Lucene search
K

660 matches found

Github Security Blog
Github Security Blog
added 2026/04/22 8:37 p.m.12 views

Gitea has insecure default SSH settings

Summary The built-in SSH server currently advertises a number of key exchange, MAC, and host key algorithms that are considered weak or broken. The defaults should be tightened so a fresh installation passes a baseline SSH security audit out of the box. Details Running ssh-audit against a default...

5.8AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/22 8:37 p.m.8 views

GHSA-3M6Q-H5GJ-7MRW Gitea has insecure default SSH settings

Summary The built-in SSH server currently advertises a number of key exchange, MAC, and host key algorithms that are considered weak or broken. The defaults should be tightened so a fresh installation passes a baseline SSH security audit out of the box. Details Running ssh-audit against a default...

6.3CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/22 7:57 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the POST /api/lunchflow/link endpoint, which insufficiently validates user-supplied URLs and fails to restrict access to internal or sensitive network addresses. An attacker can cause the server to...

8.5CVSS5.9AI score0.00331EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.5 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013510)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013510 advisory. In the Linux kernel, the following vulnerability has been resolved: serial: 8250: Reinit port-pm on port specific driver unbind When we unbind a serial port hardware...

5.5CVSS5.7AI score0.00146EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/04/21 5:38 p.m.9 views

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.3.2

Red Hat OpenShift Service Mesh 3.3.2 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift Service Mesh 3.3....

7.5CVSS7.3AI score0.00728EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/21 12:30 p.m.4 views

EUVD-2026-24084

This vulnerability exists in Quantum Networks router due to improper access control and insecure default configuration in the web-based management interface. An unauthenticated attacker could exploit this vulnerability by accessing exposed API endpoints on the targeted device. Successful...

8.7CVSS5.8AI score0.00261EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/21 10:28 a.m.2 views

CVE-2026-41039 Information Disclosure Vulnerability in Quantum Networks Router QN-I-470

This vulnerability exists in Quantum Networks router due to improper access control and insecure default configuration in the web-based management interface. An unauthenticated attacker could exploit this vulnerability by accessing exposed API endpoints on the targeted device. Successful...

8.7CVSS5.8AI score0.00261EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/21 10:28 a.m.6 views

CVE-2026-41039

This vulnerability exists in Quantum Networks router due to improper access control and insecure default configuration in the web-based management interface. An unauthenticated attacker could exploit this vulnerability by accessing exposed API endpoints on the targeted device. Successful...

8.7CVSS5.8AI score0.00261EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/21 10:28 a.m.29 views

CVE-2026-41039 Information Disclosure Vulnerability in Quantum Networks Router QN-I-470

This vulnerability exists in Quantum Networks router due to improper access control and insecure default configuration in the web-based management interface. An unauthenticated attacker could exploit this vulnerability by accessing exposed API endpoints on the targeted device. Successful...

8.7CVSS0.00261EPSS
Exploits0References1
NVD
NVD
added 2026/04/21 7:16 a.m.4 views

CVE-2026-6703

The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.2.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticat...

4.3CVSS0.0023EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/04/21 6:43 a.m.31 views

CVE-2026-6703 Responsive Blocks <= 2.2.1 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification via AJAX Actions

The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.2.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticat...

4.3CVSS0.0023EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/04/21 6:43 a.m.5 views

CVE-2026-6703 Responsive Blocks <= 2.2.1 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification via AJAX Actions

The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.2.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticat...

4.3CVSS5.7AI score0.0023EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/04/21 6:43 a.m.4 views

CVE-2026-6703

The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.2.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticat...

4.3CVSS5.7AI score0.0023EPSS
Exploits0References9Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.5 views

PT-2026-33919

The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.2.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticat...

4.3CVSS5.7AI score0.0023EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.5 views

PT-2026-33929

This vulnerability exists in Quantum Networks router due to improper access control and insecure default configuration in the web-based management interface. An unauthenticated attacker could exploit this vulnerability by accessing exposed API endpoints on the targeted device. Successful...

8.7CVSS5.8AI score0.00261EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2026/04/20 10:42 a.m.27 views

Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain

Cybersecurity researchers have discovered a critical "by design" weakness in the Model Context Protocol's MCP architecture that could pave the way for remote code execution and have a cascading effect on the artificial intelligence AI supply chain. "This flaw enables Arbitrary Command Execution R...

9.9CVSS7.4AI score0.38532EPSS
Exploits9
EUVD
EUVD
added 2026/04/20 6:31 a.m.4 views

EUVD-2026-23758

Initialization of a resource with an insecure default vulnerability exists in SD-330AC and AMC Manager provided by silex technology, Inc. When the affected device is connected to the network with the initial factory-default configuration, the device can be configured with the null string password...

8.7CVSS5.8AI score0.00346EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.10 views

Silex SD-330AC和Silex AMC Manager 安全漏洞

Both the Silex SD-330AC and the Silex AMC Manager are products of the Japanese company Silex. The Silex SD-330AC is a device server that provides wireless network connectivity and the ability to share with USB devices. The Silex AMC Manager is a management software used for centralized management...

8.7CVSS7.1AI score0.00346EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/16 10:47 p.m.6 views

Paperclip: codex_local inherited ChatGPT/OpenAI-connected Gmail and was able to send real email

Summary A Paperclip-managed codexlocal runtime was able to access and use a Gmail connector that I had connected in the ChatGPT/OpenAI apps UI, even though I had not explicitly connected Gmail inside Paperclip or separately inside Codex. In my environment this enabled mailbox access and a real...

5.9AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/16 10:47 p.m.3 views

GHSA-GQQJ-85QM-8QHF Paperclip: codex_local inherited ChatGPT/OpenAI-connected Gmail and was able to send real email

Summary A Paperclip-managed codexlocal runtime was able to access and use a Gmail connector that I had connected in the ChatGPT/OpenAI apps UI, even though I had not explicitly connected Gmail inside Paperclip or separately inside Codex. In my environment this enabled mailbox access and a real...

8.7CVSS5.9AI score
Exploits0References2
Rows per page
Query Builder