Lucene search
K

572 matches found

cnnvd
cnnvd
added 2026/03/29 12:0 a.m.9 views

LoLLMs 授权问题漏洞

LoLLMs is a large language and multimodal system developed by Saifeddine ALOUI. Versions of LoLLMs 2.2.0 and earlier contained an authorization vulnerability. This vulnerability stemmed from the lack of mandatory authentication for the/api/files/extract-text endpoint, which could lead to...

9.8CVSS7.1AI score0.0043EPSS
Exploits1References3
cnnvd
cnnvd
added 2026/03/27 12:0 a.m.9 views

Fleet SQL注入漏洞

Fleet is an open-source device management platform developed by Fleet Device Management. It supports various operating systems and devices, and helps IT and security teams with device management, vulnerability reporting, MDM operations, etc. Versions of Fleet prior to 4.81.0 contained a SQL...

8.8CVSS6AI score0.00318EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/03/27 12:0 a.m.14 views

elixir-nodejs 竞争条件问题漏洞

Elixir-nodejs is an open-source project by Revelry that serves as an Elixir API for calling Node.js functions. Versions of elixir-nodejs prior to 3.1.4 contained a race condition vulnerability. This vulnerability stemmed from race conditions in the working protocol, which led to the loss of...

7.1CVSS5.8AI score0.00315EPSS
Exploits0References5
osv
osv
added 2026/03/24 9:16 p.m.3 views

DEBIAN-CVE-2026-4371

A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking...

7.4CVSS7.9AI score0.0036EPSS
Exploits0References1
osv
osv
added 2026/03/24 9:16 p.m.9 views

UBUNTU-CVE-2026-4371

A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking...

8.2CVSS7.2AI score0.0036EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/03/24 12:0 a.m.8 views

PT-2026-27517

Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 149 Thunderbird versions prior to 140.9 Description A specially crafted email could contain malformed strings with negative lengths, leading to a memory read outside of the intended buffer. Successful exploitation...

10CVSS6.4AI score0.01279EPSS
Exploits1References49
cnnvd
cnnvd
added 2026/03/20 12:0 a.m.7 views

kargo 代码问题漏洞

Kargo is an open-source continuous delivery tool developed by Akuity. Versions of Kargo prior to 1.6.3, 1.7.8 and earlier, 1.8.11 and earlier, as well as 1.9.4 and earlier, have code vulnerabilities. These vulnerabilities stem from server-side request forgery during the HTTP and http-download...

5.1CVSS6.5AI score0.00328EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/03/13 12:0 a.m.8 views

PT-2026-25315

CVE-2026-225757: GetGenie WP plugin IDOR flaw all ≤4.3.2 lets unauth users access/modify/delete arbitrary objects via ID manipulation. Update to 4.3.3 now—check for leaked data. CyberSec WordPress IDOR https://t.co/HVW0fbWe9M...

5.9AI score
Exploits0References1
debian
debian
added 2026/03/10 9:23 p.m.10 views

[SECURITY] [DSA 6159-1] imagemagick security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6159-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 10, 2026 https://www.debian.org/security/faq -...

9.8CVSS6.6AI score0.00671EPSS
Exploits0
thn
thn
added 2026/03/10 4:21 p.m.8 views

How to Stop AI Data Leaks: A Webinar Guide to Auditing Modern Agentic Workflows

Artificial Intelligence AI is no longer just a tool we talk to; it is a tool that does things for us. These are called AI Agents. They can send emails, move data, and even manage software on their own. But there is a problem. While these agents make work faster, they also open a new "back door" f...

5.9AI score
Exploits0
cnnvd
cnnvd
added 2026/03/10 12:0 a.m.8 views

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. Versions of Parse Server prior to 9.5.2-alpha.3 and 8.6.16 contain security vulnerabilities. These vulnerabilities stem from the lack of enforceable class-level...

8.7CVSS5.8AI score0.00426EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/03/10 12:0 a.m.8 views

OneUptime 安全漏洞

OneUptime is a comprehensive solution developed by OneUptime OpenSource. It is used to monitor and manage your online services. Versions of OneUptime prior to 10.0.21 contained security vulnerabilities. These vulnerabilities stemmed from bypasses in authorization and tenant isolation, which could...

9.9CVSS5.8AI score0.00494EPSS
Exploits1References2
metasploit
metasploit
added 2026/03/09 6:57 p.m.325 views

LeakIX Search

This module uses the LeakIX API to search for exposed services and data leaks. LeakIX is a search engine focused on indexing internet-exposed services and leaked credentials/databases. An API key is required free at https://leakix.net. Actions: SEARCH - Query LeakIX with a search string and scope...

5.8AI score
Exploits0
cnnvd
cnnvd
added 2026/03/09 12:0 a.m.12 views

Shannon 信任管理问题漏洞

Shannon is an open-source white-box penetration testing tool developed by KeygraphHQ. Shannon has a vulnerability related to trust management, which stems from hardcoded API keys in router configurations. This vulnerability could allow unauthenticated attackers to make proxy requests and...

7.3CVSS5.8AI score0.00243EPSS
Exploits0References4
ubuntu
ubuntu
added 2026/03/05 10:53 p.m.10 views

USN-8076-1: Qt vulnerabilities

It was discovered that Qt did not correctly handle OpenSSL's error queue. An attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 20.04 LTS. CVE-2020-13962 It was discovered that Qt incorrectly handled certain XBM image files. If a user or...

9.8CVSS6.2AI score0.03915EPSS
Exploits1
packetstormnews
packetstormnews
added 2026/03/02 12:0 a.m.3 views

ClawShield 1.0.0

ClawShield is a security proxy for AI agents. It scans all inbound and outbound messages for prompt injection, PII leaks, and secrets...

5.9AI score
Exploits0
cnnvd
cnnvd
added 2026/02/25 12:0 a.m.7 views

pgvector 安全漏洞

pgvector is an open-source Postgres vector similarity search tool developed by pgvector. Versions 0.6.0 to 0.8.1 of pgvector contain security vulnerabilities. These vulnerabilities stem from buffer overflows during the parallel HNSW index construction process, which could lead to data leaks or...

8.1CVSS5.9AI score0.00263EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/02/18 6:42 a.m.6 views

CVE-2026-1857

The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.6.1. This is due to insufficient validation of the endpoint parameter in the getitems function of the GetResponse REST API handler. The endpoint's...

4.3CVSS5.7AI score0.00283EPSS
Exploits0References5
cnnvd
cnnvd
added 2026/02/11 12:0 a.m.10 views

PanCafe Pro 安全漏洞

PanCafe Pro is an internet cafe billing and management software developed by the Turkish company PanCafe. Versions of PanCafe Pro prior to version 3.3.2 up to 23092025 contained security vulnerabilities. These vulnerabilities were due to the transmission of sensitive information in plain text,...

8.3CVSS5.8AI score0.00124EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/02/11 12:0 a.m.6 views

Vadi Corporate Information Systems DigiKent 安全漏洞

Vadi Corporate Information Systems DigiKent is an internet platform operated by Vadi Corporate Information Systems in Turkey. Vadi Corporate Information Systems DigiKent versions prior to 13092025 contained security vulnerabilities. These vulnerabilities stemmed from the exposure of sensitive...

8.2CVSS5.8AI score0.00217EPSS
Exploits0References1
Rows per page
Query Builder