Lucene search
K

740 matches found

Nuclei
Nuclei
added yesterday164 views

Nacos <1.4.1 - Authentication Bypass

Nacos before version 1.4.1 is vulnerable to authentication bypass because the ConfigOpsController lets the user perform management operations like querying the database or even wiping it out. While the /data/remove endpoint is properly protected with the @Secured annotation, the /derby endpoint i...

8.6CVSS7AI score0.64697EPSS
Exploits2References5
EUVD
EUVD
added 2026/07/07 2:52 a.m.5 views

EUVD-2026-41980

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, Sanctum API tokens did not expire, allowing a leaked token to retain access indefinitely until manually revoked. This issue is fixed in version 4.0.0-beta.474...

3.1CVSS6AI score0.00188EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.11 views

PT-2026-56138

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.474 Description An issue exists in the file upload endpoint app/Http/Controllers/UploadController.php used for database backup restore uploads. The system fails to enforce file type or size validation, whic...

3.1CVSS6.1AI score0.0025EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.7 views

PT-2026-56027

Name of the Vulnerable Software and Affected Versions Coolify versions 4.0.0-beta.471 through 4.0.0-beta.473 Description A regression in the SHELL SAFE COMMAND PATTERN allows ampersands to be used in custom Docker Compose build, start, and pre/post-deployment command fields. This enables an...

8.8CVSS6.2AI score0.00359EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.12 views

AdminPanel 安全漏洞

AdminPanel is a database management panel developed by Jason000. Version 4.0 of AdminPanel contains a security vulnerability, which stems from a cross-site request forgeing vulnerability in the delete.php endpoint...

6.3CVSS5.7AI score0.00097EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/19 10:45 p.m.6 views

CVE-2026-6582

A flaw has been found in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function getvectordbdetails of the file superagi/controllers/vectordbs.py of the component Vector Database Management Endpoint. Executing a manipulation can lead to missing authentication. The attack...

7.5CVSS5.3AI score0.00391EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/04/19 10:45 p.m.13 views

CVE-2026-6582

TransformerOptimus SuperAGI up to 0.0.14: the get_vector_db_details function in superagi/controllers/vector_dbs.py of the Vector Database Management Endpoint is vulnerable to a manipulation that leads to missing authentication. This is a remote-exploit, with a publicly published exploit and confi...

7.5CVSS6.6AI score0.00391EPSS
Exploits0References4
NVD
NVD
added 2026/03/19 5:16 p.m.7 views

CVE-2026-30403

There is an arbitrary file read vulnerability in the test connection function of backend database management in wgcloud v3.6.3 and before, which can be used to read any file on the victim's server...

7.5CVSS0.00375EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/19 12:0 a.m.25 views

CVE-2026-30403

There is an arbitrary file read vulnerability in the test connection function of backend database management in wgcloud v3.6.3 and before, which can be used to read any file on the victim's server...

0.00375EPSS
Exploits1References2
CVE
CVE
added 2026/03/19 12:0 a.m.21 views

CVE-2026-30404

The CVE-2026-30404 entry concerns wgcloud v3.6.3, where the backend database management connection test feature is vulnerable to server-side request forgery (SSRF). The vulnerability could allow the server to initiate requests to internal networks, remotely download malicious files, and perform o...

7.5CVSS5.8AI score0.00253EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/19 12:0 a.m.3 views

CVE-2026-30403

There is an arbitrary file read vulnerability in the test connection function of backend database management in wgcloud v3.6.3 and before, which can be used to read any file on the victim's server...

5.9AI score0.00375EPSS
Exploits1References2
CVE
CVE
added 2026/03/19 12:0 a.m.12 views

CVE-2026-30403

CVE-2026-30403 affects wgcloud before 3.6.3, where the vulnerable area is the test connection function in the backend database management module. The issue allows an attacker to perform an arbitrary file read on the victim’s server, exposing sensitive files. The description and connected sources ...

7.5CVSS5.9AI score0.00375EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.12 views

wgcloud 安全漏洞

WGCloud is a lightweight distributed server monitoring and operation system developed by Tianshiyeben as an individual developer. WGCloud versions 3.6.3 and earlier have security vulnerabilities. These vulnerabilities stem from the test connection feature in backend database management, which...

7.5CVSS6AI score0.00375EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/09 7:54 p.m.4 views

CVE-2026-3761

A flaw has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown processing of the file /superadminuserdelete.php of the component Endpoint. Executing a manipulation of the argument userid can lead to improper authorization. The attack may be performe...

5.5CVSS5.5AI score0.00337EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/09 7:53 p.m.6 views

CVE-2026-3762

A vulnerability has been found in SourceCodester Client Database Management System 1.0/3.1. Impacted is an unknown function of the file /superadmindeletemanager.php of the component Endpoint. The manipulation of the argument managerid leads to improper authorization. It is possible to initiate th...

9.8CVSS5.5AI score0.00496EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/09 7:53 p.m.7 views

CVE-2026-3764

A vulnerability was determined in SourceCodester Client Database Management System 1.0. The impacted element is an unknown function of the file /superadminuserupdate.php. This manipulation causes improper authorization. The attack can be initiated remotely. The exploit has been publicly disclosed...

7.5CVSS5.6AI score0.00364EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/09 1:59 p.m.4 views

CVE-2026-3734

A flaw has been found in SourceCodester Client Database Management System 1.0. Affected is an unknown function of the file /fetchmanagerdetails.php of the component Endpoint. This manipulation of the argument managerid causes improper authorization. The attack can be initiated remotely. The explo...

7.5CVSS5.5AI score0.00364EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/08 9:30 p.m.6 views

EUVD-2026-10264

A flaw has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown processing of the file /superadminuserdelete.php of the component Endpoint. Executing a manipulation of the argument userid can lead to improper authorization. The attack may be performe...

5.5CVSS5.5AI score0.00337EPSS
Exploits1References6
NVD
NVD
added 2026/03/08 8:15 p.m.7 views

CVE-2026-3764

A vulnerability was determined in SourceCodester Client Database Management System 1.0. The impacted element is an unknown function of the file /superadminuserupdate.php. This manipulation causes improper authorization. The attack can be initiated remotely. The exploit has been publicly disclosed...

7.5CVSS0.00364EPSS
Exploits1References5
CVE
CVE
added 2026/03/08 7:32 p.m.20 views

CVE-2026-3764

Affected software: SourceCodester Client Database Management System 1.0. Vulnerability: improper authorization in an unknown function of the file /superadmin_user_update.php, as described in multiple sources. Root cause / impact: remote access without required privileges could lead to unauthorize...

7.5CVSS6.9AI score0.00364EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder