Lucene search
K

1409 matches found

Nuclei
Nuclei
added yesterday67 views

Mlflow < 2.11.0 - Path Traversal

A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '' character can be used to insert a path into the fragment, effectively...

7.5CVSS7AI score0.43284EPSS
Exploits1References2
NVD
NVD
added 5 days ago5 views

CVE-2026-55615

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.5, Neo4jChatAgent passes LLM-generated Cypher queries straight to the Neo4j driver with no validation, no statement-type allowlist, and no opt-out gate. The query text is influenceable by prompt...

9.2CVSS0.00461EPSS
Exploits0References2
CVE
CVE
added 6 days ago11 views

CVE-2026-0275

Prisma Browser on macOS is affected by a Local Privilege Escalation vulnerability. An administratively authenticated user with access to the macOS local filesystem can perform actions with root privileges, impacting the device’s security. The CVSS metrics indicate LOCAL attack vector, HIGH privil...

6.7CVSS6AI score0.0011EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 6 days ago36 views

CVE-2026-0275 Prisma Browser: Local Privilege Escalation on macOS

A local privilege escalation vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated administrator with access to the macOS local filesystem to perform actions on the device with root privileges. This issue only affects Prisma® Browser on macOS...

5.4CVSS0.0011EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-56917

Name of the Vulnerable Software and Affected Versions Prisma Browser affected versions not specified Description A local privilege escalation issue in Prisma Browser on macOS allows a locally authenticated administrator who has access to the local filesystem to execute actions on the device with...

5.4CVSS6.2AI score0.0011EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/06 3:25 p.m.8 views

CVE-2026-5268

An authentication bypass vulnerability exists in the default SFTP server component utilized across the Ciena products listed. This vulnerability allows a remote, unauthenticated attacker to bypass security controls and gain unauthorized access to the underlying filesystem. Successful exploitation...

9.1CVSS6AI score0.0042EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/06 3:25 p.m.37 views

CVE-2026-5268 SFTP Server Authentication Weakness

An authentication bypass vulnerability exists in the default SFTP server component utilized across the Ciena products listed. This vulnerability allows a remote, unauthenticated attacker to bypass security controls and gain unauthorized access to the underlying filesystem. Successful exploitation...

0.0042EPSS
Exploits0References1
CVE
CVE
added 2026/07/06 3:25 p.m.16 views

CVE-2026-5268

Technical details about CVE-2026-5268 are not publicly provided in the supplied documents. No affected products, versions, root cause, or remediation are enumerated here. Monitor for updates and additional technical disclosures.

9.1CVSS6AI score0.0042EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/07/06 3:25 p.m.8 views

CVE-2026-5268 SFTP Server Authentication Weakness

An authentication bypass vulnerability exists in the default SFTP server component utilized across the Ciena products listed. This vulnerability allows a remote, unauthenticated attacker to bypass security controls and gain unauthorized access to the underlying filesystem. Successful exploitation...

6AI score0.0042EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.10 views

PT-2026-55943

Name of the Vulnerable Software and Affected Versions Ciena products affected versions not specified Description An authentication bypass exists in the default SFTP server component. This allows a remote, unauthenticated attacker to circumvent security controls and gain unauthorized access to the...

9.1CVSS6.1AI score0.0042EPSS
Exploits0References6
NVD
NVD
added 2026/06/30 5:16 p.m.11 views

CVE-2026-58168

DeepTutor before version 1.4.10 contains an authorization bypass vulnerability that allows low-privilege users to invoke unrestricted MCP tools due to the allowedmcptools function returning None instead of a denied result when mcptools is omitted from a user's grant in...

8.8CVSS0.00412EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/30 3:52 p.m.7 views

EUVD-2026-40375

DeepTutor before version 1.4.10 contains an authorization bypass vulnerability that allows low-privilege users to invoke unrestricted MCP tools due to the allowedmcptools function returning None instead of a denied result when mcptools is omitted from a user's grant in...

8.8CVSS5.8AI score0.00412EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/30 3:52 p.m.33 views

CVE-2026-58168 DeepTutor < 1.4.10 - Insecure Default Grants Unrestricted MCP Tool Access to Non-Admin Users

DeepTutor before version 1.4.10 contains an authorization bypass vulnerability that allows low-privilege users to invoke unrestricted MCP tools due to the allowedmcptools function returning None instead of a denied result when mcptools is omitted from a user's grant in...

8.8CVSS0.00412EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/26 8:57 p.m.49 views

CVE-2026-45807 Kestra: Path traversal via URL-encoded "%2E%2E" in execution and namespace file endpoints allows arbitrary file read

Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.43 and 1.3.19, several Kestra API endpoints accept a kestra:// URI from the client and pass it through StorageInterface.parentTraversalGuard before reading the underlying file from the local storage backend. The guard onl...

7.7CVSS0.00386EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.15 views

PT-2026-51297

Name of the Vulnerable Software and Affected Versions GitHub Copilot version 1.372.0 Description An issue exists where the software allows filesystem access outside of a workspace folder without user approval. This occurs via a file-handler URI parameter used in the fetch webpage function. This...

7.5CVSS5.8AI score0.00853EPSS
Exploits1References6
EUVD
EUVD
added 2026/06/22 12:0 a.m.9 views

EUVD-2025-210298

GitHub Copilot 1.372.0 allows filesystem access outside of a workspace folder without user approval via a file-handler URI parameter to fetchwebpage. Therefore, exfiltration could occur if there is indirect prompt injection...

7.5CVSS5.9AI score0.00853EPSS
Exploits1References3
CVE
CVE
added 2026/06/22 12:0 a.m.31 views

CVE-2025-66389

GitHub Copilot 1.372.0 is affected. The flaw allows filesystem access outside the workspace folder via a file-handler URI parameter to fetch_webpage, without user approval. This could enable exfiltration if an indirect prompt injection occurs. The CVSS 3.1 base score is 7.5 (HIGH) with network at...

7.5CVSS5.9AI score0.00853EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.24 views

PT-2026-51102

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.9.2 Description An issue exists in components based on BaseFileComponent, including Docling DoclingInlineComponent, Docling Serve DoclingRemoteComponent, Read File FileComponent, NVIDIA Retriever Extraction...

9.6CVSS6.7AI score0.00411EPSS
Exploits1References13
NVD
NVD
added 2026/06/17 5:16 p.m.13 views

CVE-2026-32652

Dell AIOps Collector versions prior to 1.18.3 contain a "Use of Default Credentials" vulnerability. A low privileged attacker with console access could potentially exploit this vulnerability to gain Filesystem access. This vulnerability only affects fresh installations of Collector versions earli...

7.8CVSS0.00098EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 3:29 p.m.24 views

CVE-2026-32652

Dell AIOps Collector pre-1.18.3 is vulnerable to a Use of Default Credentials flaw. A low-privilege attacker with console access could gain filesystem access on fresh installations not upgraded to 1.18.3+. Upgraded installations (1.18.3+) are not affected. Remediate by upgrading to 1.18.3 or later.

7.8CVSS5.5AI score0.00098EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder