Lucene search
K

3260 matches found

Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.13 views

PT-2026-45499

A vulnerability was determined in ishayoyo excel-mcp up to 1.0.2. Impacted is an unknown function of the file src/index.ts of the component read file/write file. Executing a manipulation of the argument filePath/outputPath can lead to path traversal. It is possible to launch the attack remotely...

6.5CVSS5.5AI score0.00288EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.17 views

PT-2026-45248

A vulnerability was detected in unitedbyai droidclaw up to 0.5.3. The affected element is an unknown function of the file server/src/routes/pairing.ts of the component claim Endpoint. The manipulation results in improper restriction of excessive authentication attempts. The attack may be launched...

6.3CVSS5.2AI score0.00406EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/31 1:30 p.m.10 views

CVE-2026-10184

A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. This impacts an unknown function of the file /classes/Users.php?f=delete. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been...

7.5CVSS6.9AI score0.00269EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/05/31 5:15 a.m.15 views

EUVD-2026-33490

A flaw has been found in code-projects Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /vms/php/phone0.php. This manipulation of the argument phone causes sql injection. The attack may be initiated remotely. The exploit has been published and may be...

6.5CVSS6.5AI score0.00244EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/29 4:51 p.m.12 views

EUVD-2026-33366

xiaomusic v0.5.7 contains an unauthenticated path traversal vulnerability in the GET /music/filepath:path endpoint that allows unauthenticated attackers to read arbitrary files outside the intended music directory by exploiting an incomplete path prefix check. Attackers can request files from...

8.7CVSS5.9AI score0.00513EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/29 1:5 p.m.13 views

EUVD-2026-33306

WWBN AVideo is an open source video platform. In 29.0 and earlier, view/update.php reads $POST'updateFile' as a relative path under updatedb/ and passes it to PHP's file for line-by-line execution as part of a database migration. An authenticated administrator can abuse this to read arbitrary tex...

6.9CVSS6AI score0.00469EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.15 views

PT-2026-44973

Name of the Vulnerable Software and Affected Versions StrongDM Desktop Application versions prior to 23.74.0 StrongDM Desktop Client versions prior to 53.77.0 Description On Microsoft Windows, the software stores authentication state in cleartext within a per-user state file located at...

2CVSS5.8AI score0.00132EPSS
Exploits0References15
Snyk
Snyk
added 2026/05/28 6:25 p.m.12 views

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the logging of the entire unmarshaled configuration map at INFO level to /var/log/calico/cni/cni.log during each CNI ADD and DEL invocation. An attacker can obtain sensitive...

7.7CVSS5.8AI score0.00323EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/28 6:25 p.m.11 views

Insertion of Sensitive Information into Log File

Overview github.com/projectcalico/calico/cni-plugin/pkg/install is a cloud-native networking and network security package Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the logging of the entire unmarshaled configuration map at INFO level ...

7.7CVSS5.8AI score0.00323EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/28 5:41 p.m.19 views

Important: Red Hat Security Advisory: flatpak security update

An update for flatpak is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

10CVSS7.6AI score0.0168EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/28 3:47 p.m.7 views

CVE-2026-41185

When Calico is configured with the Azure IPAM plugin, the Calico CNI binary mutates the incoming CNI configuration to attach subnet information before delegating to the IPAM plugin. After mutating, the Azure IPAM helper logs the entire unmarshaled configuration map stdinData at INFO level to...

6CVSS5.8AI score0.00323EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/05/28 8:16 a.m.17 views

CVE-2026-6455

The WP Contact Form 7 DB Handler plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Arbitrary File Deletion via SQL Injection and PHP Object Injection in versions up to and including 3.0. This is due to a missing nonce verification in the processbulkaction function, the...

8.1CVSS0.00248EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

rustfs 安全漏洞

RustFS is a high-performance object storage system developed by RustFS. Versions of RustFS prior to 1.0.0-beta.2 contained security vulnerabilities. These vulnerabilities stemmed from the fact that the management router did not perform authentication on performance analysis endpoints, which could...

8.8CVSS5.8AI score0.0031EPSS
Exploits0References1
OSV
OSV
added 2026/05/28 12:0 a.m.12 views

ALSA-2026:21757 Important: flatpak security update

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options CVE-2026-34078 flatpak: Flatpak: Arbitrary file deletion on host via improper cache file...

10CVSS7.7AI score0.0168EPSS
Exploits0References6
OSV
OSV
added 2026/05/28 12:0 a.m.9 views

MAL-2026-4921 Malicious code in @cloudplatform-single-spa/evolution (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

5.8AI score
Exploits0References1
Snyk
Snyk
added 2026/05/27 7:32 p.m.7 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the custom-payload-file field in REST API server mode. An attacker can read and exfiltrate arbitrary files accessible to the process by supplying a path to a file, which is then read line-by-lin...

8.7CVSS5.9AI score0.00251EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/27 7:32 p.m.8 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the custom-payload-file field in REST API server mode. An attacker can read and exfiltrate arbitrary files accessible to the process by supplying a path to a file, which is then read line-by-lin...

8.7CVSS5.9AI score0.00251EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/27 7:32 p.m.7 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the output option in server mode. An attacker can create or append to arbitrary files on the host filesystem by sending crafted requests to the REST API, as the file path is taken directly from...

8.8CVSS5.9AI score0.00243EPSS
Exploits0References2
NVD
NVD
added 2026/05/27 3:16 p.m.14 views

CVE-2026-48920

Jenkins Email Extension Plugin 1933.v45cec755423f and earlier allows inlining images as base64 in email content by setting the data-inline attribute, without restrictions on the image URLs that can be inlined, allowing attackers able to control the email content to specify file: URLs for images t...

8.8CVSS0.00299EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/05/27 12:17 p.m.8 views

CVE-2026-45922

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix memory leak in GETDATADIRECTSYSFSPATH handler The UVERBSHANDLERMLX5IBMETHODGETDATADIRECTSYSFSPATH function allocates memory for the device path using kobjectgetpath. If the length of the device path exceeds the...

5.5CVSS5.9AI score0.00155EPSS
Exploits0
Rows per page
Query Builder