Lucene search
K

1431 matches found

NVD
NVD
added 2026/06/04 7:16 p.m.17 views

CVE-2026-41235

Froxlor is open source server administration software. Version 2.3.6 lets administrators configure system.availableshells as the approved shell list that customers may assign to FTP users. However, the server-side FTP account handlers do not enforce that whitelist when processing add or edit...

9.4CVSS0.00227EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/02 2:0 a.m.45 views

CVE-2026-10567 1Panel-dev CordysCRM ModuleFormController ModuleFormService.java save cross site scripting

A security vulnerability has been detected in 1Panel-dev CordysCRM up to 1.4.1. This impacts the function Save of the file src/main/java/cn/cordys/crm/system/service/ModuleFormService.java of the component ModuleFormController. The manipulation of the argument Description leads to cross site...

5.1CVSS0.00237EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/06/01 10:3 p.m.14 views

CVE-2026-45311

CodeWhale is a DeepSeek + MiMo coding agent in terminal. From 0.3.0 to 0.8.23, the runtests tool executes cargo test in the workspace with ApprovalRequirement::Auto, meaning it runs without any user approval prompt. cargo test compiles and executes arbitrary code: test binaries, build.rs build...

9.6CVSS6.2AI score0.00375EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/01 3:15 p.m.33 views

CVE-2026-10269 decolua 9router HTTP Header dashboardGuard.js isAuthenticated improper authorization

A security vulnerability has been detected in decolua 9router up to 0.4.0. This issue affects the function isAuthenticated of the file src/dashboardGuard.js of the component HTTP Header Handler. The manipulation of the argument Host leads to improper authorization. The attack is possible to be...

6.5CVSS0.00276EPSS
Exploits0References8
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/31 4:49 p.m.18 views

Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by a vulnerability in brace-expansion (CVE-2026-33750)

Summary A vulnerability in the brace-expansion string and pattern utility library CVE-2026-33750 used by IBM InfoSphere Optim Archive Viewer has been addressed by upgrading the component to version 5.0.5. Vulnerability Details CVEID:CVE-2026-33750 DESCRIPTION: The brace-expansion library generate...

7.5CVSS5.8AI score0.0043EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/31 4:46 p.m.18 views

Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by a vulnerability in uuid (CVE-2026-41907)

Summary A vulnerability in the uuid generation utility library CVE-2026-41907 used by IBM InfoSphere Optim Archive Viewer has been addressed by upgrading the component to version 9.0.1. Vulnerability Details CVEID:CVE-2026-41907 DESCRIPTION: uuid is for the creation of RFC9562 formerly RFC4122...

9.3CVSS5.7AI score0.00337EPSS
Exploits1Affected Software1
OSV
OSV
added 2026/05/28 4:10 p.m.9 views

CVE-2026-44465 Zed: Zed IDE Arbitrary Code Execution via untrusted repository with poisoned .git/config

Zed is a code editor. Prior to 0.227.1, Zed IDE executes arbitrary commands when opening a folder with a malicious .git/config file that abuses the core.fsmonitor Git configuration option. This allows an attacker to achieve Remote Code Execution RCE when a victim open a folder in untrusted mode...

8.6CVSS6.3AI score0.00297EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/05/28 3:18 p.m.12 views

CVE-2026-47760

TinyMCE is an open source rich text editor. From 6.8.0 to before 7.1.0, TinyMCE contains an XSS vulnerability caused by improper SVG namespace scope handling in the sanitizer. A crafted payload using nested elements can bypass attribute sanitization and execute arbitrary JavaScript. This...

8.7CVSS6AI score0.00191EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/28 3:10 p.m.120 views

CVE-2026-48523

PyJWT vulnerability affecting versions 2.9.0–2.12.1 where verifier-side algorithm allow-list bypass occurs when decoding with a PyJWK/PyJWKClient key. The token header’s alg is checked against the caller-supplied allow-list, but the signature is verified using the algorithm bound to the PyJWK obj...

5.4CVSS5.8AI score0.00127EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/28 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-44983

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smallbitvec is a growable bit-vector for Rust, optimized for size. From 1.0.1 to 2.6.0, an integer overflow in the internal capacity calculation of smallbitvec...

7.3CVSS6.1AI score0.00151EPSS
Exploits0References3
NVD
NVD
added 2026/05/27 6:16 p.m.24 views

CVE-2026-48146

Budibase is an open-source low-code platform. Prior to 3.39.0, the OAuth2 token fetch function in packages/server/src/sdk/workspace/oauth2/utils.ts uses raw fetchconfig.url with no SSRF protection. The safe wrapper fetchWithBlacklist exists in the same codebase and is used in every other outbound...

7.7CVSS0.00217EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 6:16 p.m.23 views

CVE-2026-45718

Budibase is an open-source low-code platform. Prior to 3.38.1, the row action trigger endpoint POST /api/tables/:sourceId/actions/:actionId/trigger fails to validate that the user-supplied rowId is within the scope of the view's row filters. A user with access to a filtered view can trigger row...

5.4CVSS0.00146EPSS
Exploits0References2
Veeam
Veeam
added 2026/05/27 12:0 a.m.36 views

Vulnerability Resolved in Veeam Service Provider Console 9.2.1

All vulnerabilities documented in this article were resolved in Veeam Service Provider Console 9.2.1.33875. Veeam Software Security Commitment Veeam® is committed to ensuring its products protect customers from potential risks. As part of that commitment, we operate a Vulnerability Disclosure...

9.4CVSS6.2AI score0.00403EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/05/26 4:34 p.m.47 views

CVE-2026-45721 Algernon: handler.lua discovery walks parent directories above the server root

Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, when Algernon is asked for any URL path that resolves to a directory without an index file, DirPage walks upward through parent directories — past the configured server root — looking for a file named handler.lua to execute a...

9CVSS0.00437EPSS
Exploits0References1
Debian
Debian
added 2026/05/21 6:38 p.m.28 views

[SECURITY] [DSA 6288-1] thunderbird security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6288-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 21, 2026 https://www.debian.org/security/faq -...

9.8CVSS6.1AI score0.00605EPSS
Exploits0
CVE
CVE
added 2026/05/20 7:27 p.m.22 views

CVE-2026-39352

Frappe is affected by an Arbitrary File Read via Path Traversal in render_include. Versions prior to 15.105.0 and 16.15.0 are vulnerable; the issue is resolved in 16.15.0, 15.105.0 and later. Affected software: Frappe framework (full-stack web app). Root cause: path traversal in render_include en...

8.7CVSS5.8AI score0.01279EPSS
Exploits0References2
CVE
CVE
added 2026/05/20 9:21 a.m.44 views

CVE-2026-42960

Unbound CVE-2026-42960 affects versions up to 1.25.0. The vulnerability arises from poisoning attempts using promiscuous RRSets in the authority section; an attacker could spoof replies or leverage fragmentation to inject non-NS address records in the additional section and have Unbound cache the...

10CVSS5.7AI score0.00249EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/05/19 7:3 p.m.18 views

EUVD-2026-30972

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samplesperchunk=0 in the stsc box causes an unsigned integer underflow in the Chunk constructor mlastsample = 0 + 0 - 1 = UINT32MAX, mapping all samples to an empty...

6.5CVSS5.7AI score0.00301EPSS
Exploits1References1
NVD
NVD
added 2026/05/18 9:16 p.m.18 views

CVE-2026-25244

WebdriverIO is a test automation framework for unit, e2e and component testing using WebDriver, WebDriver BiDi and Appium. Versions below 9.24.0 contain a command injection vulnerability leading to remote code execution RCE in test orchestration. Git permits branch names containing shell...

9.8CVSS0.02799EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/05/15 7:41 p.m.48 views

CVE-2026-44559 Open WebUI: Missing Access Check on Channel Members Endpoint for Standard Channels

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the GET /api/v1/channels/id/members endpoint only checks membership for group and dm channel types lines 467-469. For standard channels — including private ones — there is no...

4.3CVSS0.00221EPSS
Exploits1References1
Rows per page
Query Builder