Lucene search
K

22662 matches found

CVE
CVE
added 2026/06/17 7:42 p.m.36 views

CVE-2026-48814

Network-AI is a TypeScript/Node.js multi-agent orchestrator. In versions

9.1CVSS5.3AI score0.00297EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/17 6:35 p.m.9 views

EUVD-2026-37593

CP Client Arbitrary File Download in Client Portal Pro = 5.6.2 versions...

6.5CVSS5.2AI score0.00412EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.7 views

EUVD-2026-37676

Unauthenticated PHP Object Injection in Mildhill = 1.5 versions...

8.1CVSS5.3AI score0.00395EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/17 6:20 p.m.8 views

Improper Certificate Validation

Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Improper Certificate Validation in the ProxyAgent when configured with a SOCKS5 proxy URI, which causes the requestTls option to be silently dropped. An attacker can...

7.4CVSS6.4AI score0.00375EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 5:7 p.m.6 views

EUVD-2026-37767

In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that does not hold the "admin" or "power" Splunk roles could cause the Splunk AI Toolkit to make outbound requests over HTTP to a server that an attacker controls, which could allow for data exfiltration. The vulnerability exists...

4.3CVSS5.3AI score0.00217EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 4:46 p.m.6 views

CVE-2026-9697 undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent

Impact: undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI socks5:// or socks://. The target HTTPS connection through the SOCKS5 tunnel falls back to Node's default trust store, ignoring user-configured ca, cert, key, rejectUnauthorized, and servernam...

7.4CVSS6.4AI score0.00375EPSS
Exploits0References2
CVE
CVE
added 2026/06/17 4:46 p.m.55 views

CVE-2026-9697

undici’s ProxyAgent drops the requestTls option when used with a SOCKS5 proxy (socks5:// or socks://), causing the HTTPS connection to rely on Node’s default trust store and ignore user-provided ca, cert, key, rejectUnauthorized, and servername. This allows any cert signed by a publicly trusted C...

7.4CVSS5.4AI score0.00375EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2026/06/17 4:46 p.m.36 views

CVE-2026-9697 undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent

Impact: undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI socks5:// or socks://. The target HTTPS connection through the SOCKS5 tunnel falls back to Node's default trust store, ignoring user-configured ca, cert, key, rejectUnauthorized, and servernam...

7.4CVSS0.00375EPSS
Exploits0References2
CVE
CVE
added 2026/06/17 4:36 p.m.37 views

CVE-2026-6734

Summary of CVE-2026-6734 : A vulnerability in undici’s Socks5ProxyAgent causes cross-origin request routing by reusing a single connection pool across multiple origins without verifying the pool origin. As a result, requests for origin B can be dispatched through the pool for origin A; credential...

8.8CVSS5.3AI score0.00277EPSS
Exploits0References8Affected Software1
Patchstack
Patchstack
added 2026/06/17 2:23 p.m.8 views

WordPress Gutenverse Companion plugin <= 2.5.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by mxym in WordPress Plugin Gutenverse Companion versions = 2.5.0...

7.5CVSS5.8AI score0.00238EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/17 2:17 p.m.7 views

CVE-2025-69170

Unauthenticated Local File Inclusion in Eventicity = 1.5 versions...

8.1CVSS0.00348EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/17 2:7 p.m.6 views

WordPress Five Star Restaurant Reservations plugin <= 2.7.19 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Vincent Sevkli in WordPress Plugin Five Star Restaurant Reservations versions = 2.7.19...

7.5CVSS5.8AI score0.00238EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/06/17 1:40 p.m.20 views

EUVD-2026-37708

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cargo RD Cargo Shipping Location for WooCommerce allows Blind SQL Injection. This issue affects Cargo Shipping Location for WooCommerce: from n/a through 5.6...

9.3CVSS5.6AI score0.00236EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.7 views

CVE-2026-49071

Unauthenticated Broken Authentication in WooCommerce Dropshipping = 5.2.4 versions...

6.5CVSS0.00305EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.8 views

CVE-2026-27410

Unauthenticated Deserialization of untrusted data in Slimstat Analytics 5.4.0 versions...

6.5CVSS0.00252EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.8 views

CVE-2026-25439

Unauthenticated Broken Authentication in Booknetic = 4.8.5 versions...

8.1CVSS0.00322EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.8 views

CVE-2026-22339

Unauthenticated Cross Site Scripting XSS in WPJobster = 6.3.5 versions...

7.1CVSS0.0023EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:19 p.m.6 views

CVE-2025-69162

Unauthenticated Local File Inclusion in Grecko = 5.17 versions...

8.1CVSS0.00435EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 1:16 p.m.10 views

EUVD-2026-37703

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Webilia Inc. Listdom allows Blind SQL Injection. This issue affects Listdom: from n/a through 5.4.0...

9.3CVSS5.6AI score0.00236EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.9 views

EUVD-2026-37690

Unauthenticated PHP Object Injection in SingleMalt = 1.5 versions...

8.1CVSS5.3AI score0.00395EPSS
Exploits0References1
Rows per page
Query Builder