Lucene search
K

4813 matches found

CVE
CVE
added yesterday13 views

CVE-2026-56271

Flowise prior to 3.1.0 (versions

9.8CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added yesterday7 views

EUVD-2026-43228

Flowise before 3.1.0 affected versions 3.0.13 and earlier uses weak hardcoded default JWT secrets 'authtoken', 'refreshtoken' and default audience and issuer values 'AUDIENCE', 'ISSUER' in the enterprise passport authentication middleware packages/server/src/enterprise/middleware/passport/index.t...

9.8CVSS6.1AI score
Exploits0References2
CVE
CVE
added yesterday13 views

CVE-2026-56259

CVE-2026-56259 affects Crawl4AI prior to 0.8.8. A credential-exfiltration vulnerability exists in the Docker API server that lets an attacker redirect LLM API calls to attacker-controlled endpoints and read environment variables. By targeting unauthenticated endpoints /md, /llm, and /llm/job and ...

8.8CVSS6.2AI score
Exploits0References2
EUVD
EUVD
added yesterday6 views

EUVD-2026-43226

Crawl4AI before 0.8.8 contains credential exfiltration vulnerabilities in the Docker API server that allow attackers to redirect LLM API calls to attacker-controlled endpoints and read arbitrary environment variables. Attackers can exploit the unauthenticated /md, /llm, and /llm/job endpoints by...

8.8CVSS6.2AI score
Exploits0References2
Nuclei
Nuclei
added yesterday301 views

OwnCloud - Phpinfo Configuration

An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment phpinfo. This information...

10CVSS7.1AI score0.78428EPSS
Exploits5References6
Nuclei
Nuclei
added yesterday16 views

MagicMirror <= 2.35.0 - Server-Side Request Forgery

An unauthenticated Server-Side Request Forgery SSRF vulnerability in the /cors endpoint allows any remote attacker to force the MagicMirror² server to perform arbitrary HTTP requests to internal networks, cloud metadata services, and localhost services. The endpoint also expands environment...

9.2CVSS6.2AI score0.01623EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday132 views

Vendure - Arbitrary File Read

Vendure is an open-source headless commerce platform. Prior to versions 3.0.5 and 2.3.3, a vulnerability in Vendure's asset server plugin allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of arbitrary files, including sensitive data...

9.1CVSS7.1AI score0.59798EPSS
Exploits1References5
NVD
NVD
added 4 days ago6 views

CVE-2026-59148

Mockoon provides way to design and run mock APIs. Prior to 9.7.0, Mockoon's admin API in commons-server/src/libs/server/admin-api.ts is mounted on the same Express listener as user-defined mock routes, enabled by default in shipped runtimes, serves Access-Control-Allow-Origin: with write methods...

8.8CVSS0.00173EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42683

Mockoon provides way to design and run mock APIs. Prior to 9.7.0, Mockoon's admin API in commons-server/src/libs/server/admin-api.ts is mounted on the same Express listener as user-defined mock routes, enabled by default in shipped runtimes, serves Access-Control-Allow-Origin: with write methods...

8.8CVSS6AI score0.00173EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago6 views

Malicious code in nonenull1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 162cd9e0496d35e0500fe084f6011a3e6893182b0fa209502c5d6017ab1138ac The package declares gypfile: true with no native C/C++ sources, and its binding.gyp abuses GYP command-expansion syntax in the sources list — !node...

6.1AI score
Exploits0References9
RedHat Linux
RedHat Linux
added 4 days ago6 views

podman: Podman: Information disclosure via malicious container image environment variables

A flaw was found in Podman, a tool for managing OCI containers and pods. A malicious container image can be crafted with an environment variable that has a key but no value, or an asterisk , to trick Podman. This vulnerability causes Podman to pass host environment variables into the container...

7.5CVSS5.9AI score0.0026EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 4 days ago7 views

podman: Podman: Information disclosure via malicious container image environment variables

A flaw was found in Podman, a tool for managing OCI containers and pods. A malicious container image can be crafted with an environment variable that has a key but no value, or an asterisk , to trick Podman. This vulnerability causes Podman to pass host environment variables into the container...

7.5CVSS5.9AI score0.0026EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 4 days ago4 views

Podman 1.8.1 < 5.8.4 / 6.0.0 Host Environment Variable Leak (GHSA-4hq8-gpf5-8p68)

The version of Podman installed on the remote host is prior to 5.8.4 / 6.0.0. It is, therefore, affected by an information disclosure vulnerability. - Podman is a tool for managing OCI containers and pods. From 1.8.1 until 5.8.4, a container image that contains an environment variable with just a...

7.5CVSS6.2AI score0.0026EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-56906

Name of the Vulnerable Software and Affected Versions Mockoon versions prior to 9.7.0 Description The admin API in commons-server/src/libs/server/admin-api.ts is mounted on the same Express listener as user-defined mock routes and is enabled by default in shipped runtimes. The API lacks...

8.8CVSS6.2AI score0.00173EPSS
Exploits0References9
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago10 views

Malicious code in paysafe-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12ef2b75345902c9fe851d85e09c4b6680a3685669ab4dcd8b827ebaebb46626 Package metadata claims to be the 'Official Paysafe SDK for Python' by 'Paysafe Developer Team', but the shipped module is a stealer disguised as a...

6.1AI score
Exploits0References3
OSV
OSV
added 6 days ago6 views

MAL-2026-6929 Malicious code in paysafe-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ae864f77805fa7e1facccf45d1af67d37603c5a085f55d733d9d3eb8cf4d26c8 When using a provided class, the code exfiltrates basic data and parts of sensitive env variables to a remote host. --- Category: MALICIOUS - The campaign has...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago10 views

Malicious code in paysafe-payments (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e2b7f287703755dab866acf1047a148e321d06a84353238936eaba58b6e7fda Package impersonates the Paysafe payments SDK metadata claims 'Paysafe Developer Team', 'Paysafe Payments processing library' but its advertised...

6.1AI score
Exploits0References3
OSV
OSV
added 6 days ago6 views

MAL-2026-6928 Malicious code in paysafe-payments (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cc8e13806589e7fbb3dbe284624b88d6de8c030f32c04c20f8c76af059f33515 When using a provided class, the code exfiltrates basic data and parts of sensitive env variables to a remote host. --- Category: MALICIOUS - The campaign has...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago9 views

Malicious code in paysafe-kyc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c619e500f8070a5525694f42547c0b73e8189965f8816f1a124190f50bed6f5 The paysafe-kyc package impersonates a legitimate Paysafe KYC/payments SDK author string 'Paysafe Developer Team', base URL https://api.paysafe.com,...

6.1AI score
Exploits0References3
OSV
OSV
added 6 days ago6 views

MAL-2026-6927 Malicious code in paysafe-kyc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7089650efc5360b819e8831801bcedf6489945f5b563729e99f036461bd59092 When using a provided class, the code exfiltrates basic data and parts of sensitive env variables to a remote host. --- Category: MALICIOUS - The campaign has...

6.1AI score
Exploits0References2
Rows per page
Query Builder