1259092 matches found
CVE-2026-55445
creationtimestamp| type| source ---|---|--- 2026-07-15 23:06:05+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqptj5juer2c 2026-07-16 00:38:51+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqpyoz5fpx22 2026-07-16 01:30:26+00:00| seen|...
CVE-2026-52891
creationtimestamp| type| source ---|---|--- 2026-07-15 22:06:04+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqpq5spsbr25 2026-07-16 00:30:46+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqpyal2izp2s...
CVE-2026-40954
creationtimestamp| type| source ---|---|--- 2026-07-15 22:00:34+00:00| seen| https://bsky.app/profile/euvd-bot.bsky.social/post/3mqpptyijcs2m...
CVE-2026-62314
Anubis Web AI Firewall Utility vulnerable in versions 1.22.0–1.26.0-pre1 due to PathChecker.Check() trusting the client-controlled X-Original-URI header before r.URL.Path, enabling bypass of the challenge via ALLOW rules (e.g., ^/.well-known/.*$). A fixed release is 1.26.0-pre1; upgrade to mitiga...
CVE-2026-53445
CVE-2026-53445 (Wekan) : Affected component is Wekan’s copyBoard DDP publication (server/publications/boards.js). Before version 9.32, the copy operation copied a board by caller-supplied boardId without validating this.userId, membership, or admin access, enabling any authenticated user to copy ...
CVE-2026-46339
Summary: CVE-2026-46339 affects 9Router, where middleware did not protect /api/cli-tools/* and /api/mcp/* until a fix in 0.4.37. Connected sources describe unauthenticated registration of custom MCP plugins via /api/cli-tools/cowork-settings and command execution through the MCP bridge, enabling ...
CVE-2026-54448 vulnerabilities
Vulnerabilities for packages: trivy-operator...
CVE-2026-54266 vulnerabilities
Vulnerabilities for packages: kubeflow-katib...
CVE-2026-50170 vulnerabilities
Vulnerabilities for packages: kubeflow-katib...
CVE-2026-22610 vulnerabilities
Vulnerabilities for packages: kubeflow-katib...
CVE-2026-44891 vulnerabilities
Vulnerabilities for packages: tez, celeborn...
CVE-2026-55410
NocoBase (with the @nocobase/plugin-backups) prior to version 2.1.19 is vulnerable. The backups restoration flow interpolates database.schema from _metadata.json into Node.js child_process.exec() shell commands, enabling a backup-management user to execute arbitrary commands with the NocoBase ser...
CVE-2026-40954
CVE-2026-40954 is an integer underflow vulnerability in the traffic parsing function of Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client...
CVE-2026-40952
CVE-2026-40952 is a privilege misconfiguration in the Secure Access installer for the Windows client and server prior to version 14.55. Attackers with local access to the client or server can use it to elevate privileges to Administrator when Secure Access is installed in a non-default location...
CVE-2026-52870
The MCP Python SDK (package mcp on PyPI) has a vulnerability in versions 1.23.0–1.27.1 where default handlers installed by server.experimental.enable_tasks() for tasks/list, tasks/get, tasks/result, and tasks/cancel only operate on task identifiers and do not record the session that created each ...
EUVD-2026-44788
CVE-2026-40955 is an integer underflow vulnerability in the traffic parsing function of Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client...
Security Bulletin: IBM QRadar SIEM is vulnerable to information diclosures and cross-site scripting
Summary Several potential Cross-Site Scripting and Information Disclosure issues addressed in IBM QRadar SIEM 7.5.0 UP15 Vulnerability Details CVEID:CVE-2025-13995 DESCRIPTION: IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 could allow an attacker with access to one tenant to access hostna...
CVE-2026-62349
TDengine is an open source, time-series database optimized for Internet of Things devices. In 3.4.1.6 and earlier, source/libs/parser/src/parUtil.c trimString checks space for only one byte before processing SQL string escape sequences %, , or \x, allowing a one-byte out-of-bounds write to the...
CVE-2026-15895
CVE-2026-15895 : OS command injection vulnerability in the npm package loading component of AWS jsii-diff prior to v1.131.0. An attacker could exploit crafted package specifiers passed to the npm: source argument to execute arbitrary commands. Affected software is AWS jsii-diff (npm packaging) wi...
CVE-2026-49987 Repomix: Command Injection (RCE) via `--remote-branch` Argument Injection
Repomix is a tool that packs repositories into AI-friendly files. Prior to 1.14.1, src/core/git/gitCommand.ts execGitShallowClone passes the --remote-branch value directly to git fetch and git checkout without validation or --end-of-options, allowing --upload-pack or other Git option injection th...