Lucene search
K

19250 matches found

ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-59207

n8n is an open source workflow automation platform. Prior to 2.27.4 and 2.28.1, the AI Agents feature did not enforce the Allowed HTTP Request Domains restriction configured on credentials when an MCP tool was pointed at an arbitrary URL, allowing a member-level user with use-only access to a...

7.1CVSS6.1AI score
Exploits0References4Affected Software1
Cvelist
Cvelist
added yesterday11 views

CVE-2026-59207 n8n: "Allowed HTTP Request Domains" Restriction Bypass via AI Agents MCP Connector

n8n is an open source workflow automation platform. Prior to 2.27.4 and 2.28.1, the AI Agents feature did not enforce the Allowed HTTP Request Domains restriction configured on credentials when an MCP tool was pointed at an arbitrary URL, allowing a member-level user with use-only access to a...

7.1CVSS
Exploits0References3
Cvelist
Cvelist
added yesterday12 views

CVE-2026-54801

A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V26.20, SICORE Base system All versions V26.20.0. The affected application contains insufficient validation of authentication credentials when processing administrative account modifications through the we...

8.6CVSS
Exploits0References1
CVE
CVE
added yesterday9 views

CVE-2026-54801

This CVE affects CPCI85 Central Processing/Communication (all versions < V26.20) and SICORE Base system (all versions < V26.20.0). The vulnerability stems from insufficient validation of authentication credentials when processing administrative account modifications via the web API, enablin...

8.6CVSS5.9AI score
Exploits0References1
The Hacker News
The Hacker News
added yesterday13 views

GodDamn Ransomware Uses PoisonX Driver to Disable Endpoint Defenses

Cybersecurity researchers have flagged a new ransomware family called GodDamn that employs the PoisonX kernel driver to neutralize security software as part of its defense evasion strategy. According to a new report published by the Threat Hunter Team from Symantec, the ransomware was first...

6AI score
Exploits0
NVD
NVD
added yesterday7 views

CVE-2026-31982

An Open Redirect vulnerability was discovered in the SAML Single Sign-On functionality due to insufficient validation of a user-controlled redirection parameter. An unauthenticated attacker can craft a request to the SAML sign-in endpoint and poison the cached SAML redirection for other users who...

7.1CVSS0.00167EPSS
Exploits0References1
EUVD
EUVD
added yesterday5 views

EUVD-2026-42532

An Open Redirect vulnerability was discovered in the SAML Single Sign-On functionality due to insufficient validation of a user-controlled redirection parameter. An unauthenticated attacker can craft a request to the SAML sign-in endpoint and poison the cached SAML redirection for other users who...

7.1CVSS6AI score0.00167EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-31982

An Open Redirect vulnerability was discovered in the SAML Single Sign-On functionality due to insufficient validation of a user-controlled redirection parameter. An unauthenticated attacker can craft a request to the SAML sign-in endpoint and poison the cached SAML redirection for other users who...

7.1CVSS6AI score0.00167EPSS
Exploits0References2
CVE
CVE
added yesterday7 views

CVE-2026-31982

The connected records identify CVE-2026-31982 as an Open Redirect vulnerability in SAML Single Sign-On affecting Guardian/CMC prior to version 26.2.0. The root cause is insufficient validation of a user-controlled redirection parameter in the SAML sign-in endpoint, enabling an unauthenticated att...

7.1CVSS6AI score0.00167EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday13 views

CVE-2026-31982 Open Redirect in SAML Single Sign-On in Guardian/CMC before 26.2.0

An Open Redirect vulnerability was discovered in the SAML Single Sign-On functionality due to insufficient validation of a user-controlled redirection parameter. An unauthenticated attacker can craft a request to the SAML sign-in endpoint and poison the cached SAML redirection for other users who...

7.1CVSS0.00167EPSS
Exploits0References1
NVD
NVD
added yesterday7 views

CVE-2026-47828

During bosh create-env and bosh delete-env, the CLI uploads compiled CPI packages and rendered job templates to the new VM's DAV blobstore over HTTPS without verifying the server certificate, even though a CA certificate for that endpoint is available in the installation manifest. A network...

8.9CVSS0.00088EPSS
Exploits0References1
EUVD
EUVD
added yesterday4 views

EUVD-2026-42514

During bosh create-env and bosh delete-env, the CLI uploads compiled CPI packages and rendered job templates to the new VM's DAV blobstore over HTTPS without verifying the server certificate, even though a CA certificate for that endpoint is available in the installation manifest. A network...

8.9CVSS7.1AI score0.00088EPSS
Exploits0References1
CVE
CVE
added yesterday13 views

CVE-2026-47828

The CVE affects bosh-cli versions prior to 7.10.4. During bosh create-env/delete-env, the CLI uploads CPI packages and rendered job templates to the VM’s DAV blobstore over HTTPS without verifying the server certificate, despite a CA certificate being present in the manifest. This enables a netwo...

8.9CVSS7.1AI score0.00088EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday14 views

CVE-2026-47828 Missing TLS Certificate Verification in BOSH CLI Allows Root Code Execution via Man-in-the-Middle Credential Replay

During bosh create-env and bosh delete-env, the CLI uploads compiled CPI packages and rendered job templates to the new VM's DAV blobstore over HTTPS without verifying the server certificate, even though a CA certificate for that endpoint is available in the installation manifest. A network...

8.9CVSS0.00088EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday54 views

Hardcoded Admin Credentials For Cisco Smart Licensing Utility API

A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to log in to an affected system by using a static administrative credential.This vulnerability is due to an undocumented static user credential for an administrative account. An attacker could exploit...

9.8CVSS7.4AI score0.91911EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday50 views

Ivanti EPM - Credential Coercion Vulnerability in GetHashForWildcard

A vulnerability in Ivanti Endpoint Manager EPM allows an unauthenticated attacker to coerce the EPM machine account credential via the GetHashForWildcard endpoint. The vulnerability exists due to improper input validation in the wildcard parameter, allowing an attacker to specify a remote UNC pat...

9.8CVSS7.4AI score0.89738EPSS
Exploits1References2
CVE
CVE
added yesterday13 views

CVE-2026-51926

The CVE-2026-51926 entry affects docuForm FSM Client v11.11c, where the login.php authentication flow exposes user-enumeration through responses that differ for valid vs invalid usernames. The root cause is an authentication mechanism flaw enabling attackers to distinguish existing accounts, whic...

6AI score
Exploits0References2
NVD
NVD
added 2 days ago4 views

CVE-2026-59947

Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, when Composer is run with -vvv debug verbosity, it could print a credential embedded in the username slot of a repository or package URL, such as a GitHub Personal Access Token in https://TOKEN@host/, to debug outp...

4.7CVSS0.00108EPSS
Exploits0References5
NVD
NVD
added 2 days ago4 views

CVE-2026-59807

Composio SDK before 0.2.32-beta.283 contains a path validation bypass vulnerability that allows attackers to read and exfiltrate sensitive files by exploiting a missing assertSafeFileUploadPath check in the readFileFromDisk function within tool-file-uploads.ts. Attackers can exploit prompt...

8.9CVSS0.00289EPSS
Exploits0References5
Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-59807 Composio SDK < 0.2.32-beta.283 - Sensitive File Upload via tool-file-uploads.ts

Composio SDK before 0.2.32-beta.283 contains a path validation bypass vulnerability that allows attackers to read and exfiltrate sensitive files by exploiting a missing assertSafeFileUploadPath check in the readFileFromDisk function within tool-file-uploads.ts. Attackers can exploit prompt...

8.9CVSS0.00289EPSS
Exploits0References5
Rows per page
Query Builder