Lucene search
K

120 matches found

NVD
NVD
added 4 days ago5 views

CVE-2026-57574

Misskey is an open source, federated social media platform. Prior to 2026.6.0, Misskey contains a vulnerability in Time-based One-Time Password TOTP authentication in UserAuthService where insufficient validation of used tokens allows the reuse of a single-use code within its valid time step. If...

7.4CVSS0.0034EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-56568

Name of the Vulnerable Software and Affected Versions Gradio versions prior to 6.20.0 Description An open redirect and server-side request forgery SSRF issue exists where attackers can redirect users to arbitrary URLs or perform client-side SSRF. This occurs when unvalidated HTTP/HTTPS URLs are...

7.4CVSS6.2AI score0.00247EPSS
Exploits0References8
CVE
CVE
added last week9 views

CVE-2026-58468

NocoBase up to version 2.1.20 is affected by a server-side request forgery via the serverRequest wrapper. Authenticated administrators can craft arbitrary outbound HTTP requests by supplying malicious URLs to workflow request nodes, custom request action buttons, or the AI plugin. Exploitation ta...

5.5CVSS6.1AI score0.002EPSS
Exploits0References4
NVD
NVD
added 2026/07/06 9:16 a.m.12 views

CVE-2026-46457

Improper Input Validation vulnerability in Apache Camel NATS component. The camel-nats component maps inbound NATS message headers into the Camel Exchange but defaulted its headerFilterStrategy to a bare new DefaultHeaderFilterStrategy with no inbound rules configured NatsConfiguration. With no...

7.5CVSS0.00423EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 4:0 p.m.9 views

CVE-2026-44935

Missing validation of "valuesFrom" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 could be used by owners of one tenant to access fleet credentials of other tenants...

9.9CVSS5.8AI score0.00585EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/06/23 6:19 p.m.9 views

Incorrect Authorization

Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Incorrect Authorization in the shared workflows. An attacker can gain unauthorized access to credentials belonging to other users by exploiting insufficient ownership checks via specific public API...

9.9CVSS5.9AI score0.00315EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 3:36 p.m.8 views

EUVD-2026-38467

OpenHarness ohmo gateway /resume and /summary slash commands default remoteinvocable to True, allowing admitted remote senders to enumerate and load arbitrary session snapshots by ID. Attackers can exploit this to access victim snapshots containing private prompts, credentials, tool output, and...

7.1CVSS6.1AI score0.00231EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/22 1:18 p.m.6 views

CVE-2026-10601 Path traversal in the Tempo and Loki data source plugins

A user with Viewer permissions can use specially crafted requests to the Tempo and Loki data source plugins to reach unintended backend endpoints. Depending on the backend configuration this can expose data source credentials, leak internal responses, or trigger administrative actions on the...

5.4CVSS6.1AI score0.00258EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.11 views

LiteLLM SQL注入漏洞

LiteLLM is an open-source application developed by Berri AI. It allows for the use of OpenAI format calls for all LLM APIs. In versions 1.81.16 to 1.83.7 of LiteLLM, there was a SQL injection vulnerability. This vulnerability stemmed from the use of database queries during the check of the proxy...

9.8CVSS6.1AI score0.86607EPSS
Exploits7References1
ATTACKERKB
ATTACKERKB
added 2026/04/30 9:29 p.m.2 views

CVE-2026-7551

HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system commands. Attackers can invoke the /bridge spawn command with attacker-controlled command text that is forwarded...

8.8CVSS6.7AI score0.00649EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/04/30 9:29 p.m.35 views

CVE-2026-7551 HKUDS OpenHarness Remote Command Execution via /bridge Slash Command

HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system commands. Attackers can invoke the /bridge spawn command with attacker-controlled command text that is forwarded...

8.8CVSS0.00649EPSS
Exploits1References3
CVE
CVE
added 2026/04/07 5:9 p.m.9 views

CVE-2026-22682

OpenHarness CVE-2026-22682 affects the built-in file tools. The root cause is inconsistent parameter handling in permission enforcement, specifically that the path parameter is not passed to the PermissionChecker in read_file, write_file, edit_file, and notebook_edit tools. This allows attackers ...

8.4CVSS6.2AI score0.00127EPSS
Exploits0References3
OSV
OSV
added 2026/02/26 9:30 a.m.6 views

BIT-SEALED-SECRETS-2026-22728 Bitnami Sealed Secrets /v1/rotate can widen sealing scope to cluster-wide via attacker-controlled template annotations

Bitnami Sealed Secrets is vulnerable to a scope-widening attack during the secret rotation /v1/rotate flow. The rotation handler derives the sealing scope for the newly encrypted output from untrusted spec.template.metadata.annotations present in the input SealedSecret. By submitting a victim...

4.9CVSS5.7AI score0.00352EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/25 5:52 a.m.7 views

CVE-2026-3100

The FTP Backup on the ADM will not properly strictly enforce TLS certificate verification while connecting to an FTP server using FTPES/FTPS. An improper validated TLS/SSL certificates allows a remote attacker can intercept network traffic to perform a Man-in-the-Middle MitM attack, which may...

8.3CVSS5.5AI score0.00179EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 12:35 p.m.8 views

CVE-2023-49653

Jenkins Jira Plugin 3.11 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to...

6.5CVSS6.6AI score0.0061EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:29 a.m.11 views

CVE-2021-27457

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected products utilize a weak encryption algorithm for storage of sensitive data, which may allow an attacker to more easily obtain credentials used for access...

7.5CVSS6.8AI score0.00452EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2025/12/19 12:0 a.m.4 views

Synology DiskStation Manager (DSM) Multiple Vulnerabilities (Synology_SA_24_21) - Active Check

Synology DiskStation Manager DSM is prone to multiple vulnerabilities in the Synology Drive Server. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

7.5CVSS5.4AI score0.24866EPSS
Exploits0References4
OSV
OSV
added 2025/12/10 5:15 p.m.6 views

CVE-2025-67642

Jenkins HashiCorp Vault Plugin 371.v884a4dd60fb6 and earlier does not set the appropriate context for Vault credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Vault credentials they are not entitled to...

4.3CVSS5.8AI score0.00202EPSS
Exploits0References1
Snyk
Snyk
added 2025/11/24 4:24 p.m.1 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

9.8CVSS6.8AI score
Exploits0References3
Snyk
Snyk
added 2025/11/24 4:24 p.m.8 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

9.8CVSS6.8AI score
Exploits0References3
Rows per page
Query Builder