Lucene search
K

408 matches found

Nuclei
Nuclei
added yesterday33 views

Plone Docker - Host Header Injection

Plone Docker Official Image 5.2.13 5221 is vulnerable to Host Header Injection due to improper validation of input by the HOST headers. This can lead to Cross-Site Scripting XSS attacks when the malicious Host header value is reflected in the response. id: CVE-2024-23055 info: name: Plone Docker ...

6.1CVSS6.8AI score0.00911EPSS
Exploits1References3
OSV
OSV
added 5 days ago4 views

PYSEC-2026-2003 vantage6 has insecure SSH configuration for node and server containers

Impact Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not exposed so there is no risk, but not all deployments are ideal. The default should therefore be less permissive. We will probably opt to...

6.5CVSS7.2AI score0.00466EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/07/03 8:19 p.m.39 views

CVE-2026-20896 Gitea Docker image trusts spoofable reverse-proxy headers by default

Gitea Docker image versions up to and including 1.26.2 use REVERSEPROXYTRUSTEDPROXIES= by default, allowing any source IP to impersonate a user when reverse-proxy authentication headers such as X-WEBAUTH-USER are enabled...

9.8CVSS0.00783EPSS
Exploits4References4
CVE
CVE
added 2026/07/03 8:19 p.m.161 views

CVE-2026-20896

CVE-2026-20896 affects Gitea Docker images up to and including 1.26.2. The root cause is the default setting REVERSE_PROXY_TRUSTED_PROXIES=*, which can let an attacker impersonate a user when reverse-proxy authentication headers (e.g., X-WEBAUTH-USER) are enabled. Several sources document this, i...

9.8CVSS7.1AI score0.00783EPSS
Exploits4References4
Cvelist
Cvelist
added 2026/06/26 7:26 p.m.23 views

CVE-2026-46386 OpenProject: Pre-authentication RCE in openproject/openproject Docker image via default `SECRET_KEY_BASE=OVERWRITE_ME` and `cookies_serializer = :marshal`

OpenProject is open-source, web-based project management software. Prior to , the official openproject/openproject Docker image ships ENV SECRETKEYBASE=OVERWRITEME as the default Rails master key. Combined with cookiesserializer = :marshal, this gives any logged-in user a deterministic...

9.9CVSS0.00272EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 7:26 p.m.23 views

CVE-2026-46386

OpenProject’s official docker image ships SECRET_KEY_BASE=OVERWRITE_ME and cookies_serializer = :marshal, creating a deterministic Marshal-deserialization path reachable via the /my/two_factor_devices cookie reader. This enables potential pre-authentication remote code execution, as noted in the ...

9.9CVSS5.8AI score0.00272EPSS
Exploits0References1
NVD
NVD
added 2026/06/11 7:16 p.m.12 views

CVE-2026-47172

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, the repository has a privileged deploy workflow that runs after the unprivileged build workflow completes. The build workflow runs on pull requests, and the deploy workflow checks ou...

9.5CVSS0.00324EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 7:16 p.m.10 views

CVE-2026-47174

In Duck Site before version 1.0.1, the repository has a deploy workflow that runs after the build workflow completes. The build workflow runs on pull requests, while the deploy workflow runs with package-write permissions and deployment secrets. If an attacker can make a pull request build satisf...

9.5CVSS0.00312EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/11 6:46 p.m.25 views

CVE-2026-47174 Duck Site: Untrusted pull request code can trigger privileged production deployment

In Duck Site before version 1.0.1, the repository has a deploy workflow that runs after the build workflow completes. The build workflow runs on pull requests, while the deploy workflow runs with package-write permissions and deployment secrets. If an attacker can make a pull request build satisf...

9.5CVSS0.00312EPSS
Exploits0References1
CVE
CVE
added 2026/06/11 6:46 p.m.19 views

CVE-2026-47174

Technical details such as affected components, versions, exploit paths, and fixes are not provided in the supplied documents; monitor for updates.

9.5CVSS5.3AI score0.00312EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/11 6:28 p.m.54 views

EUVD-2026-36300

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, the repository has a privileged deploy workflow that runs after the unprivileged build workflow completes. The build workflow runs on pull requests, and the deploy workflow checks ou...

9.5CVSS5.5AI score0.00324EPSS
Exploits0References2
CVE
CVE
added 2026/06/11 6:28 p.m.20 views

CVE-2026-47172

Quest Bot (open-source Discord bot) contains a privilege escalation in the deploy workflow prior to v1.0.3. The repository’s privileged deploy workflow runs after the unprivileged build, and when a PR from a main branch is opened, the deploy workflow can check out the PR head_sha, build it into a...

9.5CVSS5.5AI score0.00324EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 6:28 p.m.9 views

CVE-2026-47172 Quest Bot: Untrusted pull request code can be built and deployed by privileged `workflow_run` deployment.

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, the repository has a privileged deploy workflow that runs after the unprivileged build workflow completes. The build workflow runs on pull requests, and the deploy workflow checks ou...

9.5CVSS5.5AI score0.00324EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 p.m.12 views

CVE-2026-11859

An HTML injection vulnerability in the "fetch links" email sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Site Scripting XSS in emails clients that render HTML emails. This issue affects Canarytokens: from Docker tag sha-c0f3cf142 before sha-08c3f93d, from G...

5.1CVSS5.5AI score0.00258EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.18 views

PT-2026-48713

In Duck Site before version 1.0.1, the repository has a deploy workflow that runs after the build workflow completes. The build workflow runs on pull requests, while the deploy workflow runs with package-write permissions and deployment secrets. If an attacker can make a pull request build satisf...

9.5CVSS5.3AI score0.00312EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.15 views

PT-2026-48711

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, the repository has a privileged deploy workflow that runs after the unprivileged build workflow completes. The build workflow runs on pull requests, and the deploy workflow checks ou...

9.5CVSS5.5AI score0.00324EPSS
Exploits0References3
OSV
OSV
added 2026/06/10 1:39 p.m.10 views

GHSA-5G86-85RP-F9HX Papra HTTP redirect bypass can lead to SSRF via webhook delivery system

Summary Papra's webhook delivery system contains an SSRF protection bypass that allows any authenticated organisation member to cause the server to make HTTP requests to internal addresses — loopback, link-local, and RFC-1918 ranges. The SSRF protection validates the registered webhook URL but...

3.5CVSS5.6AI score0.00025EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/30 8:13 a.m.21 views

CVE-2026-48116

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the filesystem-search-files agent skill passes its LLM-controlled pattern parameter to ripgrep as a positional argument without a -- end-of-options separato...

8.8CVSS6AI score0.00366EPSS
Exploits1References1
CVE
CVE
added 2026/05/28 9:19 p.m.37 views

CVE-2026-48116

AnythingLLM CVE-2026-48116: Prior to 1.13.0, the filesystem-search-files agent passes a user-controlled pattern to ripgrep as a positional argument without a -- end-of-options separator. ripgrep interprets arguments starting with - as options, so a pattern like --pre=/bin/sh can execute /bin/sh f...

8.8CVSS6AI score0.00366EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

AnythingLLM 参数注入漏洞

AnythingLLM is an integrated AI application open source by Mintplex. Versions of AnythingLLM prior to 1.13.0 had a parameter injection vulnerability. This vulnerability stemmed from the filesystem-search-files proxy skill directly passing mode parameters controlled by the LLM as position paramete...

8.8CVSS6.1AI score0.00366EPSS
Exploits1References3
Rows per page
Query Builder