Lucene search
K

8805 matches found

Nuclei
Nuclei
added yesterday157 views

NestJS DevTools Integration - Remote Code Execution

Nest is a framework for building scalable Node.js server-side applications. In versions 0.2.0 and below, a critical Remote Code Execution RCE vulnerability was discovered in the @nestjs/devtools-integration package. When enabled, the package exposes a local development HTTP server with an API...

9.4CVSS7.5AI score0.43921EPSS
Exploits4References3
Nuclei
Nuclei
added yesterday253 views

Vite - Arbitrary File Read

Vite, a provider of frontend development tooling, has a vulnerability in versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10. @fs denies access to files outside of Vite serving allow list. Adding ?raw?? or ?import&raw?? to the URL bypasses this limitation and returns the file content if it...

7.5CVSS6.7AI score0.74998EPSS
Exploits28References2
RedHat Linux
RedHat Linux
added 4 days ago4 views

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: python3.11: python3.11-3.11.15-5.2.hum1 aarch64, x8664 python3.11-debug-3.11.15-5.2.hum1 aarch64, x8664 python3.11-devel-3.11.15-5.2.hum1 aarch64, x8664 python3.11-idle-3.11.15-5.2.hum1 aarch64,...

8.7CVSS6.1AI score0.00613EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 4 days ago3 views

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: nodejs26: nodejs26-26.5.0-1.3.hum1 aarch64, x8664 nodejs26-bin-26.5.0-1.3.hum1 noarch nodejs26-devel-26.5.0-1.3.hum1 aarch64, x8664 nodejs26-docs-26.5.0-1.3.hum1 noarch...

7.5CVSS6.9AI score0.00759EPSS
Exploits0References7
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42939

ESF-IDF is the Espressif Internet of Things IOT Development Framework. Versions 6.0.1, 5.5.4, 5.4.4, 5.3.5, and possibly prior contain an out-of-bounds write in jpegparsedqtmarker in components/espdriverjpeg/jpegparsemarker.c because the attacker-controlled DQT marker Tq nibble is used as an inde...

7.5CVSS6.1AI score0.00385EPSS
Exploits0References7
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-15326 halo-dev halo Theme Installation ThemeUtils.java ThemeUtils.unzipThemeTo path traversal

A vulnerability was identified in halo-dev halo up to 2.24.2. This affects the function ThemeUtils.unzipThemeTo of the file ThemeUtils.java of the component Theme Installation. Such manipulation of the argument metadata.name leads to path traversal. The attack may be launched remotely. The exploi...

5.1CVSS0.00364EPSS
Exploits0References6
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-42782

A vulnerability was identified in halo-dev halo up to 2.24.2. This affects the function ThemeUtils.unzipThemeTo of the file ThemeUtils.java of the component Theme Installation. Such manipulation of the argument metadata.name leads to path traversal. The attack may be launched remotely. The exploi...

5.1CVSS5.6AI score0.00364EPSS
Exploits0References6
CVE
CVE
added 4 days ago8 views

CVE-2026-15326

The CVE-2026-15326 entry concerns halo-dev halo up to version 2.24.2. It affects ThemeUtils.unzipThemeTo in ThemeUtils.java (Theme Installation). The vulnerability arises from manipulation of the argument metadata.name, enabling path traversal. This can be triggered remotely, and a public exploit...

5.1CVSS5.6AI score0.00364EPSS
Exploits0References6
Rockylinux
Rockylinux
added 5 days ago5 views

edk2 security, bug fix, and enhancement update

An update is available for edk2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list EDK Embedded Development Kit is a project to enable UEFI support for Virtual...

7.5CVSS6.9AI score0.01744EPSS
Exploits0
RedHat Linux
RedHat Linux
added 5 days ago4 views

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: ruby4.0: ruby4.0-4.0.5-35.hum1 aarch64, x8664 ruby4.0-bundled-gems-4.0.5-35.hum1 aarch64, x8664 ruby4.0-default-gems-4.0.5-35.hum1 noarch ruby4.0-devel-4.0.5-35.hum1 aarch64, x8664...

9.8CVSS6.1AI score0.00813EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-56961

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Struktur Core struktur-core allows PHP Local File Inclusion.This issue affects Struktur Core: from n/a through = 2.5.1...

7.5CVSS6.1AI score0.00496EPSS
Exploits0References3
NVD
NVD
added 6 days ago7 views

CVE-2026-55437

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.17, 2.32.7, 2.33.8, and 2.34.2, the AgentLogLine dashboard component instantiated ansi-to-html without escapeXML: true and inserted the result via dangerouslySetInnerHTML so HTML embedded...

5.4CVSS0.00316EPSS
Exploits0References6
NVD
NVD
added 6 days ago6 views

CVE-2026-55430

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the workspace app proxy resolves the target app from httpapi.RequestHost which prefers the X-Forwarded-Host header over the real Host header. No middleware...

6.8CVSS0.00208EPSS
Exploits0References6
NVD
NVD
added 6 days ago7 views

CVE-2026-55432

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the CreateSubAgent RPC did not validate a requested app sharing level against the template's MaxPortSharingLevel before persisting workspace apps, letting a...

5.4CVSS0.00315EPSS
Exploits0References6
NVD
NVD
added 6 days ago6 views

CVE-2026-55433

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the devcontainer recreate endpoint relied on route middleware that checked only ActionRead on the workspace and, unlike the sibling delete endpoint, perform...

5.4CVSS0.00394EPSS
Exploits0References6
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-42148

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the devcontainer recreate endpoint relied on route middleware that checked only ActionRead on the workspace and, unlike the sibling delete endpoint, perform...

5.4CVSS6AI score0.00394EPSS
Exploits0References6
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42147

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the CreateSubAgent RPC did not validate a requested app sharing level against the template's MaxPortSharingLevel before persisting workspace apps, letting a...

5.4CVSS6AI score0.00315EPSS
Exploits0References6
NVD
NVD
added 6 days ago10 views

CVE-2026-55428

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the tailnet coordinator validates that an agent's Addresses derive from its authenticated UUID but applies no equivalent check to AllowedIPs. The coordinato...

8.2CVSS0.00405EPSS
Exploits0References6
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42136

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the workspace app proxy resolves the target app from httpapi.RequestHost which prefers the X-Forwarded-Host header over the real Host header. No middleware...

6.8CVSS6AI score0.00208EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added last week5 views

CVE-2026-55077

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the PUT /api/v2/users/user/password endpoint authorized only ActionUpdatePersonal and did not prevent a user-admin from resetting an owner account's passwor...

7.2CVSS6AI score0.00615EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder