Lucene search
K

697 matches found

Cvelist
Cvelist
added yesterday14 views

CVE-2026-15416 Argo-cd: argo cd unauthenticated remote code execution in repo-server via generatemanifest grpc endpoint

A flaw was identified in Argo CD, the GitOps engine used by Red Hat OpenShift GitOps, that could allow an unauthenticated attacker with network access to the Argo CD repo-server to achieve remote code execution. Under certain conditions, the attacker may then manipulate cached data to deploy...

8.9CVSS0.00281EPSS
Exploits0References6
CVE
CVE
added yesterday19 views

CVE-2026-15416

Affected software/component: Argo CD repo-server (GitOps engine used by Red Hat OpenShift GitOps). The CVE-2026-15416 entry describes an unauthenticated attacker with network access who can achieve remote code execution on the Argo CD repo-server. Under certain conditions, this may allow the atta...

8.9CVSS6.2AI score0.00281EPSS
Exploits0References6
NVD
NVD
added 4 days ago9 views

CVE-2026-13116

The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.14.0 via the generatedocumentshortcode due to missing validation on a user controlled key. This makes it possible for authenticated...

4.3CVSS0.00223EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 4 days ago11 views

PT-2026-57388

Name of the Vulnerable Software and Affected Versions PDF Invoices & Packing Slips for WooCommerce versions prior to 5.14.1 Description An Insecure Direct Object Reference IDOR exists in the generate document shortcode function due to missing validation on a user-controlled key. Authenticated...

4.3CVSS6.1AI score0.00223EPSS
Exploits0References11
NVD
NVD
added 6 days ago7 views

CVE-2026-47831

Use of a cryptographically weak random number generator in the GenerateRandomPassword function in bosh-windows-stemcell-builder allows a remote attacker to brute-force the resulting SSH login via TCP/22. Affected versions: bosh-windows-stemcell-builder versions prior to v2019.98...

7.7CVSS0.00191EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago10 views

EUVD-2026-42517

Use of a cryptographically weak random number generator in the GenerateRandomPassword function in bosh-windows-stemcell-builder allows a remote attacker to brute-force the resulting SSH login via TCP/22. Affected versions: bosh-windows-stemcell-builder versions prior to v2019.98...

7.7CVSS7.1AI score0.00191EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago5 views

CVE-2026-47831

Use of a cryptographically weak random number generator in the GenerateRandomPassword function in bosh-windows-stemcell-builder allows a remote attacker to brute-force the resulting SSH login via TCP/22. Affected versions: bosh-windows-stemcell-builder versions prior to v2019.98...

7.7CVSS7.1AI score0.00191EPSS
Exploits0References2
NVD
NVD
added 2026/07/06 9:16 p.m.8 views

CVE-2026-54234

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Prior to 0.24.0, a frontend-legal multi-request speculative decoding workload can cause the rejection sampler to produce a recovered token equal to the model vocabulary size boundary value, which is then convert...

7.5CVSS0.00343EPSS
Exploits1References3
CVE
CVE
added 2026/07/06 7:49 p.m.11 views

CVE-2026-54234

CVE-2026-54234 affects vLLM prior to version 0.24.0. A frontend multi-request speculative decoding path could cause the rejection sampler to produce a recovered token equal to the model vocabulary size boundary value, which becomes negative one when the next live token is selected. This out-of-vo...

7.5CVSS6AI score0.00343EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/06 7:49 p.m.6 views

CVE-2026-54234

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Prior to 0.24.0, a frontend-legal multi-request speculative decoding workload can cause the rejection sampler to produce a recovered token equal to the model vocabulary size boundary value, which is then convert...

7.5CVSS6AI score0.00343EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/03 7:53 a.m.6 views

CVE-2026-9756

The GenerateBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Headline Block 'linkMetaFieldType' Dynamic Link Attribute in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS6.1AI score0.00215EPSS
Exploits0References9
EUVD
EUVD
added 2026/07/01 12:34 a.m.8 views

EUVD-2026-40414

Presenton before 0.8.8-beta bundles an MCP server that, on server/Docker deployments configured with session authentication AUTHUSERNAME/AUTHPASSWORD, is reachable unauthenticated at /mcp because the nginx front-end does not apply the authrequest gate to that path and the MCP server auto-mints a...

6.9CVSS5.8AI score0.00437EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/29 6:16 p.m.33 views

CVE-2026-58000 luci-proto-openvpn - Command Injection via cl_meta Parameter in generateKey

luci-proto-openvpn through 0.11.1, fixed in commit e4ff45e, contains a command injection vulnerability in the generateKey ubus method where the clmeta parameter is interpolated into a shell command without proper escaping or quoting. An authenticated LuCI user with OpenVPN protocol configuration...

8.8CVSS0.01401EPSS
Exploits0References3
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-426 Mocodo vulnerable to SQL injection in `/web/generate.php`

Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sqlcase input field in /web/generate.php, allowing remote attackers to execute arbitrary SQL commands and potentially command injection, leading to remote code execution RCE under certain conditions...

9.8CVSS8.1AI score0.02744EPSS
Exploits1References7
NVD
NVD
added 2026/06/29 4:16 a.m.9 views

CVE-2026-13528

A vulnerability was found in YunaiV/zhijiantianya ruoyi-vue-pro up to 2026.04-jdk8-SNAPSHOT. The impacted element is the function generateUploadPath of the file yudao-module-infra/src/main/java/cn/iocoder/yudao/module/infra/service/file/FileServiceImpl.java of the component AppFileController File...

7.5CVSS0.00447EPSS
Exploits0References8
OSV
OSV
added 2026/06/29 2:45 a.m.3 views

CVE-2026-13528 YunaiV/zhijiantianya ruoyi-vue-pro AppFileController File Upload Endpoint FileServiceImpl.java generateUploadPath path traversal

A vulnerability was found in YunaiV/zhijiantianya ruoyi-vue-pro up to 2026.04-jdk8-SNAPSHOT. The impacted element is the function generateUploadPath of the file yudao-module-infra/src/main/java/cn/iocoder/yudao/module/infra/service/file/FileServiceImpl.java of the component AppFileController File...

6.9CVSS6.4AI score0.00447EPSS
Exploits0References10
EUVD
EUVD
added 2026/06/29 2:45 a.m.9 views

EUVD-2026-40025

A vulnerability was found in YunaiV/zhijiantianya ruoyi-vue-pro up to 2026.04-jdk8-SNAPSHOT. The impacted element is the function generateUploadPath of the file yudao-module-infra/src/main/java/cn/iocoder/yudao/module/infra/service/file/FileServiceImpl.java of the component AppFileController File...

7.5CVSS6.5AI score0.00447EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.36 views

CVE-2026-9616 Generate Security.txt <= 1.0.12 - Missing Authorization to Authenticated (Subscriber+) Security.txt Deletion via delete_securitytxt AJAX Action

The Generate Security.txt plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.12. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS0.0024EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-51697

Name of the Vulnerable Software and Affected Versions Generate Security.txt plugin for WordPress versions prior to 1.0.13 Description The plugin fails to properly verify user authorization for specific actions. This allows authenticated attackers with subscriber-level access or higher to delete t...

4.3CVSS5.8AI score0.0024EPSS
Exploits0References13
Patchstack
Patchstack
added 2026/06/23 4:40 p.m.6 views

WordPress Generate Security.txt plugin <= 1.0.12 - Missing Authorization to Authenticated (Subscriber+) Security.txt Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Security.txt Deletion vulnerability discovered by Benedictus Jovan aillesiM in WordPress Plugin Generate Security.txt versions = 1.0.12...

4.3CVSS5.8AI score0.0024EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder