Lucene search
+L

969 matches found

Vulnrichment
Vulnrichment
added 2026/04/30 12:0 a.m.4 views

CVE-2026-36765

An XML external entity XXE vulnerability in the /designer/loadReport endpoint of SpringBlade v4.8.0 allows authenticated attackers to execute arbitrary code via injecting a crafted payload...

6.2AI score0.00334EPSS
Exploits0References2
MongoDB
MongoDB
added 2026/04/29 4:47 p.m.10 views

MD5 checksum creation may cause availability loss

Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server. This issue affects all MongoDB Server v8.2 versions, all MongoDB Server v8.1 versions, MongoDB Server v8.0 versions prior to 8.0.21, MongoDB Server v7.0 versions prior...

7.5CVSS5.2AI score0.00255EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/04/27 7:16 p.m.11 views

CVE-2026-32655

Dell Alienware Command Center AWCC, versions prior to 6.13.8.0, contain a Least Privilege Violation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges...

7.8CVSS0.00104EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.14 views

WordPress plugin HM Books Gallery 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

5.3CVSS5.8AI score0.00323EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/22 6:31 p.m.4 views

EUVD-2018-21789

ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can connect to the database using default connector credentials, decrypt the DBA password, and execute commands v...

9.8CVSS6.7AI score0.00422EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/21 9:31 p.m.8 views

EUVD-2026-24295

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MyS...

4.9CVSS5.7AI score0.00323EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/21 8:35 p.m.4 views

CVE-2026-34293

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of th...

4.9CVSS5.7AI score0.00323EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/21 8:35 p.m.9 views

CVE-2026-34267

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks...

4.9CVSS5.7AI score0.00323EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.15 views

PT-2026-34128

Name of the Vulnerable Software and Affected Versions MySQL Server versions 8.0.0 through 8.0.45 MySQL Server versions 8.4.0 through 8.4.8 MySQL Server versions 9.0.0 through 9.6.0 Description An issue in the InnoDB component of MySQL Server allows a high privileged attacker with network access v...

6.5CVSS7.2AI score0.00323EPSS
Exploits0References126
RedHat Linux
RedHat Linux
added 2026/04/20 3:56 p.m.14 views

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: dotnet8.0: aspnetcore-runtime-8.0-8.0.26-1.hum1 aarch64, x8664 aspnetcore-runtime-dbg-8.0-8.0.26-1.hum1 aarch64, x8664 aspnetcore-targeting-pack-8.0-8.0.26-1.hum1 aarch64, x8664...

9.9CVSS7.3AI score0.65838EPSS
Exploits5References10
OSV
OSV
added 2026/04/17 10:9 a.m.9 views

RHSA-2026:8470 Red Hat Security Advisory: .NET 8.0 security update

Bulletin has no description...

7.5CVSS5.6AI score0.02279EPSS
Exploits0References19
RedhatCVE
RedhatCVE
added 2026/04/16 7:22 p.m.7 views

CVE-2026-39424

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, the chat export feature is vulnerable to Improper Neutralization of Formula Elements in a CSV File. When an administrator exports the application chat history to an Excel file .xlsx via the...

5.3CVSS5.8AI score0.00368EPSS
Exploits0References1
NVD
NVD
added 2026/04/14 4:16 p.m.6 views

CVE-2026-39811

A integer overflow or wraparound vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow attacker to denial of service via...

4.9CVSS0.00366EPSS
Exploits0References1
NVD
NVD
added 2026/04/14 2:16 a.m.22 views

CVE-2026-39419

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an authenticated user can bypass sandbox result validation and spoof tool execution results by exploiting Python frame introspection to read the wrapper's UUID from its bytecode constants, then writing a forged resu...

3.1CVSS0.00222EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/14 12:56 a.m.7 views

CVE-2026-39424 MaxKB has CSV Injection in its Application Chat Export Functionality

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, the chat export feature is vulnerable to Improper Neutralization of Formula Elements in a CSV File. When an administrator exports the application chat history to an Excel file .xlsx via the...

5.3CVSS5.8AI score0.00368EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/14 12:22 a.m.12 views

EUVD-2026-22182

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting XSS vulnerability through the application name or icon fields when creating an application. When a victim visits the public chat interface /ui/chat/accesstoken, the...

6.9CVSS6AI score0.00216EPSS
Exploits1References3
NVD
NVD
added 2026/04/14 12:16 a.m.7 views

CVE-2026-39417

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an incomplete fix for CVE-2025-53928, where a Remote Code Execution vulnerability still exists in the MCP node of the workflow engine. MaxKB only restricts the referencing code path loading MCP config from the...

5.5CVSS0.00243EPSS
Exploits0References3
CVE
CVE
added 2026/04/14 12:13 a.m.14 views

CVE-2026-39420

CVE-2026-39420 (MaxKB) affects MaxKB

7.4CVSS6.3AI score0.00485EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/04/14 12:8 a.m.22 views

CVE-2026-39418

CVE-2026-39418 MaxKB is affected in versions ≤ 2.7.1 where the sandbox’s network protection can be bypassed. An authenticated user with tool-editing permissions can reach internal services blocked by the sandbox by using socket.sendto() with the MSG_FASTOPEN flag. MaxKB’s sandbox relies on LD_PRE...

7.4CVSS5.7AI score0.00198EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/04/13 3:31 p.m.4 views

EUVD-2026-21972

An out-of-bounds read in the readglobalparam function libavcodec/av1dec.c of FFmpeg v8.0.1 allows attackers to cause a Denial of Service DoS via a crafted input...

7.5CVSS5.8AI score0.00337EPSS
Exploits1References3
Rows per page
Query Builder