Lucene search
K

30 matches found

Cvelist
Cvelist
added 2 days ago26 views

CVE-2026-56260 Crawl4AI - Arbitrary File Write via output_path Parameter

Crawl4AI before 0.8.7 contains an arbitrary file write vulnerability in the Docker API server's /screenshot and /pdf endpoints. The outputpath parameter accepts arbitrary filesystem paths without validation, allowing an attacker to supply absolute or path-traversal values to write to any location...

9.1CVSS0.00421EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/26 8:57 p.m.49 views

CVE-2026-45807 Kestra: Path traversal via URL-encoded "%2E%2E" in execution and namespace file endpoints allows arbitrary file read

Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.43 and 1.3.19, several Kestra API endpoints accept a kestra:// URI from the client and pass it through StorageInterface.parentTraversalGuard before reading the underlying file from the local storage backend. The guard onl...

7.7CVSS0.00386EPSS
Exploits1References1
NVD
NVD
added 2026/06/24 7:17 p.m.10 views

CVE-2026-53947

Ghost is a Node.js content management system. From 5.18.0 until 6.21.1, a discrepancy in responses from the members signin endpoints made it possible for an unauthenticated attacker to determine whether a given email address belongs to a registered member of a Ghost site. This vulnerability is...

5.3CVSS0.00206EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.18 views

PT-2026-48964

Name of the Vulnerable Software and Affected Versions Actual versions prior to 26.5.0 Description Several endpoints in this open-source personal finance application are affected by path traversal, a condition where an attacker can access files and directories that are stored outside the web root...

5.3CVSS5.3AI score0.00303EPSS
Exploits0References4
NVD
NVD
added 2026/05/13 10:16 p.m.34 views

CVE-2026-44447

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.0, some endpoints were vulnerable to SQL injection through specially crafted requests, which would allow a malicious actor to extract sensitive information. This vulnerability is fixed in 16.9.0...

8.8CVSS0.00307EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 10:16 p.m.16 views

CVE-2026-44446

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.14.0, some endpoints were vulnerable to SQL injection through specially crafted requests, which would allow a malicious actor to extract sensitive information. This vulnerability is fixed in 15.104.3 and...

8.8CVSS0.00266EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/13 9:19 p.m.18 views

EUVD-2026-30198

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.0, some endpoints were vulnerable to SQL injection through specially crafted requests, which would allow a malicious actor to extract sensitive information. This vulnerability is fixed in 16.9.0...

8.8CVSS5.9AI score0.00307EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/24 8:40 p.m.39 views

CVE-2026-41473 CyberPanel < 2.4.4 Unauthenticated API Access via AI Scanner Endpoints

CyberPanel versions prior to 2.4.4 contain an authentication bypass vulnerability in the AI Scanner worker API endpoints that allows unauthenticated remote attackers to write arbitrary data to the database by sending requests to the /api/ai-scanner/status-webhook and /api/ai-scanner/callback...

8.8CVSS0.00773EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.10 views

Red Hat build of Keycloak 访问控制错误漏洞

Red Hat Build of Keycloak is a single-sign-on web application developed by the American company Red Hat. There is an access control vulnerability in Red Hat Build of Keycloak. This vulnerability stems from improper access control at the endpoints of User-Managed Access resources, which may allow...

4.3CVSS5.8AI score0.00203EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.8 views

Mobiliti 代码问题漏洞

Mobiliti is an electric vehicle charging station system developed by the Hungarian company Mobiliti. Mobiliti has a code vulnerability that arises from using charging station identifiers to associate sessions, but allowing multiple endpoints to use the same session identifier for connection. This...

8.6CVSS5.8AI score0.00295EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/02/24 12:24 a.m.5 views

SUSE CVE-2026-27111

Kargo manages and automates the promotion of software artifacts. From v1.9.0 to v1.9.2, Kargo's authorization model includes a promote verb -- a non-standard Kubernetes "dolphin verb" -- that gates the ability to advance Freight through a promotion pipeline. This verb exists to separate the abili...

5.3CVSS5.8AI score0.00175EPSS
Exploits0References4
CVE
CVE
added 2026/02/20 12:56 a.m.16 views

CVE-2026-26977

Frappe Learning Management System (LMS)

6.9CVSS5.5AI score0.00289EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/01/15 12:0 a.m.6 views

SICK TDC-X401GL has security vulnerabilities

The SICK TDC-X401GL is a edge computing gateway developed by the German company SICK. The SICK AG TDC-X401GL has a security vulnerability, which stems from improper handling of inputs at system endpoints, potentially leading to denial-of-service attacks...

7.5CVSS5.8AI score0.00509EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/11/11 3:30 a.m.10 views

CVE-2025-11894 Shelf Planner <= 2.8.1 - Missing Authorization to Unauthenticated Settings Update

The Shelf Planner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several REST API endpoints in all versions up to, and including, 2.8.1. This makes it possible for unauthenticated attackers to modify several of the plugin's settings li...

5.3CVSS0.00269EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/08 12:0 a.m.9 views

OpnForm 安全漏洞

OpnForm is a form builder by Julien Nahum Personal Developer. A security vulnerability exists in OpnForm 1.9.3 and earlier versions, which stems from a lack of authorization checking in the API endpoints and could lead to unauthorized access...

6.5CVSS6.4AI score0.00295EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2018-11902

Malware in sbrugna...

8.8CVSS8.8AI score0.02673EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-54881

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.19045EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-25449

Malicious code in bioql PyPI...

8.2CVSS6.4AI score0.00143EPSS
Exploits1References3
OSV
OSV
added 2025/08/21 2:27 p.m.4 views

GHSA-287X-6R2H-F9MW UnoPim vulnerable to CSRF on Product edit feature and creation of other types

Summary Some of the endpoints of the application is vulnerable to Cross site Request forgery CSRF. | Method | Endpoint | Status | Reason | |:------:|:------:|:------:|:------:| | POST | /admin/catalog/products/create | Not Vulnerable :whitecheckmark: | X-XSRF-TOKEN header used | | GET |...

8.2CVSS6.6AI score0.00143EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/04/23 12:0 a.m.8 views

Meon KYC 安全漏洞

Meon KYC is a solution from Meon India. A security vulnerability exists in Meon KYC that stems from insufficient server-side validation of CAPTCHA by certain API endpoints, which could lead to bypassing the CAPTCHA validation mechanism...

8.2CVSS6.6AI score0.00342EPSS
Exploits0References1
Rows per page
Query Builder