Lucene search
K

31 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/24 11:53 a.m.5 views

CVE-2026-56223

Capgo before 12.128.2 contains a cross-domain SSO account takeover vulnerability in the provision-user endpoint that allows attackers to merge arbitrary victim accounts based on email match without validating SSO provider domain authorization. An attacker with enterprise org admin access and a...

9.3CVSS6AI score0.00244EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/18 5:25 p.m.4 views

Arbitrary Code Injection

Overview Crawl4AI is a 🚀🤖 Crawl4AI: Open-source LLM Friendly Web Crawler & scraper Affected versions of this package are vulnerable to Arbitrary Code Injection via the browserconfig.extraargs parameter in API requests. An attacker can execute arbitrary commands as the container's runtime user by...

10CVSS6.3AI score0.00523EPSS
Exploits0References3
CVE
CVE
added 2026/05/27 7:57 a.m.17 views

CVE-2026-40841

The CVE-2026-40841 entry involves an unauthenticated SQL injection in the getProjectTags function, disclosed across multiple sources. Affected state: it is triggered by improper neutralization of SQL elements in a SELECT, enabling a low-privileged, remote attacker to access data and potentially c...

7.1CVSS5.9AI score0.00262EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 9:6 p.m.10 views

CVE-2026-44426

ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/namespaces/:tenant returns the full namespace object — including the members list user IDs, e-mails, roles, settings, and device counts — to any caller authenticated by an API Key, for any tenant, regardless of the API Key's own...

6.5CVSS5.8AI score0.00308EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/24 6:27 p.m.4 views

CVE-2026-41327 Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in Upsert Condition Field

Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configuration where ACL is not enabled. The attack is a...

9.1CVSS5.5AI score0.00424EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/24 6:25 p.m.5 views

CVE-2026-41328 Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in NQuad Lang Field

Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configuration where ACL is not enabled. The attack require...

9.1CVSS5.5AI score0.00338EPSS
Exploits1References1
CVE
CVE
added 2026/04/24 6:25 p.m.24 views

CVE-2026-41328

Dgraph pre-auth vulnerability CVE-2026-41328 allows unauthenticated full read of data via DQL injection in NQuad Lang field. Root cause: addQueryIfUnique builds DQL using fmt.Sprintf with pred.Lang appended to predicateName, and Lang is parsed from mutation keys without validation, enabling injec...

9.1CVSS5.5AI score0.00338EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.5 views

PT-2026-35031

Name of the Vulnerable Software and Affected Versions Dgraph versions prior to 25.3.3 Description An issue exists in Dgraph that allows an unauthenticated attacker to gain full read access to all data in the database. This occurs in the default configuration where Access Control Lists ACL are...

9.1CVSS5.3AI score0.00424EPSS
Exploits1References8
NVD
NVD
added 2026/04/03 11:17 p.m.4 views

CVE-2026-34934

PraisonAI is a multi-agent teams system. Prior to version 4.5.90, the getalluserthreads function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from the database. An attacker stores a malicious thread ID via updatethread. When the application loads the thread list, t...

9.8CVSS0.00533EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.9 views

PraisonAI SQL注入漏洞

PraisonAI is a low-code multi-intelligent body collaboration framework. PraisonAI suffers from a SQL injection vulnerability that stems from the getalluserthreads function constructing raw SQL queries using unescaped thread IDs, which can be exploited by an attacker to cause SQL injection and gai...

9.8CVSS5.9AI score0.00533EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/01 8:9 a.m.3 views

CVE-2026-4370

A vulnerability was identified in Juju from version 3.2.0 until 3.6.19 and from version 4.0 until 4.0.4, where the internal Dqlite database cluster fails to perform proper TLS client and server authentication. Specifically, the Juju controller's database endpoint does not validate client...

10CVSS5.9AI score0.00381EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/03/13 7:54 p.m.7 views

CVE-2026-32306

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.23, the telemetry aggregation API accepts user-controlled aggregationType, aggregateColumnName, and aggregationTimestampColumnName parameters and interpolates them directly into ClickHouse SQL queries via the .appe...

9.9CVSS0.00603EPSS
Exploits1References1
CVE
CVE
added 2026/03/12 9:27 p.m.31 views

CVE-2026-32306

CVE-2026-32306 affects OneUptime prior to 10.0.23. The telemetry aggregation API interpolates user-controlled aggregationType, aggregateColumnName, and aggregationTimestampColumnName into ClickHouse queries via .append() with no allowlist, parameterized binding, or input validation. An authentica...

9.9CVSS6.6AI score0.00603EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2026/01/14 2:38 p.m.18 views

CVE-2026-22238

The CVE-2026-22238 issue affects BLUVOYIX and stems from improper authentication in the BLUVOYIX admin APIs. An unauthenticated remote attacker can send crafted HTTP requests to create a new admin user, potentially granting full access to customer data and compromising the platform by logging in ...

10CVSS7AI score0.00644EPSS
Exploits0References1Affected Software1
AstraLinux
AstraLinux
added 2025/06/16 11:28 a.m.1 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: binfmtflat: Fixed an integer overflow bug on 32-bit systems. Most of these sizes and counts are capped at 256MB, so the calculations do not result in integer overflows. The “relocs” count also needs to be checked. Otherwise, o...

5.5CVSS6.4AI score0.00216EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/02/28 2:23 a.m.6 views

SUSE CVE-2024-58010

In the Linux kernel, the following vulnerability has been resolved: binfmtflat: Fix integer overflow bug on 32 bit systems Most of these sizes and counts are capped at 256MB so the math doesn't result in an integer overflow. The "relocs" count needs to be checked as well. Otherwise on 32bit syste...

5.5CVSS7.9AI score0.00216EPSS
Exploits0References3
OSV
OSV
added 2025/02/27 3:15 a.m.1 views

DEBIAN-CVE-2024-58010

In the Linux kernel, the following vulnerability has been resolved: binfmtflat: Fix integer overflow bug on 32 bit systems Most of these sizes and counts are capped at 256MB so the math doesn't result in an integer overflow. The "relocs" count needs to be checked as well. Otherwise on 32bit syste...

5.5CVSS5.9AI score0.00216EPSS
Exploits0References1
OSV
OSV
added 2025/02/27 3:15 a.m.2 views

UBUNTU-CVE-2024-58010

In the Linux kernel, the following vulnerability has been resolved: binfmtflat: Fix integer overflow bug on 32 bit systems Most of these sizes and counts are capped at 256MB so the math doesn't result in an integer overflow. The "relocs" count needs to be checked as well. Otherwise on 32bit syste...

5.5CVSS6.4AI score0.00216EPSS
Exploits0References50
CNNVD
CNNVD
added 2023/04/18 12:0 a.m.3 views

Oracle Siebel CRM 安全漏洞

Oracle Siebel CRM is a set of customer relationship management solutions from Oracle Oracle. The solution includes modules for sales management, marketing management, customer service system, and call center. A security vulnerability exists in Oracle Siebel CRM version 23.3 and earlier versions,...

6.5CVSS7.2AI score0.00615EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/04/18 12:0 a.m.5 views

Oracle Business Intelligence Enterprise Edition 安全漏洞

Oracle Business Intelligence Enterprise Edition is an intelligent business analytics software from Oracle. Visualize and analyze enterprise data to aid decision-making, reduce total cost of ownership, and increase ROI across the organization. A security vulnerability exists in Oracle Business...

5.7CVSS7AI score0.00575EPSS
Exploits0References2
Rows per page
Query Builder