Lucene search
K

1259092 matches found

Circl
Circl
added yesterday4 views

CVE-2026-55445

creationtimestamp| type| source ---|---|--- 2026-07-15 23:06:05+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqptj5juer2c 2026-07-16 00:38:51+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqpyoz5fpx22 2026-07-16 01:30:26+00:00| seen|...

9.3CVSS6.1AI score
Exploits0References4
Circl
Circl
added yesterday3 views

CVE-2026-52891

creationtimestamp| type| source ---|---|--- 2026-07-15 22:06:04+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqpq5spsbr25 2026-07-16 00:30:46+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqpyal2izp2s...

9.9CVSS6.1AI score0.00257EPSS
Exploits0References2
Circl
Circl
added yesterday3 views

CVE-2026-40954

creationtimestamp| type| source ---|---|--- 2026-07-15 22:00:34+00:00| seen| https://bsky.app/profile/euvd-bot.bsky.social/post/3mqpptyijcs2m...

3.7CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-62314

Anubis Web AI Firewall Utility vulnerable in versions 1.22.0–1.26.0-pre1 due to PathChecker.Check() trusting the client-controlled X-Original-URI header before r.URL.Path, enabling bypass of the challenge via ALLOW rules (e.g., ^/.well-known/.*$). A fixed release is 1.26.0-pre1; upgrade to mitiga...

5.8CVSS6.1AI score
Exploits0References4
CVE
CVE
added yesterday8 views

CVE-2026-53445

CVE-2026-53445 (Wekan) : Affected component is Wekan’s copyBoard DDP publication (server/publications/boards.js). Before version 9.32, the copy operation copied a board by caller-supplied boardId without validating this.userId, membership, or admin access, enabling any authenticated user to copy ...

7.1CVSS6.1AI score0.00041EPSS
Exploits0References3
CVE
CVE
added yesterday34 views

CVE-2026-46339

Summary: CVE-2026-46339 affects 9Router, where middleware did not protect /api/cli-tools/* and /api/mcp/* until a fix in 0.4.37. Connected sources describe unauthenticated registration of custom MCP plugins via /api/cli-tools/cowork-settings and command execution through the MCP bridge, enabling ...

10CVSS6.2AI score0.00147EPSS
Exploits0References2
Wolfi
Wolfi
added yesterday6 views

CVE-2026-54448 vulnerabilities

Vulnerabilities for packages: trivy-operator...

6.9CVSS6.1AI score0.0025EPSS
Exploits0
Wolfi
Wolfi
added yesterday2 views

CVE-2026-54266 vulnerabilities

Vulnerabilities for packages: kubeflow-katib...

8.8CVSS6.1AI score0.0009EPSS
Exploits0
Wolfi
Wolfi
added yesterday2 views

CVE-2026-50170 vulnerabilities

Vulnerabilities for packages: kubeflow-katib...

8.2CVSS6.1AI score0.00267EPSS
Exploits0
Wolfi
Wolfi
added yesterday5 views

CVE-2026-22610 vulnerabilities

Vulnerabilities for packages: kubeflow-katib...

8.5CVSS6.3AI score0.00444EPSS
Exploits1
Wolfi
Wolfi
added yesterday3 views

CVE-2026-44891 vulnerabilities

Vulnerabilities for packages: tez, celeborn...

6.1AI score
Exploits0
CVE
CVE
added yesterday5 views

CVE-2026-55410

NocoBase (with the @nocobase/plugin-backups) prior to version 2.1.19 is vulnerable. The backups restoration flow interpolates database.schema from _metadata.json into Node.js child_process.exec() shell commands, enabling a backup-management user to execute arbitrary commands with the NocoBase ser...

6.7CVSS6.2AI score
Exploits0References3
NVD
NVD
added yesterday4 views

CVE-2026-40954

CVE-2026-40954 is an integer underflow vulnerability in the traffic parsing function of Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client...

3.7CVSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-40952

CVE-2026-40952 is a privilege misconfiguration in the Secure Access installer for the Windows client and server prior to version 14.55. Attackers with local access to the client or server can use it to elevate privileges to Administrator when Secure Access is installed in a non-default location...

8.5CVSS
Exploits0References1
CVE
CVE
added yesterday10 views

CVE-2026-52870

The MCP Python SDK (package mcp on PyPI) has a vulnerability in versions 1.23.0–1.27.1 where default handlers installed by server.experimental.enable_tasks() for tasks/list, tasks/get, tasks/result, and tasks/cancel only operate on task identifiers and do not record the session that created each ...

7.6CVSS6.1AI score0.00043EPSS
Exploits0References4
EUVD
EUVD
added yesterday4 views

EUVD-2026-44788

CVE-2026-40955 is an integer underflow vulnerability in the traffic parsing function of Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client...

2.1CVSS6.1AI score
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added yesterday29 views

Security Bulletin: IBM QRadar SIEM is vulnerable to information diclosures and cross-site scripting

Summary Several potential Cross-Site Scripting and Information Disclosure issues addressed in IBM QRadar SIEM 7.5.0 UP15 Vulnerability Details CVEID:CVE-2025-13995 DESCRIPTION: IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 could allow an attacker with access to one tenant to access hostna...

6.2CVSS6.1AI score0.0018EPSS
Exploits0Affected Software1
NVD
NVD
added yesterday5 views

CVE-2026-62349

TDengine is an open source, time-series database optimized for Internet of Things devices. In 3.4.1.6 and earlier, source/libs/parser/src/parUtil.c trimString checks space for only one byte before processing SQL string escape sequences %, , or \x, allowing a one-byte out-of-bounds write to the...

8.3CVSS
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-15895

CVE-2026-15895 : OS command injection vulnerability in the npm package loading component of AWS jsii-diff prior to v1.131.0. An attacker could exploit crafted package specifiers passed to the npm: source argument to execute arbitrary commands. Affected software is AWS jsii-diff (npm packaging) wi...

8.4CVSS6.3AI score
Exploits0References2
Cvelist
Cvelist
added yesterday11 views

CVE-2026-49987 Repomix: Command Injection (RCE) via `--remote-branch` Argument Injection

Repomix is a tool that packs repositories into AI-friendly files. Prior to 1.14.1, src/core/git/gitCommand.ts execGitShallowClone passes the --remote-branch value directly to git fetch and git checkout without validation or --end-of-options, allowing --upload-pack or other Git option injection th...

7.5CVSS0.00066EPSS
Exploits0References3
Rows per page
Query Builder