Lucene search
K

3518 matches found

CVE
CVE
added 3 days ago23 views

CVE-2026-55883

Tilt HUD WebSocket (/ws/view) in Tilt is affected from 0.24.0 through 0.37.3. CSRF-protected, but the token is served from an unauthenticated /api/websocket_token endpoint and the upgrader accepts connections without an Origin header, enabling network-reachable attackers to read session state, Ti...

8.3CVSS6.2AI score0.00222EPSS
Exploits0References4
CVE
CVE
added 3 days ago7 views

CVE-2026-47422

CVE-2026-47422 affects the Frappe framework. An endpoint in reportview allowed unrestricted access to save_report due to missing permission checks prior to versions 15.107.5 and 16.18.2. The issue is fixed in those versions (15.107.5 and 16.18.2). The provided references include a GitHub advisory...

5.3CVSS6.1AI score0.00278EPSS
Exploits0References1
CVE
CVE
added 3 days ago5 views

CVE-2026-55462

Snipe-IT (IT asset/license management) is affected in versions prior to 8.6.2. The vulnerability in UsersController::show() and printInventory() allows an authenticated user with only the users.view permission to access inventory and cost/order metadata from modules that would normally be restric...

4.3CVSS6.1AI score0.00252EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-14461 Out-of-bound read in mtr

mtr is vulnerable to Out-of-bound read vulnerability in ipinfolookup function. An attacker who can influence the TXT response used for AS lookups can trigger this bug by returning a DNS response that is larger than 512 bytes and uses a crafted compression pointer in the answer NAME...

5.1CVSS0.00303EPSS
Exploits0References2
CVE
CVE
added 4 days ago8 views

CVE-2026-59855

The CVE affects SiYuan prior to version 3.7.1 where Asset.render (app/src/asset/index.ts) interpolates unsanitized this.path into innerHTML. This allows a crafted asset link containing a double quote to break the src attribute and inject an event handler, enabling JavaScript execution that can ru...

8.6CVSS6AI score0.00305EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 4 days ago7 views

CVE-2026-59831

GitHub CLI gh is GitHub’s official command line tool. From 2.10.0 through 2.95.0, connecting to a malicious Codespace with gh codespace jupyter can allow command execution because the command opens a JupyterLab URL supplied by a process inside the Codespace without validating that it is a loopbac...

4.4CVSS6.1AI score0.00198EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-59734

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, Coolify's app/Jobs/ApplicationDeploymentJob.php generatehealthcheckcommands function directly interpolated the healthcheckhost, healthcheckmethod, and healthcheckpath...

8.8CVSS6.2AI score0.00417EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
added 4 days ago7 views

CVE-2026-59224

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, backend/openwebui/routers/terminals.py built the wsterminal upstream URL from an unencoded sessionid and appended userid as a query parameter, allowing query injection to make the terminal backe...

8CVSS6AI score0.00286EPSS
Exploits0References5Affected Software1
CVE
CVE
added 4 days ago11 views

CVE-2026-59222

Open WebUI is a self-hosted AI platform. CVE-2026-59222 affects versions from 0.7.0 up to, but not including, 0.10.0. The vulnerability arises when GET /api/v1/channels/{id}/members returns full UserModelResponse objects for channel members, including settings.ui.toolServers[].key and webhook con...

6.5CVSS5.9AI score0.00265EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 4 days ago7 views

CVE-2026-59715

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.6.16 before 0.10.0, the Socket.IO server is configured with alwaysconnect=True. The ydoc:awareness:update and ydoc:document:leave Socket.IO handlers accepted collaborative-document events without requirin...

3.1CVSS5.9AI score0.00222EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-55877

Symfony UX is a JavaScript ecosystem for Symfony. From 2.17.0 before 2.36.1 and from 3.0.0 before 3.2.0, the uxicon Twig function is marked issafe='html' and Icon::toHtml inlines SVG source verbatim, allowing unsanitized local SVG files or Iconify on-demand JSON body responses containing nested...

6.1CVSS5.6AI score0.00194EPSS
Exploits0References5Affected Software1
NVD
NVD
added 5 days ago8 views

CVE-2026-49866

libp2p is a JavaScript Implementation of libp2p networking stack. Prior to 16.0.0, @libp2p/gossipsub defaultDecodeRpcLimits set maxIhaveMessageIDs and maxIwantMessageIDs to Infinity, allowing oversized IHAVE and IWANT control message arrays in message/decodeRpc.ts and gossipsub.ts to synchronousl...

7.5CVSS0.00446EPSS
Exploits0References4
CVE
CVE
added 5 days ago11 views

CVE-2026-44512

Open Neural Network Exchange (ONNX) has a vulnerability in version_converter.convert_version() for opset upgrades prior to 1.22.0. The Upsample_6_7 adapter dereferences inputs()[0] without validating that inputs exist, causing a null-pointer dereference (SIGSEGV) when processing a model with an U...

5.5CVSS6AI score0.0017EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-59892 OpenTelemetry JavaScript: Denial of service in `JaegerPropagator` via unhandled exception on a malformed header

OpenTelemetry JavaScript is the OpenTelemetry JavaScript client. Prior to 2.9.0, @opentelemetry/propagator-jaeger decodes incoming uber-trace-id and uberctx- HTTP header values with decodeURIComponent without handling decode errors, allowing an unauthenticated remote attacker to send a malformed...

7.5CVSS0.00436EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 5 days ago5 views

CVE-2026-59879

Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, Listset, ListsetSize, ListsetIn, ListupdateIn, and the functional set, setIn, and updateIn mishandle an index or size in the range 2 30 to 2 31 in setListBounds in src/List.js, causing an empty List to ente...

8.7CVSS6AI score0.0037EPSS
Exploits1References6Affected Software1
CVE
CVE
added 5 days ago8 views

CVE-2026-59869

js-yaml (JavaScript YAML parser) is affected by a resource-consumption issue in merge-key chains that can cause quadratic CPU time as documents grow linearly. Affected versions are 3.0.0–3.14.x and 4.0.0–4.2.x; the issue is fixed in 3.15.0 and 4.3.0. Impact is described as high availability (A:H)...

7.5CVSS6AI score0.0035EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-59869 js-yaml: YAML merge-key chains can force quadratic CPU consumption

js-yaml is a JavaScript YAML parser and dumper. From 3.0.0 before 3.15.0 and from 4.0.0 before 4.3.0, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys where each mapping merges the previous one. This issue is fixed in...

7.5CVSS0.0035EPSS
Exploits1References5
NVD
NVD
added 5 days ago12 views

CVE-2026-41042

Unauthenticated callers can supply a malicious H2 JDBC URL through the testConnection API, which executes arbitrary Java code on the server via H2's INIT parameter. Vulnerability in Apache Gravitino. This issue affects Apache Gravitino: before 1.2.1. Users are recommended to upgrade to version...

9.1CVSS0.00285EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-50007 Actual: Shared users can perform owner-only file management actions

Actual is an open-source personal finance application. Prior to 26.7.0, a missing authorization issue allows a shared user with useraccess on a budget file to perform owner-only file management actions. A non-owner shared user can call file-management endpoints intended for higher-privilege users...

7.2CVSS0.00246EPSS
Exploits0References5
Debian CVE
Debian CVE
added 6 days ago3 views

CVE-2026-53511

calibre is an e-book manager. Prior to 9.10.0, a malicious EPUB, OPF, or PDF file can execute arbitrary Python code when its metadata is read by calibre, including through Add books or Edit books, by embedding a custom column definition with a python: template in calibre:usermetadata that is pass...

8.5CVSS6.2AI score0.00197EPSS
Exploits0
Rows per page
Query Builder