Lucene search
+L

689 matches found

CNNVD
CNNVD
added 2026/04/14 12:0 a.m.10 views

Apache Apisix 安全漏洞

Apache APISIX is a cloud-native microservices API gateway service provided by the Apache Foundation in the United States. This software is implemented based on OpenResty and etcd, featuring dynamic routing and hot loading of plugins. It is suitable for API management within microservice systems...

7.5CVSS5.8AI score0.0025EPSS
Exploits0References2
CVE
CVE
added 2026/04/07 8:26 p.m.44 views

CVE-2026-27949

Affected software: Plane (open‑source project management tool). Vulnerability: Before v1.3.0, the authentication flow exposed the user’s email address as a query parameter in the URL during error handling (e.g., invalid magic code submissions), revealing PII via GET queries. Location of root caus...

4.3CVSS6AI score0.00168EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.8 views

Code-Projects Online FIR System 安全漏洞

Code-Projects Online FIR System is an open-source online FIR system developed by Code-Projects. Version 1.0 of the code-projects Online FIR System contains a security vulnerability. This vulnerability stems from the unsafe storage of the/complaints.sql file in the SQL database backup processing...

6.9CVSS6.1AI score0.00302EPSS
Exploits0References5
CVE
CVE
added 2026/04/01 1:40 a.m.46 views

CVE-2026-3774

Foxit PDF Editor/Reader (pre-2026.1) is affected by CVE-2026-3774 due to PDF JavaScript and document/print actions (WillPrint/DidPrint) updating form fields, annotations, or OCGs around redaction, encryption, or printing. The script-driven updates are not fully covered by the existing redaction/e...

7.5CVSS5.9AI score0.00109EPSS
Exploits0References1Affected Software2
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.8 views

PT-2026-29434

The application allows PDF JavaScript and document/print actions such as WillPrint/DidPrint to update form fields, annotations, or optional content groups OCGs immediately before or after redaction, encryption, or printing. These script‑driven updates are not fully covered by the existing...

4.7CVSS5.9AI score0.00109EPSS
Exploits0References2
OSV
OSV
added 2026/03/27 3:34 p.m.4 views

GHSA-JJP7-G2JW-WH3J Open WebUI's process_files_batch() endpoint missing ownership check, allows unauthorized file overwrite

Summary Any authenticated user can overwrite any file's content by ID through the POST /api/v1/retrieval/process/files/batch endpoint. The endpoint performs no ownership check, so a regular user with read access to a shared knowledge base can obtain file UUIDs via GET /api/v1/knowledge/id/files a...

7.1CVSS5.9AI score0.02858EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/03/25 12:35 a.m.10 views

CVE-2026-20633

This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access user-sensitive data...

5.8AI score0.0021EPSS
Exploits0References3
CVE
CVE
added 2026/03/25 12:32 a.m.20 views

CVE-2026-28824

CVE-2026-28824 is an Apple macOS vulnerability described as an authorization issue addressed by improved state management. The CVE affects macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, and macOS Tahoe 26.4, with the impact that an app may be able to access sensitive user data. The primary technical ...

5.3CVSS5.8AI score0.00344EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/25 12:32 a.m.5 views

CVE-2026-20694

This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.4, macOS Sonoma 14.8.5, macOS Tahoe 26.3, macOS Tahoe 26.4. An app may be able to access user-sensitive data...

5.8AI score0.00197EPSS
Exploits0References7
EUVD
EUVD
added 2026/03/25 12:32 a.m.6 views

EUVD-2026-15068

This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.4, macOS Sonoma 14.8.5, macOS Tahoe 26.3, macOS Tahoe 26.4. An app may be able to access user-sensitive data...

5.8AI score0.00197EPSS
Exploits0References7
HackRead
HackRead
added 2026/03/24 11:37 a.m.8 views

DarkSword iPhone Exploit Leaked Online, Hundreds of Millions at Risk

DarkSword exploit leak puts up to 270 million iPhones at risk, with hackers able to access data through…...

5.7AI score
Exploits0
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.12 views

CKAN MCP Server 代码问题漏洞

CKAN MCP Server is an open-source tool developed by onData, designed for natural language queries between AI assistants and open data platforms. Versions of CKAN MCP Server prior to 0.4.85 contained code vulnerabilities. These vulnerabilities stemmed from insufficient validation of the baseurl...

5.7CVSS5.9AI score0.00289EPSS
Exploits1References2
NVD
NVD
added 2026/03/19 2:16 p.m.9 views

CVE-2025-71257

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain an authentication bypass vulnerability due to improper enforcement of security filters on restricted REST API endpoints and servlets. Unauthenticated remote attackers can bypass access controls to invoke restricted functionality a...

9.1CVSS0.044EPSS
Exploits1References3
CVE
CVE
added 2026/03/18 1:15 a.m.30 views

CVE-2026-28500

CVE-2026-28500 affects ONNX up to v1.20.1 where onnx.hub.load() bypasses security checks due to flawed repository trust logic. The silent=True flag silences warnings and prompts, enabling a vector for zero-interaction supply-chain attacks. When combined with filesystem vulnerabilities, an attacke...

9.1CVSS5.7AI score0.00318EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/07 4:35 p.m.4 views

CVE-2026-30859

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a broken access control vulnerability in the database query tool allows any authenticated tenant to read sensitive data belonging to other tenants, including API keys, mod...

5.3CVSS5.8AI score0.00213EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.17 views

PT-2026-23630

Name of the Vulnerable Software and Affected Versions TinyWeb versions prior to 2.04 Description TinyWeb, a web server for Win32, is susceptible to a header value confusion issue due to insufficient sanitization of control characters CR, LF, and NUL, including encoded forms like %0d, %0a, and %00...

9.2CVSS5.9AI score0.00387EPSS
Exploits1References8
CNNVD
CNNVD
added 2026/03/03 12:0 a.m.8 views

IBM MQ Appliance 加密问题漏洞

IBM MQ Appliance is an IBM software that is pre-installed on specialized, secure hardware. Versions of IBM MQ Appliance 9.4 CD 9.4.4.1 and earlier have a security vulnerability due to the use of encryption algorithms that are weaker than expected. This vulnerability may allow attackers to decrypt...

5.9CVSS5.8AI score0.0017EPSS
Exploits0References2
OSV
OSV
added 2026/02/26 10:36 p.m.7 views

CVE-2026-28216 hoppscotch has IDOR in updateUserEnvironment / deleteUserEnvironment

hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, any logged-in user can read, modify or delete another user's personal environment by ID. user-environments.resolver.ts:82-109, updateUserEnvironment mutation uses @UseGuardsGqlAuthGuard but is missing the @GqlUser...

8.3CVSS6AI score0.00394EPSS
Exploits1References4
CVE
CVE
added 2026/02/25 10:49 a.m.43 views

CVE-2025-62878

The CVE-2025-62878 exposure is a path traversal flaw in the Local Path Provisioner (rancher.io/local-path) via the parameters.pathPattern in StorageClass. A malicious user can craft pathPattern (using relative segments like ../) to cause PersistentVolumes to target arbitrary host paths, e.g., ove...

9.9CVSS5.5AI score0.00581EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/24 2:56 p.m.24 views

CVE-2026-27732 AVideo has Authenticated Server-Side Request Forgery via downloadURL in aVideoEncoder.json.php

WWBN AVideo is an open source video platform. Prior to version 22.0, the aVideoEncoder.json.php API endpoint accepts a downloadURL parameter and fetches the referenced resource server-side without proper validation or an allow-list. This allows authenticated users to trigger server-side requests ...

8.6CVSS0.00235EPSS
Exploits0References3
Rows per page
Query Builder