPath LDAP...

8CVSS6.1AI score0.00501EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.25 views

PT-2026-56178

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.3.0 Description The Config API exposes per-key secrets-backend overrides, such as environment variables AIRFLOW SECRETS BACKEND KWARG SECRET ID and AIRFLOW WORKERS SECRETS BACKEND KWARG SECRET ID, as syntheti...

6.5CVSS6.1AI score0.00664EPSS
Exploits0References14
Cvelist
Cvelist
added 2026/07/06 9:38 p.m.33 views

CVE-2026-43921 FOSSBilling vulnerable to arbitrary PHP code injection via unescaped config serialization

FOSSBilling is a free, open-source billing and client management system. Versions 0.6.10 through 0.7.2 have a PHP code injection vulnerability in FOSSBilling's Config::prettyPrintArrayToPHP method. When configuration values are updated, string values are written into config.php without escaping...

8.9CVSS0.00274EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/06 9:38 p.m.6 views

CVE-2026-43921

FOSSBilling is a free, open-source billing and client management system. Versions 0.6.10 through 0.7.2 have a PHP code injection vulnerability in FOSSBilling's Config::prettyPrintArrayToPHP method. When configuration values are updated, string values are written into config.php without escaping...

8.9CVSS6.2AI score0.00274EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/07/06 9:38 p.m.4 views

CVE-2026-43921 FOSSBilling vulnerable to arbitrary PHP code injection via unescaped config serialization

FOSSBilling is a free, open-source billing and client management system. Versions 0.6.10 through 0.7.2 have a PHP code injection vulnerability in FOSSBilling's Config::prettyPrintArrayToPHP method. When configuration values are updated, string values are written into config.php without escaping...

8.9CVSS6.2AI score0.00274EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/07/06 8:53 p.m.7 views

Coder vulnerable to SSH config injection via unsanitized server-supplied values in `coder config-ssh`

Summary coder config-ssh wrote server-supplied SSH settings HostnameSuffix, SSHConfigOptions into the user's /.ssh/config without sanitizing embedded newlines or restricting directives so a malicious or compromised Coder server could inject arbitrary SSH configuration. Note: Practical exploitatio...

8.3CVSS6.6AI score0.00466EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/07/06 8:16 p.m.4 views

CVE-2026-57572 Crawl4AI: Unauthenticated RCE via Chromium launch-argument injection in browser_config.extra_args

Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server accepted request-supplied browserconfig.extraargs, which flowed into Chromium's launch arguments. An attacker could inject Chromium switches that replace a child-process launch command together...

10CVSS6.1AI score0.00523EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/06 8:16 p.m.36 views

CVE-2026-57572 Crawl4AI: Unauthenticated RCE via Chromium launch-argument injection in browser_config.extra_args

Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server accepted request-supplied browserconfig.extraargs, which flowed into Chromium's launch arguments. An attacker could inject Chromium switches that replace a child-process launch command together...

10CVSS0.00523EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:16 p.m.6 views

CVE-2026-57572

Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server accepted request-supplied browserconfig.extraargs, which flowed into Chromium's launch arguments. An attacker could inject Chromium switches that replace a child-process launch command together...

10CVSS6.1AI score0.00523EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/07/06 7:17 p.m.51 views

CVE-2026-11405 Hidden backdoor authentication mechanism in multiple versions of Tenda firmware allows admin access to web management interface

The web server binary /bin/httpd contains a hidden backdoor authentication mechanism in the login function at 004c88b8. - The function contains a normal authentication path using MD5/hash-based password verification prodencode64/PasswordToMd5/checkrandkey. - After normal authentication fails, it...

0.00668EPSS
Exploits1References2
EUVD
EUVD
added 2026/07/06 7:17 p.m.5 views

EUVD-2026-41919

The web server binary /bin/httpd contains a hidden backdoor authentication mechanism in the login function at 004c88b8. - The function contains a normal authentication path using MD5/hash-based password verification prodencode64/PasswordToMd5/checkrandkey. - After normal authentication fails, it...

6AI score0.00668EPSS
Exploits1References2
NVD
NVD
added 2026/07/06 4:16 p.m.11 views

CVE-2026-59195

pnpm is a package manager. Prior to 10.34.4 and 11.8.0, pnpm accepts package names from the env lockfile configDependencies section and uses those names directly when creating config dependency symlinks under nodemodules/.pnpm-config. A malicious repository can commit a crafted pnpm-lock.yaml who...

8.2CVSS0.00257EPSS
Exploits1References1
Rows per page
Query Builder