Lucene search
K

60 matches found

NVD
NVD
added 4 hours ago4 views

CVE-2026-61643

FastGPT is a knowledge-based AI application platform. From 4.14.17 until 4.15.0-beta5, an authenticated FastGPT user can save a workflow node that points to another user's private HTTP toolset by using a crafted saved tool id such as http-/. The normal toolset routes deny access, but the workflow...

5.9CVSS
Exploits0References2
EUVD
EUVD
added 7 hours ago4 views

EUVD-2026-44677

FastGPT is a knowledge-based AI application platform. From 4.14.17 until 4.15.0-beta5, the POST /api/core/chat/record/getCollectionQuote endpoint authenticates the caller's chat and collection context, but the initialId center-node lookup is not bound to that authorized context. A low-privileged...

7.7CVSS6.1AI score
Exploits0References4
CVE
CVE
added yesterday17 views

CVE-2026-12583

Summary: The Newsletters WordPress plugin before 4.15 is vulnerable to unauthenticated PHP object injection via a subscriber custom field. Deserialization of untrusted input stored through a public form enables an attacker to write arbitrary files and execute code on the server via a gadget chain...

8.1CVSS6.4AI score0.00174EPSS
Exploits0References1
NVD
NVD
added 5 days ago9 views

CVE-2026-56667

ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL Login V2 OIDC and SAML FailedPrecondition error paths return loginSettings.defaultRedirectUri to router.push without applying the isSafeRedirectUri check, allowing an organization or instance administrator to store a...

7.3CVSS0.00225EPSS
Exploits0References3
NVD
NVD
added 5 days ago6 views

CVE-2026-55670

ZITADEL is an open source identity management platform. Prior to 4.15.1, ZITADEL's event store validation can retain the original resource owner for a deleted user identifier, causing a later user recreated with the same identifier in another organization to be provisioned under the original...

2.3CVSS0.00286EPSS
Exploits0References4
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-56668 ZITADEL: Unauthorized Token Privilege Escalation in OAuth2 Token Exchange

ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL's OAuth2 Token Exchange endpoint for urn:ietf:params:oauth:grant-type:token-exchange does not verify that the subject token belongs to the requesting client or that requested scopes remain within the original token's...

8.1CVSS0.00231EPSS
Exploits0References3
Cvelist
Cvelist
added 5 days ago29 views

CVE-2026-55670 ZITADEL: Cross-Tenant User Leakage via Recycled Identifiers

ZITADEL is an open source identity management platform. Prior to 4.15.1, ZITADEL's event store validation can retain the original resource owner for a deleted user identifier, causing a later user recreated with the same identifier in another organization to be provisioned under the original...

2.3CVSS0.00286EPSS
Exploits0References4
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42977

ZITADEL is an open source identity management platform. Prior to 4.15.1, ZITADEL's event store validation can retain the original resource owner for a deleted user identifier, causing a later user recreated with the same identifier in another organization to be provisioned under the original...

2.3CVSS6.1AI score0.00286EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/07/07 8:3 a.m.6 views

Important: Red Hat Security Advisory: OpenShift Virtualization v4.15 Images

Red Hat OpenShift Virtualization release v4.15 is now available with updates to packages and images that fix several bugs and add enhancements. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift...

8.7CVSS6AI score0.00656EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/07/07 7:55 a.m.12 views

Important: Red Hat Security Advisory: OpenShift Virtualization v4.15 Images

Red Hat OpenShift Virtualization release v4.15 is now available with updates to packages and images that fix several bugs and add enhancements. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift...

9.1CVSS7.2AI score0.00586EPSS
Exploits2References3
Snyk
Snyk
added 2026/06/18 1:1 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the processing of user-supplied URLs in outgoing HTTP components, including notification channels, OIDC backchannel logout, and SAML metadata fetches. An attacker can access internal network resources...

4.2CVSS6AI score0.00252EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/18 1:1 p.m.6 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the processing of user-supplied URLs in outgoing HTTP components, including notification channels, OIDC backchannel logout, and SAML metadata fetches. An attacker can access internal network resources...

4.2CVSS6AI score0.00252EPSS
Exploits0References2
CVE
CVE
added 2026/06/15 8:59 p.m.30 views

CVE-2026-48157

Slim PHP framework (versions 4.4.0–4.15) is affected by an HTML/JavaScript injection in error pages when HttpException::setTitle() and/or setDescription() are fed with untrusted data. The issue can occur in HTML error pages generated by Slim and is present even with displayErrorDetails = false; v...

6.1CVSS5.5AI score0.00167EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/11 7:31 a.m.15 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.15.65 bug fix and security update

Red Hat OpenShift Container Platform release 4.15.65 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.15. Red Hat Product Security has rated this update as having a...

9.1CVSS6.5AI score0.01557EPSS
Exploits2References3
RedHat Linux
RedHat Linux
added 2026/06/11 6:6 a.m.19 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.15.65 security and extras update

Red Hat OpenShift Container Platform release 4.15.65 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.15. Red Hat Product Security has rated this update as having a security impact of...

9.1CVSS6.7AI score0.01557EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.10 views

CVE-2026-9243

The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'carouseldirection' parameter of the Carousel Anything widget in versions up to, and including, 6.4.15 This is due to insufficient output escaping in the render function, where the...

6.4CVSS5.7AI score0.00273EPSS
Exploits0References1
OSV
OSV
added 2026/05/27 8:16 p.m.6 views

DEBIAN-CVE-2026-9759

ROHC protocol dissector crash in Wireshark 4.6.0 to 4.6.5 and 4.4.0 to 4.4.15 allows denial of service...

5.5CVSS5.8AI score0.00092EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/26 11:28 a.m.17 views

Important: Red Hat Security Advisory: OpenShift Virtualization v4.15 Images

Red Hat OpenShift Virtualization release v4.15 is now available with updates to packages and images that fix several bugs and add enhancements. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift...

9.9CVSS5.8AI score0.00596EPSS
Exploits0References2
OSV
OSV
added 2026/05/24 11:16 p.m.10 views

DEBIAN-CVE-2026-48832

action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability...

3.5CVSS5.8AI score0.00186EPSS
Exploits0References1
OSV
OSV
added 2026/05/21 8:7 a.m.16 views

CLEANSTART-2026-KD85000 Security fixes for CVE-2026-33811, CVE-2026-33814, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499 applied in versions: 4.15.0-r0

Multiple security vulnerabilities affect the metacontroller package. These issues are resolved in later releases. See references for individual vulnerability details...

7.5CVSS5.8AI score0.00813EPSS
Exploits0References17
Rows per page
Query Builder