Lucene search
K

7868 matches found

EUVD
EUVD
added 2026/03/05 9:30 p.m.7 views

EUVD-2025-208329

An issue in Aranda Service Desk Web Edition ASDK API 8.6 allows authenticated attackers to achieve remote code execution due to improper validation of uploaded files. An authenticated user can upload a crafted web.config file by sending a crafted POST request to /ASDKAPI/api/v8.6/item/addfile,...

6.6AI score0.00612EPSS
Exploits0References3
NVD
NVD
added 2026/03/05 9:16 p.m.4 views

CVE-2026-22723

Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0...

6.5CVSS0.00224EPSS
Exploits0References1
OSV
OSV
added 2026/03/05 9:16 p.m.4 views

CVE-2026-22723

Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0...

6.5CVSS5.9AI score0.00224EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/05 8:57 p.m.7 views

CVE-2026-29188

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.61.1, a broken access control vulnerability in the TUS protocol DELETE endpoint allows authenticated users with only Create...

9.1CVSS5.9AI score0.00487EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 8:55 p.m.11 views

Pingora vulnerable to HTTP Request Smuggling via Premature Upgrade

Impact Pingora versions prior to 0.8.0 would immediately forward bytes following a request with an Upgrade header to the backend, without waiting for a 101 Switching Protocols response. This allows an attacker to smuggle requests to the backend and bypass proxy-level security controls. This...

9.3CVSS5.8AI score0.00666EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/05 8:40 p.m.3 views

CVE-2026-22723

Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0...

6.5CVSS5.9AI score0.00224EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/05 8:25 p.m.4 views

CVE-2026-26999

A flaw was found in Traefik, an HTTP reverse proxy and load balancer. A remote unauthenticated client can exploit this vulnerability by sending an incomplete Transport Layer Security TLS record, which causes the TLS handshake to stall indefinitely. This can lead to resource exhaustion, such as fi...

7.5CVSS5.7AI score0.00539EPSS
Exploits0References6
Huntr
Huntr
added 2026/03/05 7:17 a.m.8 views

AI Gateway secret API accepts `$ENV_VAR` references and can be remotely abused to exfiltrate server-side environment credentials to an attacker-controlled upstream endpoint. And the leaked credentials can be further leveraged to break security boundaries.

Analyzed project versions: Current target branch: master Current HEAD: dc8ef3cbbefccf7384f4e3023492aae635c5d5d0 Fix 403 Forbidden for artifact list via query param when defaultpermission=NOPERMISSIONS 21220, commit date: 2026-03-04 The vulnerability is that AI Gateway secrets allow...

9.1CVSS6.1AI score0.00435EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2026/03/05 12:0 a.m.5 views

CVE-2025-70995

An issue in Aranda Service Desk Web Edition ASDK API 8.6 allows authenticated attackers to achieve remote code execution due to improper validation of uploaded files. An authenticated user can upload a crafted web.config file by sending a crafted POST request to /ASDKAPI/api/v8.6/item/addfile,...

6.5AI score0.00612EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/05 12:0 a.m.4 views

CVE-2025-70995

An issue in Aranda Service Desk Web Edition ASDK API 8.6 allows authenticated attackers to achieve remote code execution due to improper validation of uploaded files. An authenticated user can upload a crafted web.config file by sending a crafted POST request to /ASDKAPI/api/v8.6/item/addfile,...

8.8CVSS6.5AI score0.00612EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.8 views

CloudFoundry UAA和CloudFoundry Deployment 安全漏洞

CloudFoundry UAA and CloudFoundry Deployment are both products of the CloudFoundry Foundation. CloudFoundry UAA is a multi-tenant identity management service. CloudFoundry Deployment is a code deployment component. Both CloudFoundry UAA and CloudFoundry Deployment have security vulnerabilities...

6.5CVSS5.9AI score0.00224EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.6 views

PT-2026-23516

Name of the Vulnerable Software and Affected Versions Cloudfoundry UAA versions 77.30.0 through 78.7.0 Cloudfoundry Deployment versions 48.7.0 through 54.10.0 Description A logic error in the implementation of the token revocation endpoint leads to inappropriate user token revocation. The issue...

6.5CVSS5.8AI score0.00224EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/03/04 11:49 p.m.6 views

CVE-2026-2297

A flaw was found in CPython. This vulnerability allows a local user with low privileges to bypass security auditing mechanisms. The issue occurs because the SourcelessFileLoader component, responsible for handling older Python compiled files .pyc, does not properly trigger system audit events. Th...

5.7CVSS5.7AI score0.00202EPSS
Exploits0References8
CVE
CVE
added 2026/03/04 9:58 p.m.19 views

CVE-2026-25750

Langchain Helm Charts (prior to version 0.12.71) include a URL parameter injection vulnerability in LangSmith Studio that could exfiltrate a victim’s bearer token, user ID, and workspace ID to an attacker-controlled server when an authenticated LangSmith user clicks a malicious link. Affected dep...

8.5CVSS6AI score0.00292EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/04 9:58 p.m.7 views

EUVD-2026-9499

Langchain Helm Charts are Helm charts for deploying Langchain applications on Kubernetes. Prior to langchain-ai/helm version 0.12.71, a URL parameter injection vulnerability existed in LangSmith Studio that could allow unauthorized access to user accounts through stolen authentication tokens. The...

8.5CVSS6AI score0.00292EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/04 6:56 p.m.4 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization through improper access control in the pairing store process. An attacker can gain unauthorized access to another account's direct message pairing by leveraging...

8.1CVSS5.8AI score0.00165EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/04 7:37 a.m.6 views

CVE-2025-12345

A security vulnerability has been detected in LLM-Claw 0.1.0/0.1.1/0.1.1a/0.1.1a-p1. The affected element is the function agentdeployinit of the file /agents/deploy/initiate.c of the component Agent Deployment. Such manipulation leads to buffer overflow. It is possible to launch the attack...

9CVSS6.2AI score0.00663EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.9 views

PT-2026-23031

Mattermost fails to use consistent error responses when handling the /mute command in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...

4.3CVSS5.8AI score0.00184EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/03/03 11:23 p.m.8 views

CVE-2026-0540

A cross site scripting flaw has been discovered in the DOMPurify npm library. This flaw allows attackers to bypass attribute sanitization by exploiting five missing rawtext elements noscript, xmp, noembed, noframes, iframe in the SAFEFORXML regex. Attackers can include payloads like in attribute...

6.1CVSS5.3AI score0.0034EPSS
Exploits0References6
EUVD
EUVD
added 2026/03/03 10:14 p.m.6 views

EUVD-2026-9330

The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Prior to 1.6.6, there is a reflected XSS vulnerability in task jobs. This vulnerability is fixed in 1.6.6...

4.5CVSS5.9AI score0.00169EPSS
Exploits0References1
Rows per page
Query Builder