Lucene search
K

14208 matches found

Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-51935

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the OCFS2 file system where the listxattr function can return a size larger than the caller's buffer. This occurs when an OCFS2 inode contains both inline and...

8.8CVSS5.9AI score0.0053EPSS
Exploits1References379
NVD
NVD
added 2026/06/23 9:16 p.m.7 views

CVE-2026-46549

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the OAuth token strategy attached oauthscope and oauthgrantedresources to the request user, but the ACL middleware never consulted either. An OAuth token issued with a restricted scope e.g. MCP-only therefore inherited...

2CVSS0.00151EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 6:18 p.m.9 views

CVE-2026-54022

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, the ydoc:document:join Socket.IO handler checks note ownership only when the documentid starts with note: colon. However, the YdocManager storage layer normalizes all document IDs b...

5.3CVSS0.00268EPSS
Exploits1References1
NVD
NVD
added 2026/06/23 5:16 p.m.9 views

CVE-2026-44956

Low‑privileged users could use their Full Name as a vector for a stored XSS attack. The name is included in system‑generated emails, whose content is stored in the details field of the userlog table. An admin user viewing the email content through userlog-details.php would have any malicious...

0.00339EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/23 4:14 p.m.6 views

EUVD-2026-38508

Low‑privileged users could use their Full Name as a vector for a stored XSS attack. The name is included in system‑generated emails, whose content is stored in the details field of the userlog table. An admin user viewing the email content through userlog-details.php would have any malicious...

5.8AI score0.00339EPSS
Exploits1References1
CVE
CVE
added 2026/06/23 4:14 p.m.21 views

CVE-2026-44956

Revive Adserver (Revive Adserver) is affected by a stored XSS vector where an attacker’s Full Name, injected into system-generated emails stored in the userlog.details field, can execute JavaScript when an admin views the content via userlog-details.php. Root cause: missing output sanitisation in...

5.8AI score0.00339EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/23 4:14 p.m.34 views

CVE-2026-44956

Low‑privileged users could use their Full Name as a vector for a stored XSS attack. The name is included in system‑generated emails, whose content is stored in the details field of the userlog table. An admin user viewing the email content through userlog-details.php would have any malicious...

0.00339EPSS
Exploits1References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 4:11 p.m.9 views

Malicious code in @muaththir/api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66954b91179d60bfbf1c18e8ed8ed9e6b12ab7b13bc6ab2a4174c3bf063c2c0a On npm install, the package's preinstall lifecycle hook runs node index.js, which collects host identifiers os.userInfo.username, process.cwd, Node...

5.7AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 4:3 p.m.8 views

Malicious code in cursorai-agent (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a04af62bb8d9774dcd39cbe7f8864477b0813e5e0b19a45ad637e94dd8ae008 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 3:32 p.m.6 views

Malicious code in mjs-eslint-service (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7e95cb81c6a1238d751c013def46001948b388083e0d91f7baa5077091ae006 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 12:15 p.m.7 views

Malicious code in poly-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f5aab464aac47233efb564c52d5818fef783efa856f8318c61d61ef99ca0da4e The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 12:15 p.m.10 views

Malicious code in new-solt (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5a46a9516de2c87a2d451b78ace7033fb9dffa9faa4216b84eb068136098cfa Package [email protected] contains index.js which imports childprocess and invokes execSync with bash and zsh shell strings around lines 315 and 331...

6.1AI score
Exploits0References4
OSV
OSV
added 2026/06/23 9:6 a.m.2 views

SUSE-SU-2026:2528-1 Security update for sqlite3

This update for sqlite3 fixes the following issues Update to 3.53.2: - CVE-2026-11822: memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause process crashes, memory exhaustion, or arbitrary code execution bsc1268012. - CVE-2026-11824: heap-based...

8.5CVSS6.8AI score0.00175EPSS
Exploits0References5
OSV
OSV
added 2026/06/23 9:5 a.m.20 views

SUSE-SU-2026:2527-1 Security update for sqlite3

This update for sqlite3 fixes the following issues Update to 3.53.2: - CVE-2026-11822: memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause process crashes, memory exhaustion, or arbitrary code execution bsc1268012. - CVE-2026-11824: heap-based...

8.5CVSS6.8AI score0.00175EPSS
Exploits0References5
OSV
OSV
added 2026/06/23 6:19 a.m.7 views

MAL-2026-6276 Malicious code in node-core-libs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d33f74e3f73fd5580ecf994b7db0349ee540754d65d4467b8b04b8c79e3d257b scripts/postinstall.js runs automatically on npm install Windows only and behaves as a classic install-time dropper. It XOR-decodes key 0x5A a...

6.4AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.22 views

PT-2026-51653

Name of the Vulnerable Software and Affected Versions Hoppscotch affected versions not specified Description Four independent weaknesses allow an unauthenticated request to lead to full server compromise. Recommendations At the moment, there is no information about a newer version that contains a...

10CVSS5.9AI score0.0059EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.8 views

PT-2026-51636

Name of the Vulnerable Software and Affected Versions Snipe-IT versions prior to 8.6.2 Description A cross-tenant data injection issue exists in the Accessories API when Full Multiple Companies Support is enabled. A low-privileged authenticated user can create accessory records belonging to a...

8.5CVSS6.1AI score
Exploits0References7
EUVD
EUVD
added 2026/06/22 9:4 p.m.6 views

EUVD-2026-38367

Flowise before 3.1.2 contains an information disclosure vulnerability in the /api/v1/chatflows/apikey/:apikey endpoint. When the keyonly query parameter is omitted the default, the endpoint returns not only the chatflows bound to the supplied API key but also all chatflows across every workspace...

7.7CVSS5.9AI score0.00281EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/22 1:22 p.m.8 views

EUVD-2026-38245

IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due to an improper isolation of Python execution combined with an authentication bypass that allows an unauthenticated attacker to execute arbitrary code on the host system, resulting in complete compromise...

10CVSS6.4AI score0.00502EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 10:16 a.m.16 views

CVE-2023-45795

A cross-site scripting vulnerability in the Builder Component of Pilz PASvisu before 1.14.1 allows a local unauthenticated attacker to inject malicious javascript and gain full control over the device...

7.8CVSS0.00146EPSS
Exploits0References1
Rows per page
Query Builder