Lucene search
K

137 matches found

RedhatCVE
RedhatCVE
added 2026/06/13 2:34 a.m.17 views

CVE-2026-54056

A flaw was found in Kitty, a cross-platform GPU based terminal. A remote attacker can exploit a vulnerability in the kitten dnd feature by sending a specially crafted drag-and-drop request. This allows the attacker to overwrite or truncate arbitrary files on the local system that are writable by...

7.6CVSS5AI score0.00268EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/10 1:55 p.m.9 views

EUVD-2026-36028

A flaw was found in migration-planner. An authenticated user can exploit this vulnerability by sending a DELETE request to the /api/v1/sources route, which lacks proper authorization and filtering. This allows for the destruction of all customer data, including sources, agents, and assessments,...

9.1CVSS5.5AI score0.00288EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.18 views

PT-2026-47066

Name of the Vulnerable Software and Affected Versions WPvivid Backup & Migration versions prior to 0.9.129 Description The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress allows authenticated attackers with Administrator-level access and above to delete arbitrary...

3.8CVSS5.6AI score0.00263EPSS
Exploits0References12
Malwarebytes
Malwarebytes
added 2026/05/29 12:7 p.m.36 views

Signal users targeted in backup-stealing phishing attacks

A new phishing campaign is targeting Signal users by attempting to steal their backup recovery keys to access encrypted message archives. The attack is initiated by a text message pretending to come from Signal Support. “Action Required: Data Recovery Needed Your Signal account data message and...

5.8AI score
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: ext4: Do not report a bug if someone dirty pages without first consulting ext4. The unpinuserpagesremote function dirty pages without properly warning the file system in advance. Jan Kara noted this race condition in 20181...

5.5CVSS5.4AI score0.00253EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.2 contained a security vulnerability. This vulnerability stemmed from the lack of authorization for the DELETE /admin/api/content/tags/tagId endpoint. As a result, any...

5.4CVSS5.8AI score0.0018EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/13 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-43389

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: mm: memfdluo: always dirty all folios A dirty folio is one which has been written to. A clea...

5.5CVSS5.6AI score0.00107EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 6:30 p.m.13 views

EUVD-2026-29567

The mem0 1.0.0 server lacks authentication and authorization controls for its memory deletion API endpoint DELETE /memories/memoryid. The endpoint allows unauthenticated users to delete arbitrary memory records without verifying their identity or permissions. A remote attacker can exploit this by...

6AI score0.00386EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.9 views

mem0 server lacks authentication and authorization controls for its memory management API endpoints

The mem0 1.0.0 server lacks authentication and authorization controls for its memory management API endpoints. Critical functions such as updating memory records PUT /memories/memoryid are exposed without any verification of the requester's identity or permissions. A remote attacker can exploit...

7.5CVSS5.9AI score0.00372EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/12 12:0 a.m.6 views

CVE-2026-31244

The mem0 1.0.0 server lacks authentication and authorization controls for its memory deletion API endpoint DELETE /memories/memoryid. The endpoint allows unauthenticated users to delete arbitrary memory records without verifying their identity or permissions. A remote attacker can exploit this by...

6AI score0.00386EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/12 12:0 a.m.10 views

CVE-2026-31243

The mem0 1.0.0 server lacks authentication and authorization controls for its memory reset and table re-creation functionality accessible via the DELETE /memories endpoint. An unauthenticated attacker can send a DELETE request that triggers a reset operation, leading to the execution of a CREATE...

6AI score0.00374EPSS
Exploits0References2
NVD
NVD
added 2026/05/11 11:20 p.m.21 views

CVE-2026-43913

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, Vaultwarden allows an unconfirmed organization owner to purge the entire organization vault. The organization invite flow uses a two-step process: accepting an invite transitions membership from Invited to Accepted, an...

8.1CVSS0.00267EPSS
Exploits1References1
OSV
OSV
added 2026/05/05 6:28 p.m.4 views

GHSA-9WHX-C884-C68Q Langflow Knowledge Bases API is Vulnerable to Path Traversal

Summary Langflow is vulnerable to Path Traversal in the Knowledge Bases API DELETE /api/v1/knowledgebases. This occurs because user-supplied knowledge base names are concatenated directly into file paths without proper sanitization or boundary validation. An authenticated attacker can exploit thi...

9.6CVSS6AI score0.04417EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/04/29 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-22003

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are...

6CVSS7.5AI score0.00101EPSS
Exploits0References2
OSV
OSV
added 2026/04/22 6:31 p.m.6 views

GHSA-FHR3-XH3Q-69W6 uutils coreutils has an Incorrect Provision of Specified Functionality Issue

A logic error in the tr utility of uutils coreutils causes the program to incorrectly define the :graph: and :print: character classes. The implementation mistakenly includes the ASCII space character 0x20 in the :graph: class and excludes it from the :print: class, effectively reversing the...

3.3CVSS5.8AI score0.00149EPSS
Exploits1References5
OSV
OSV
added 2026/04/22 6:31 p.m.3 views

GHSA-4WRP-79M8-9M9P uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the split utility of uutils coreutils. The program attempts to prevent data loss by checking for identity between input and output files using their file paths before initiating the split operation. However, the utility subsequently...

6.3CVSS5.8AI score0.00074EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.11 views

uutils coreutils has an Incorrect Provision of Specified Functionality Issue

A logic error in the tr utility of uutils coreutils causes the program to incorrectly define the :graph: and :print: character classes. The implementation mistakenly includes the ASCII space character 0x20 in the :graph: class and excludes it from the :print: class, effectively reversing the...

3.3CVSS5.4AI score0.00149EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.5 views

uutils coreutils has a Path Traversal issue

A vulnerability in the rm utility of uutils coreutils allows the bypass of safeguard mechanisms intended to protect the current directory. While the utility correctly refuses to delete . or .., it fails to recognize equivalent paths with trailing slashes, such as ./ or .///. An accidental or...

5.6CVSS5.6AI score0.00165EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/04/22 4:9 p.m.16 views

CVE-2026-35379

Affected product and component: uutils coreutils’ tr utility. Root cause: logic error causes mis-definition of character classes [:graph:] and [:print:], inadvertently including ASCII space (0x20) in [:graph:] while excluding it from [:print:], reversing standard POSIX/GNU behavior. Impact: can l...

3.3CVSS5.7AI score0.00149EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/22 4:9 p.m.3 views

CVE-2026-35379 uutils coreutils tr Local Logic Error and Data Integrity Issue in Character Class Handling

A logic error in the tr utility of uutils coreutils causes the program to incorrectly define the :graph: and :print: character classes. The implementation mistakenly includes the ASCII space character 0x20 in the :graph: class and excludes it from the :print: class, effectively reversing the...

3.3CVSS5.7AI score0.00149EPSS
Exploits1References2
Rows per page
Query Builder