Lucene search
K

70440 matches found

ATTACKERKB
ATTACKERKB
β€’added 2026/06/23 12:13 p.m.β€’5 views

CVE-2026-56274

Flowise before 3.1.2 contains multiple OS command injection vulnerabilities in the Custom MCP Server feature due to incomplete command-flag validation and a regex bypass in local file access restrictions. An attacker with a Flowise account of any role, or API access with view/update permissions f...

9.9CVSS6.2AI score0.02683EPSS
Exploits1References3
CVE
CVE
β€’added 2026/06/23 12:13 p.m.β€’20 views

CVE-2026-56274

Flowise

9.9CVSS6.2AI score0.02683EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
β€’added 2026/06/23 12:0 a.m.β€’12 views

PT-2026-51507

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.2 Description Multiple OS command injection issues exist in the Custom MCP Server feature. These occur due to incomplete command-flag validation and a regex bypass in local file access restrictions. An attacker wi...

9.9CVSS6.2AI score0.02683EPSS
Exploits1References12
OSV
OSV
β€’added 2026/06/22 11:19 p.m.β€’6 views

GHSA-CQ9C-6W48-QMFG @actual-app/sync-server: Disabled OpenID users keep access through existing session tokens

Summary In OpenID multi-user mode, disabling a user only blocks future OpenID login for that identity. Existing Actual session tokens for the disabled user remain valid, so the user can continue calling authenticated server endpoints after an administrator has disabled the account. Details The...

8.3CVSS5.9AI score0.00441EPSS
Exploits0References2
Github Security Blog
Github Security Blog
β€’added 2026/06/22 11:19 p.m.β€’10 views

@actual-app/sync-server: Disabled OpenID users keep access through existing session tokens

Summary In OpenID multi-user mode, disabling a user only blocks future OpenID login for that identity. Existing Actual session tokens for the disabled user remain valid, so the user can continue calling authenticated server endpoints after an administrator has disabled the account. Details The...

8.3CVSS5.9AI score0.00441EPSS
Exploits0References2Affected Software1
OSV
OSV
β€’added 2026/06/22 10:38 p.m.β€’8 views

MAL-2026-6274 Malicious code in web3-token-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0c826bf782895b60580b94e3a28a2c4562d3742420ce81e9895ad8568da57890 The package advertises itself as a Web3 fee utility but its main export is a dropper. index.js line 140 base64-decodes a platform-specific command...

5.8AI score
Exploits0References6
RedHat Linux
RedHat Linux
β€’added 2026/06/22 9:53 p.m.β€’6 views

vim: command injection when decompressing .tgz archives

A flaw was found in Vim. When decompressing .tgz archives, the Vimuntar function builds shell commands using shellescape without the special flag. This allows a specially crafted archive filename to trigger Vim cmdline-special expansion and execute arbitrary commands in the context of the current...

7CVSS6.1AI score0.00552EPSS
Exploits0References7
CVE
CVE
β€’added 2026/06/21 1:27 p.m.β€’21 views

CVE-2026-56396

CVE-2026-56396 (phpMyFAQ) affects phpMyFAQ versions before 4.1.4. The issue is missing authorization in editUser() and updateUserRights(), allowing authenticated administrators with edit_user to set the is_superadmin flag or grant arbitrary rights, escalating to SuperAdmin. This leads to high-imp...

8.8CVSS6AI score0.00251EPSS
Exploits0References2
Cvelist
Cvelist
β€’added 2026/06/21 6:18 a.m.β€’39 views

CVE-2026-52911 ksmbd: scope conn->binding slowpath to bound sessions only

In the Linux kernel, the following vulnerability has been resolved: ksmbd: scope conn-binding slowpath to bound sessions only When the binding SESSIONSETUP sets conn-binding = true, the flag stays set after the call so that the global session lookup in ksmbdsessionlookupall can find the session,...

8.8CVSS0.00362EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
β€’added 2026/06/20 12:0 a.m.β€’7 views

Linux Distros Unpatched Vulnerability : CVE-2026-52909

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ip6vti: set netnsimmutable on the fallback device. john1988 and Noam Rathaus reported that vti6initnet does not set the netnsimmutable flag on the per-netns...

7.8CVSS6AI score0.0012EPSS
Exploits0References3
NVD
NVD
β€’added 2026/06/19 4:16 p.m.β€’13 views

CVE-2017-20257

Joomla! Component Quiz Deluxe 3.7.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands through the ajaxaction.flagquestion task. Attackers can inject malicious SQL code via the stuquizid or flagquest parameters to manipulate database...

8.8CVSS0.00334EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
β€’added 2026/06/19 3:34 p.m.β€’6 views

CVE-2017-20257

Joomla! Component Quiz Deluxe 3.7.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands through the ajaxaction.flagquestion task. Attackers can inject malicious SQL code via the stuquizid or flagquest parameters to manipulate database...

8.8CVSS6.3AI score0.00334EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
β€’added 2026/06/19 3:34 p.m.β€’30 views

CVE-2017-20257 Joomla! Component Quiz Deluxe 3.7.4 SQL Injection

Joomla! Component Quiz Deluxe 3.7.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands through the ajaxaction.flagquestion task. Attackers can inject malicious SQL code via the stuquizid or flagquest parameters to manipulate database...

8.8CVSS0.00334EPSS
Exploits0References4
CVE
CVE
β€’added 2026/06/19 3:34 p.m.β€’14 views

CVE-2017-20257

Joomla! Component Quiz Deluxe 3.7.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands via the ajaxaction.flag_question task. Exploitation can occur by injecting malicious SQL through the stu_quiz_id or flag_quest parameters to manipula...

8.8CVSS6.3AI score0.00334EPSS
Exploits0References4
EUVD
EUVD
β€’added 2026/06/19 3:34 p.m.β€’7 views

EUVD-2017-18984

Joomla! Component Quiz Deluxe 3.7.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands through the ajaxaction.flagquestion task. Attackers can inject malicious SQL code via the stuquizid or flagquest parameters to manipulate database...

8.8CVSS6.3AI score0.00334EPSS
Exploits0References4
NVD
NVD
β€’added 2026/06/19 3:16 p.m.β€’11 views

CVE-2026-52909

In the Linux kernel, the following vulnerability has been resolved: ip6vti: set netnsimmutable on the fallback device. john1988 and Noam Rathaus reported that vti6initnet does not set the netnsimmutable flag on the per-netns fallback tunnel device ip6vti0. Other similar tunnel drivers like...

7.8CVSS0.0012EPSS
Exploits0References8
Cvelist
Cvelist
β€’added 2026/06/19 2:43 p.m.β€’35 views

CVE-2026-52909 ip6_vti: set netns_immutable on the fallback device.

In the Linux kernel, the following vulnerability has been resolved: ip6vti: set netnsimmutable on the fallback device. john1988 and Noam Rathaus reported that vti6initnet does not set the netnsimmutable flag on the per-netns fallback tunnel device ip6vti0. Other similar tunnel drivers like...

7.8CVSS0.0012EPSS
Exploits0References8
AstraLinux
AstraLinux
β€’added 2026/06/19 11:10 a.m.β€’1 views

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerabilities have been resolved: USB: usbfs: Do not issue a WARN message regarding excessively large memory allocations Syzbot discovered that the kernel generates a WARN message if the user attempts to perform a bulk transfer using usbfs with a buffer that i...

5.5CVSS6.8AI score0.00235EPSS
Exploits0References2
AstraLinux
AstraLinux
β€’added 2026/06/19 11:10 a.m.β€’3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: pcigeneric: Remove the WQMEMRECLAIM flag from the state workqueue. A recent change created a dedicated workqueue for the state-change work, with WQHIGHPRI and WQMEMRECLAIM flags. However, the state-change work...

5.5CVSS5.8AI score0.00222EPSS
Exploits0References2
AstraLinux
AstraLinux
β€’added 2026/06/19 11:10 a.m.β€’2 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: hrtimers: Properly handle CPU state during hotplug events. Consider a scenario where a CPU transitions from CPUHPONLINE to CPUHPHRTIMERSPREPARE after being hot-unplugged, and then back to CPUHPONLINE. Since the...

7.8CVSS6.4AI score0.00223EPSS
Exploits0References2
Rows per page
Query Builder