Lucene search
K

6909 matches found

CVE
CVE
added 8 hours ago7 views

CVE-2026-41878

Vulnerability (CVE-2026-41878) in R-SOFT DMS: Insecure Direct Object Reference (IDOR) affecting multiple file download endpoints. The app fetches files from the database by ID and serves them to any request, relying solely on session authentication, enabling a valid user to access any file. Repor...

7.1CVSS6.1AI score
Exploits0References1
Nuclei
Nuclei
added 14 hours ago7 views

XWiki DeleteApplication - Cross-Site Scripting

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 6.2-milestone-1 through 16.10.9 and 17.0.0-rc-1 through 17.4.1 of both XWiki Platform Flamingo Skin Resources and XWiki Platform Web Templates are vulnerable to a reflected XSS attack...

6.5CVSS7AI score0.00463EPSS
Exploits1References2
Nuclei
Nuclei
added 14 hours ago196 views

Chuanhu Chat - Directory Traversal

The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources within the webassets folder. However, the outdated version of gradio it employs is susceptible to pa...

9.8CVSS7.1AI score0.03757EPSS
Exploits1
Nuclei
Nuclei
added 14 hours ago47 views

QNAP Music Station < 5.4.0 - Authentication Bypass

An improper authentication vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following version: Music Station 5.4.0 and later id:...

8.8CVSS5.9AI score0.01173EPSS
Exploits0References3
Nuclei
Nuclei
added 14 hours ago471 views

Sonatype Nexus Repository Manager 3 - Local File Inclusion

Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1. id: CVE-2024-4956 info: name: Sonatype Nexus Repository Manager 3 - Local File Inclusion author: ritikchaddha severity: high description: | Path Traversal in Sonatype...

7.5CVSS7.1AI score0.18245EPSS
Exploits16References4
EUVD
EUVD
added yesterday6 views

EUVD-2026-39007

Mistune: Potential DoS via quadratic-time parsing in parselinktext...

8.7CVSS7.1AI score0.0035EPSS
Exploits0References5
NVD
NVD
added yesterday5 views

CVE-2026-55689

OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, OpenFGA's OIDC authenticator skipped JWT audience validation when authn.method was set to oidc, authn.oidc.issuer was configured, and authn.oidc.audience was not set, allowing a token minted for an unrelated...

6.8CVSS
Exploits0References5
CVE
CVE
added yesterday5 views

CVE-2026-55212

CVE-2026-55212 affects Pimcore’s Studio API: the class definition creation endpoint POST /pimcore-studio/api/class/definition/configuration-view/detail/create validates permissions against the objects permission instead of the classes permission, enabling a standard editor-level user to create cl...

7.1CVSS6AI score
Exploits0References5
NVD
NVD
added yesterday4 views

CVE-2026-59213

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.6.27 before 0.10.0, getallmodels handlers in routers/openai.py and routers/ollama.py passed a lambda to aiocache key instead of keybuilder, causing permission-filtered per-user model lists to share a stat...

3.5CVSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added yesterday5 views

CVE-2026-50644

SOPlanning is vulnerable to SQL injection in the audit retention configuration. An attacker holding parametersall rights can inject SQL commands into the audit configuration form which is then saved. The execution is triggered when the audit functionality is accessed by the attacker or another...

8.6CVSS6.2AI score
Exploits0References3
NVD
NVD
added yesterday8 views

CVE-2026-59269

A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially gain elevated permissions in the clusters, only if all the following conditions were true: the Pinniped Supervisor server is running with an ActiveDirectoryIdentityProvider resource configured; the...

3.8CVSS0.0017EPSS
Exploits0References1
CVE
CVE
added 2 days ago18 views

CVE-2026-54777

CoreWCF.NetNamedPipe transport is vulnerable to a local TOCTOU race where an attacker can race a NamedPipeListener between the shared-memory GUID publication and the creation of the service pipe, enabling interception of NetNamedPipe traffic by attaching to a pre-existing named pipe instance. Aff...

6.5CVSS6AI score0.00088EPSS
Exploits0References5
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-35210 OpenCTI: Authorization Bypass via `synchronized-upsert` HTTP Header Injection

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 7.260326.0, an authorization bypass vulnerability in OpenCTI allows any authenticated user with KNOWLEDGEKNUPDATE permission to bypass Confidence Level validation and Object Marking...

7.1CVSS0.00269EPSS
Exploits0References4
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-58192 Appium: Unauthenticated arbitrary file/directory deletion in @appium/storage-plugin

Appium is a cross-platform automation framework for all kinds of apps, built on top of the W3C WebDriver protocol. Prior to 1.1.6, the Appium storage plugin exposes POST /storage/delete, whose handler passes the user-supplied name value directly into path.joinstorageRoot, name and fs.rimraf witho...

8.6CVSS0.00345EPSS
Exploits0References4
Cvelist
Cvelist
added 2 days ago30 views

CVE-2026-59935 pypdf: Possible infinite loop for not terminated inline images (ASCII85 and ASCIIHex filter)

pypdf is a free and open-source pure-python PDF library. Prior to 6.14.2, an attacker can craft a PDF with a page content stream containing a not terminated inline image that uses the ASCII85 or ASCIIHex filters, causing an infinite loop during parsing such as when extracting page text. This issu...

8.7CVSS0.00329EPSS
Exploits0References4
Cvelist
Cvelist
added 2 days ago30 views

CVE-2026-59946 Composer: Path traversal in package bin field lets dependencies chmod arbitrary host files

Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a Composer package bin entry containing .. path segments can resolve outside the package install directory and cause Composer's binary installation flow to chmod an existing host file to a world-readable and...

6.1CVSS0.00136EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-59924

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Include.parse joins and normalizes user-supplied include paths without verifying that the result remains within the intended markdown directory, allowing crafted include paths to access files outside that directory wh...

5.9CVSS6AI score0.00329EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-59876 protobufjs: Text Format string map parsing can mutate returned map object prototype

protobufjs compiles protobuf definitions into JavaScript JS functions. From 8.2.0 until 8.6.5, the protobufjs Text Format extension parsed string-keyed map entries using ordinary property assignment, allowing a map entry with key proto to change the prototype of the returned map object instead of...

4.8CVSS0.00221EPSS
Exploits0References4
CVE
CVE
added 2 days ago7 views

CVE-2026-57439

CyberChef’s CVE-2026-57439 affects the Series Chart operation prior to version 11.2.0. The vulnerability arises when parsing user-supplied CSV, where proto can be used as a key, enabling prototype pollution. This can be chained with other operations (e.g., Parse UDP) to inject malicious JavaScrip...

5CVSS5.9AI score0.00094EPSS
Exploits0References5
CVE
CVE
added 2 days ago8 views

CVE-2026-58654

The Grav API plugin (getgrav/grav-plugin-api) 1.0.0 suffers an unrestricted file upload in /api/v1/users/user/avatar: it validates only the client-declared MIME type and allows arbitrary content to be stored under user/accounts/avatars/ with predictable filenames. Although direct HTTP access is b...

5.3CVSS6.7AI score0.00261EPSS
Exploits0References2
Rows per page
Query Builder