Lucene search
K

15357 matches found

CVE
CVE
added 8 hours ago25 views

CVE-2026-45805

Penpot MCP ReplServer exposes an unauthenticated /execute endpoint and binds to 0.0.0.0 (all interfaces), enabling remote JavaScript execution on the server. The issue is implemented in mcp/packages/server/src/ReplServer.ts by listening without a host (default 0.0.0.0) and posting code to PluginB...

8.8CVSS6.2AI score0.00045EPSS
Exploits0References4
NVD
NVD
added 11 hours ago3 views

CVE-2026-56352

n8n before 2.19.3 contains a file path restriction bypass in the legacy ExecuteWorkflow node's localFile source option, which reads workflow files from disk without the file-access checks enforced by other file-reading nodes. Although hidden from the UI since v1.2, it remains reachable via the RE...

6.4CVSS
Exploits0References2
Cvelist
Cvelist
added 11 hours ago5 views

CVE-2026-56352 n8n - Arbitrary File Read and Execution via ExecuteWorkflow localFile Parameter

n8n before 2.19.3 contains a file path restriction bypass in the legacy ExecuteWorkflow node's localFile source option, which reads workflow files from disk without the file-access checks enforced by other file-reading nodes. Although hidden from the UI since v1.2, it remains reachable via the RE...

6.4CVSS
Exploits0References2
Nuclei
Nuclei
added 18 hours ago89 views

VvvebJs < 1.7.5 - Arbitrary File Upload

Arbitrary File Upload vulnerability in VvvebJs before version 1.7.5, allows unauthenticated remote attackers to execute arbitrary code and obtain sensitive information via the sanitizeFileName parameter in save.php. id: CVE-2024-29272 info: name: VvvebJs 1.7.5 - Arbitrary File Upload author: s4e-...

6.5CVSS6.3AI score0.09366EPSS
Exploits2References4
Nuclei
Nuclei
added 18 hours ago18 views

Jan v0.4.12 - Arbitrary File Upload

An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file. id: CVE-2024-36858 info: name: Jan v0.4.12 - Arbitrary File Upload author: pussycat0x severity: critical description: | An arbitrar...

9.8CVSS6.3AI score0.0306EPSS
Exploits1References1
Nuclei
Nuclei
added 18 hours ago103 views

mooSocial v.3.1.8 - Cross-Site Scripting

Cross-Site Scripting XSS vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the mode parameter of the invite friend login function. id: CVE-2023-44813 info: name: mooSocial v.3.1.8 - Cross-Site Scripting author: ritikchaddha severity:...

6.1CVSS6.7AI score0.01754EPSS
Exploits1References3
NVD
NVD
added yesterday6 views

CVE-2026-15751

A security vulnerability has been detected in mastergo-design mastergo-magic-mcp up to 0.2.0. The affected element is the function execute of the file mastergo/component-workflow.md of the component mcpgetComponentGenerator. The manipulation of the argument rootPath leads to path traversal. An...

5.3CVSS
Exploits0References6
Cvelist
Cvelist
added yesterday29 views

CVE-2026-15751 mastergo-design mastergo-magic-mcp mcp__getComponentGenerator component-workflow.md execute path traversal

A security vulnerability has been detected in mastergo-design mastergo-magic-mcp up to 0.2.0. The affected element is the function execute of the file mastergo/component-workflow.md of the component mcpgetComponentGenerator. The manipulation of the argument rootPath leads to path traversal. An...

5.3CVSS
Exploits0References6
NVD
NVD
added yesterday6 views

CVE-2026-53633

Vitest is a testing framework powered by Vite. From 3.0.0 until 3.2.5, 4.1.8, and 5.0.0-beta.4, Vitest Browser Mode exposed a cdp API that forwarded raw Chrome DevTools Protocol methods without being gated by allowWrite or allowExec, allowing a remote client with exposed browser API metadata to u...

9.8CVSS0.00089EPSS
Exploits0References10
NVD
NVD
added yesterday4 views

CVE-2026-48371

Adobe Commerce is affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerabl...

5.4CVSS
Exploits0References1
CVE
CVE
added yesterday24 views

CVE-2026-54999

The CVE-2026-54999 entry concerns a race condition in Windows TCP/IP where concurrent access to a shared resource allows an unauthorized attacker on an adjacent network to execute code. Documented impact is remote code execution with high severity (CVSSv3.1: AV=A, AC=L, PR=N, UI=N, S=U, C=H, I=H,...

8.8CVSS6.3AI score
Exploits0References1
Microsoft CVE
Microsoft CVE
added yesterday4 views

Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability

Numeric truncation error in Windows Resilient File System ReFS allows an authorized attacker to execute code locally...

7.8CVSS6.2AI score
Exploits0
NVD
NVD
added yesterday8 views

CVE-2026-15668

A vulnerability has been found in louisho5 picobot up to 0.2.0. This vulnerability affects the function WebTool.Execute of the file internal/agent/tools/web.go of the component web Tool. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotel...

6.5CVSS0.00228EPSS
Exploits0References6
CVE
CVE
added yesterday9 views

CVE-2026-15669

Technical details (affected products, vulnerable components, exploit vectors) are not publicly available in the provided documents. Monitor for updates.

5.3CVSS5.8AI score0.00622EPSS
Exploits0References8
Cvelist
Cvelist
added yesterday26 views

CVE-2026-15669 louisho5 picobot exec Tool exec.go ExecTool.Execute os command injection

A vulnerability was found in louisho5 picobot up to 0.2.0. This issue affects the function ExecTool.Execute of the file internal/agent/tools/exec.go of the component exec Tool. The manipulation results in os command injection. The attack requires a local approach. The exploit has been made public...

5.3CVSS0.00622EPSS
Exploits0References8
CVE
CVE
added yesterday13 views

CVE-2026-15668

The CVE affects louisho5 picobot up to version 0.2.0, specifically the web Tool component. The vulnerability resides in WebTool.Execute (internal/agent/tools/web.go) where manipulation of the url argument enables server-side request forgery (SSRF). It is a network-vector, with low privileges requ...

6.5CVSS6.2AI score0.00228EPSS
Exploits0References6
Cvelist
Cvelist
added yesterday30 views

CVE-2026-15668 louisho5 picobot web Tool web.go WebTool.Execute server-side request forgery

A vulnerability has been found in louisho5 picobot up to 0.2.0. This vulnerability affects the function WebTool.Execute of the file internal/agent/tools/web.go of the component web Tool. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotel...

6.5CVSS0.00228EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-58165

Name of the Vulnerable Software and Affected Versions Windows Resilient File System ReFS affected versions not specified Description A heap-based buffer overflow exists in the Windows Resilient File System ReFS. This issue allows an authenticated attacker with local access to execute arbitrary co...

7.8CVSS6.5AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday8 views

PT-2026-58850

Name of the Vulnerable Software and Affected Versions mastergo-design mastergo-magic-mcp versions prior to 0.2.1 Description Path traversal occurs in the execute function within the mastergo/component-workflow.md file of the mcp getComponentGenerator component. This issue arises from the improper...

5.3CVSS6.2AI score
Exploits0References8
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-58187

Name of the Vulnerable Software and Affected Versions Windows Storage Spaces Direct affected versions not specified Description An integer overflow or wraparound issue exists in Windows Storage Spaces Direct. This flaw allows an unauthorized attacker with physical access to the system to execute...

6.8CVSS6.3AI score
Exploits0References3
Rows per page
Query Builder