Lucene search
K

201499 matches found

GithubExploit
GithubExploit
added 2 hours ago10 views

Inspectra

Inspectra 🛡️ Web Security Configuration Auditor Inspe...

6.7AI score
Exploits0
NVD
NVD
added 2 hours ago3 views

CVE-2026-34171

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the GET /invitations/uuid endpoint can perform a state-changing password reset using an attacker-known invitation UUID, allowing an attacker who can cause a victim to visit...

8CVSS
Exploits0References3
Cvelist
Cvelist
added 3 hours ago4 views

CVE-2026-34171 Coolify: Account takeover via CSRF-able GET endpoint that resets password to attacker-known value

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the GET /invitations/uuid endpoint can perform a state-changing password reset using an attacker-known invitation UUID, allowing an attacker who can cause a victim to visit...

8CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 3 hours ago2 views

CVE-2026-34171

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the GET /invitations/uuid endpoint can perform a state-changing password reset using an attacker-known invitation UUID, allowing an attacker who can cause a victim to visit...

8CVSS6AI score
Exploits0References4Affected Software1
CVE
CVE
added 3 hours ago9 views

CVE-2026-34171

CVE-2026-34171 affects Coolify prior to 4.0.0-beta.471. The issue is a CSRF-like, state-changing vulnerability on a GET endpoint: GET /invitations/{uuid} can reset the user password to an attacker-known value if a victim visits a crafted invitation URL. This is due to a password-reset being trigg...

8CVSS6AI score
Exploits0References3
EUVD
EUVD
added 3 hours ago3 views

EUVD-2026-41988

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the GET /invitations/uuid endpoint can perform a state-changing password reset using an attacker-known invitation UUID, allowing an attacker who can cause a victim to visit...

8CVSS6AI score
Exploits0References3
Slackware Linux
Slackware Linux
added yesterday4 views

[slackware-security] openssh

New openssh packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/openssh-10.4p1-i586-1slack15.0.txz: Upgraded. This release contains a number of security fixes: sftp1: when downloading files on the...

6AI score
Exploits0
Slackware Linux
Slackware Linux
added yesterday3 views

[slackware-security] c-ares

New c-ares packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/c-ares-1.34.7-i586-1slack15.0.txz: Upgraded. This release fixes the following security issues: Use-after-free / double-free in c-ares'...

5.9AI score
Exploits0
OSV
OSV
added yesterday2 views

GHSA-QRWJ-VH9X-GW5V Coder's workspace agent API insecure redirect handling allowed cross-agent file read and write

Summary agentConn.apiClient used the default redirect behavior of http.Client while its custom transport dialed the host from the request URL as long as the port was the workspace agent HTTP API port 4. Agent tailnet IPs are deterministic from agent UUIDs, so a malicious workspace agent could...

8.3CVSS6.2AI score
Exploits0References3
Github Security Blog
Github Security Blog
added yesterday4 views

Coder's workspace agent API insecure redirect handling allowed cross-agent file read and write

Summary agentConn.apiClient used the default redirect behavior of http.Client while its custom transport dialed the host from the request URL as long as the port was the workspace agent HTTP API port 4. Agent tailnet IPs are deterministic from agent UUIDs, so a malicious workspace agent could...

6.2AI score
Exploits0References3Affected Software1
OSV
OSV
added yesterday2 views

GHSA-QVFM-67H2-2QFX 9routers has Exposure of Sensitive Information and Unprotected Database Import/Export, Allowing Complete Credential Theft and Database Takeover

Summary The /api/settings/database endpoint allows full database export containing all credentials, API keys, OAuth tokens, and settings and full database import complete overwrite without any authentication requirement beyond the ALWAYSPROTECTED middleware check, which only validates JWT or CLI...

9.9CVSS6AI score
Exploits0References2
Github Security Blog
Github Security Blog
added yesterday3 views

9routers has Exposure of Sensitive Information and Unprotected Database Import/Export, Allowing Complete Credential Theft and Database Takeover

Summary The /api/settings/database endpoint allows full database export containing all credentials, API keys, OAuth tokens, and settings and full database import complete overwrite without any authentication requirement beyond the ALWAYSPROTECTED middleware check, which only validates JWT or CLI...

6AI score
Exploits0References2Affected Software1
OSV
OSV
added yesterday2 views

GHSA-F74W-488G-8X5R Craft CMS: Potential authenticated Remote Code Execution via referrer redirect

Requirements: Control panel access Permissions to edit an entry Details Control panel users with the ability to edit entries can execute unsandboxed Twig code via the HTTP Referrer header. The issue happens when a user is saving entries. Strings for a signed redirect URL are being compiled as a...

8.7CVSS6AI score0.00293EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added yesterday3 views

Craft CMS: Potential authenticated Remote Code Execution via referrer redirect

Requirements: Control panel access Permissions to edit an entry Details Control panel users with the ability to edit entries can execute unsandboxed Twig code via the HTTP Referrer header. The issue happens when a user is saving entries. Strings for a signed redirect URL are being compiled as a...

8.7CVSS6AI score0.00293EPSS
Exploits0References4Affected Software1
OSV
OSV
added yesterday2 views

GHSA-2PQ5-3Q89-J7CC Langroid: Neo4jChatAgent executes LLM-generated Cypher without validation (prompt-to-Cypher injection; config-conditional RCE), mirroring the SQLChatAgent bug fixed in CVE-2026-25879

Neo4jChatAgent passes LLM-generated Cypher queries straight to the Neo4j driver with no validation, no statement-type allowlist, and no opt-out gate. The query text is influenceable by prompt injection direct user input or indirect content the agent reads back via RAG, so an attacker who can...

9.2CVSS5.9AI score
Exploits0References2
Github Security Blog
Github Security Blog
added yesterday3 views

Langroid: Neo4jChatAgent executes LLM-generated Cypher without validation (prompt-to-Cypher injection; config-conditional RCE), mirroring the SQLChatAgent bug fixed in CVE-2026-25879

Neo4jChatAgent passes LLM-generated Cypher queries straight to the Neo4j driver with no validation, no statement-type allowlist, and no opt-out gate. The query text is influenceable by prompt injection direct user input or indirect content the agent reads back via RAG, so an attacker who can...

9.8CVSS5.9AI score0.00409EPSS
Exploits0References2Affected Software1
OSV
OSV
added yesterday2 views

GHSA-VJC7-JRH9-9J86 9router has unauthenticated CRUD on /api/providers and Full API Key Leak via /api/usage/stats

--- title: Unauthenticated CRUD on /api/providers and Full API Key Leak via /api/usage/stats product: 9Router version: = 0.4.41 severity: critical cverequest: true --- Summary Multiple critical API security vulnerabilities were discovered in 9Router's Next.js dashboard. The /api/providers endpoin...

10CVSS6.1AI score
Exploits0References2
Github Security Blog
Github Security Blog
added yesterday4 views

9router has unauthenticated CRUD on /api/providers and Full API Key Leak via /api/usage/stats

--- title: Unauthenticated CRUD on /api/providers and Full API Key Leak via /api/usage/stats product: 9Router version: = 0.4.41 severity: critical cverequest: true --- Summary Multiple critical API security vulnerabilities were discovered in 9Router's Next.js dashboard. The /api/providers endpoin...

6.1AI score
Exploits0References2Affected Software1
OSV
OSV
added yesterday2 views

GHSA-798H-HPPH-M24J Linuxfabrik Monitoring Plugins have local privilege escalation using embedded command

Summary When a check plugin places user provided input inside a command which is passed to shellexec, an attacker can abuse this to run arbitrary commands. This is mainly dangerous for plugins which are listed in the sudoers file, because this allows an attacker controlling the nagios user to get...

7.8CVSS6.2AI score
Exploits0References2
Github Security Blog
Github Security Blog
added yesterday3 views

Linuxfabrik Monitoring Plugins have local privilege escalation using embedded command

Summary When a check plugin places user provided input inside a command which is passed to shellexec, an attacker can abuse this to run arbitrary commands. This is mainly dangerous for plugins which are listed in the sudoers file, because this allows an attacker controlling the nagios user to get...

6.2AI score
Exploits0References2Affected Software1
Rows per page
Query Builder