Lucene search
K

51586 matches found

NVD
NVD
added 14 hours ago5 views

CVE-2026-15535

A vulnerability was determined in AkariAsai self-rag up to 1fcdc420e48f50a7d7ab1ece5494221b93252e99. Affected by this issue is the function Indexer.deserializefrom of the file retrievallm/src/index.py of the component retrievallm. Executing a manipulation of the argument indexmeta.faiss can lead ...

6.5CVSS
Exploits0References7
Nuclei
Nuclei
added 15 hours ago301 views

OwnCloud - Phpinfo Configuration

An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment phpinfo. This information...

10CVSS7.1AI score0.78428EPSS
Exploits5References6
Nuclei
Nuclei
added 15 hours ago36 views

Brother MFC-L9570CDW - Information Disclosure

An unauthenticated attacker who can access either the HTTP service TCP port 80, the HTTPS service TCP port 443, or the IPP service TCP port 631, can leak several pieces of sensitive information from a vulnerable device. The URI path /etc/mntinfo.csv can be accessed via a GET request and no...

5.3CVSS7AI score0.7656EPSS
Exploits0References1
Nuclei
Nuclei
added 15 hours ago39 views

Duplicator < 1.4.7.1 - Information Disclosure

The Duplicator WordPress plugin before 1.4.7 does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site. id: CVE-2022-2552 info: name: Duplicator 1.4.7.1 - Information Disclosure author:...

5.3CVSS6.2AI score0.08415EPSS
Exploits5References2
Nuclei
Nuclei
added 15 hours ago72 views

ArgoCD Project API Token Repository Credentials Exposure

Argo CD API tokens with project-level permissions are able to retrieve sensitive repository credentials usernames, passwords through the project details API endpoint, even when the token only has standard application management permissions and no explicit access to secrets. This vulnerability...

9.9CVSS7.1AI score0.04518EPSS
Exploits1References3
NVD
NVD
added yesterday8 views

CVE-2026-15498

A vulnerability was identified in sergomanov SmartHomeAdatum up to cf495353d81b680675eb8d9aa14a318aa45ce12c. This impacts an unknown function of the file users.php of the component Login. Such manipulation of the argument Login leads to sql injection. The attack may be launched remotely. This...

7.5CVSS
Exploits0References4
EUVD
EUVD
added yesterday6 views

EUVD-2026-43215

A vulnerability was detected in Akpali9 Attendance-Management-System up to 70b91fe38f4195b701a45f0edcd4f42d5f64aeee. This issue affects some unknown processing of the file absent.php. Performing a manipulation of the argument exportdate results in cross site scripting. It is possible to initiate...

5.1CVSS4.8AI score
Exploits0References4
Circl
Circl
added 3 days ago8 views

GHSA-HJR6-G723-HMFM

creationtimestamp| type| source ---|---|--- 2026-07-10 16:01:02+00:00| seen| https://thehackernews.com/2026/07/researcher-details-whatsapp-to-host.html 2026-07-10 20:00:23+00:00| seen| https://bsky.app/profile/iberianm.bsky.social/post/3mqcwsfxjof2i 2026-07-11 01:00:51+00:00| seen|...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago6 views

Malicious code in proxy-check-i (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2da390c130eb840eb129a5d43faf0a64a0f0f602070243613aa0e2f8ea8f6d04 The package advertises itself as a wrapper for a 'qsshd executable' but the bundled Go binary is a reverse-SSH daemon that grants a remote operator...

6.3AI score
Exploits0References3
Chainguard
Chainguard
added 4 days ago5 views

CVE-2026-13847 vulnerabilities

Vulnerabilities for packages: chromium...

6.5CVSS5.9AI score0.00318EPSS
Exploits0
Circl
Circl
added 4 days ago7 views

CVE-2026-58144

creationtimestamp| type| source ---|---|--- 2026-07-09 13:45:12+00:00| seen| https://gist.github.com/sermikr0/75686815e441c07462cfdea2fed5d305 2026-07-10 00:03:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqatvsmcv62t 2026-07-10 18:39:34+00:00| seen|...

5.4CVSS6.1AI score0.00136EPSS
Exploits0References3
NVD
NVD
added 4 days ago8 views

CVE-2026-12433

The Hydra Booking – Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.2.1 via the /wp-json/hydra-booking/v1/booking/details/id REST endpoint. This is due to the getBookingDetails callback only...

4.3CVSS0.00435EPSS
Exploits0References10
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-42550

The Hydra Booking – Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.2.1 via the /wp-json/hydra-booking/v1/booking/details/id REST endpoint. This is due to the getBookingDetails callback only...

4.3CVSS5.9AI score0.00435EPSS
Exploits0References10
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-12433 Hydra Booking <= 1.2.1 - Authenticated (Custom+) Insecure Direct Object Reference to Sensitive Information Exposure via 'booking_id' Parameter

The Hydra Booking – Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.2.1 via the /wp-json/hydra-booking/v1/booking/details/id REST endpoint. This is due to the getBookingDetails callback only...

4.3CVSS0.00435EPSS
Exploits0References10
CVE
CVE
added 4 days ago13 views

CVE-2026-12433

The CVE describes a vulnerability in the Hydra Booking WordPress plugin (versions up to 1.2.1) where an Insecure Direct Object Reference in the /wp-json/hydra-booking/v1/booking/details/{id} endpoint allows authenticated hosts with the tfhb_manage_options capability to view booking records from o...

4.3CVSS5.9AI score0.00435EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 4 days ago7 views

CVE-2026-12433

The Hydra Booking – Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.2.1 via the /wp-json/hydra-booking/v1/booking/details/id REST endpoint. This is due to the getBookingDetails callback only...

4.3CVSS5.9AI score0.00435EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-59708

The GET /api/v1/public/:accessId/portfolio endpoint in ghostfolio accepts private access IDs without validating granteeUserId filtering, allowing unauthenticated access to full portfolio data. Attackers with a private access ID can retrieve sensitive portfolio information including holdings,...

8.7CVSS6AI score0.00343EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 6 days ago9 views

SUSE CVE-2026-58386

unknown...

5.9AI score
Exploits0References3
OSV
OSV
added 6 days ago3 views

PYSEC-2026-967 TensorFlow has Segfault in Bincount with XLA

Impact When running with XLA, tf.rawops.Bincount segfaults when given a parameter weights that is neither the same shape as parameter arr nor a length-0 tensor. python import tensorflow as tf func = tf.rawops.Bincount para='arr': 6, 'size': 804, 'weights': 52, 351 @tf.functionjitcompile=True def...

7.5CVSS6.9AI score0.00391EPSS
Exploits0References6
OSV
OSV
added 6 days ago2 views

PYSEC-2026-1017 TensorFlow vulnerable to `CHECK` fail in `Save` and `SaveSlices`

Impact If Save or SaveSlices is run over tensors of an unsupported dtype, it results in a CHECK fail that can be used to trigger a denial of service attack. python import tensorflow as tf filename = tf.constant"" tensornames = tf.constant"" Save data = tf.casttf.random.uniformshape=1,...

5.9CVSS6.9AI score0.00396EPSS
Exploits0References7
Rows per page
Query Builder