Lucene search
K

2463 matches found

Nuclei
Nuclei
added yesterday73 views

Advantech R-SeeNet - Cross-Site Scripting

Advantech R-SeeNet contains a cross-site scripting vulnerability in the devicegraphpage.php script via the graph parameter. A specially crafted URL by an attacker can lead to arbitrary JavaScript code execution. id: CVE-2021-21801 info: name: Advantech R-SeeNet - Cross-Site Scripting author: gy74...

9.6CVSS6.9AI score0.63415EPSS
Exploits1References4
OSV
OSV
added 2 days ago4 views

CVE-2026-59245 Apache Airflow FAB provider: FAB auth manager: a DAG named "DAGs" hijacks the global all-DAGs permission (access_control privilege escalation via resource_name() collision)

In the Apache Airflow FAB auth manager, a DAG whose dagid is DAGs collided with the global all-DAGs permission resource name produced by resourcename, so a user granted per-DAG accesscontrol on that one DAG was silently granted the global all-DAGs permission privilege escalation. The escalation...

8.1CVSS6.1AI score0.0036EPSS
Exploits0References6
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-61498 Vitec Flamingo 4.12.2 Unauthenticated OS Command Injection via gen_graphs.php

Vitec Flamingo 4.12.2 contains an unauthenticated OS command injection vulnerability in the admin/ajax/gengraphs.php endpoint that allows remote unauthenticated attackers to execute arbitrary commands by supplying shell metacharacters in the start, end, key, or format HTTP GET parameters. Attacke...

9.8CVSS0.02165EPSS
Exploits0References3
CVE
CVE
added 6 days ago27 views

CVE-2026-55615

Langroid CVE-2026-55615 affects the Neo4jChatAgent path, where LLM-generated Cypher queries are sent unvalidated to the Neo4j driver prior to version 0.65.5. Connected docs describe a prompt-injection risk enabling read/write/destroy of graph data and, with APOC or dbms.security, potential OS com...

9.2CVSS6AI score0.00461EPSS
Exploits0References2
NVD
NVD
added 6 days ago7 views

CVE-2026-31981

A Stored HTML Injection vulnerability was discovered in the Diagram tab and Graph view due to a shared input validation function being insufficiently restrictive. An authenticated user with administrative privileges can inject malicious HTML tags into N2OS configuration data through multiple inpu...

5.9CVSS0.00142EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-31981 HTML injection in Diagram tab and Graph view in Guardian/CMC before 26.2.0

A Stored HTML Injection vulnerability was discovered in the Diagram tab and Graph view due to a shared input validation function being insufficiently restrictive. An authenticated user with administrative privileges can inject malicious HTML tags into N2OS configuration data through multiple inpu...

5.9CVSS0.00142EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42531

A Stored HTML Injection vulnerability was discovered in the Diagram tab and Graph view due to a shared input validation function being insufficiently restrictive. An authenticated user with administrative privileges can inject malicious HTML tags into N2OS configuration data through multiple inpu...

5.9CVSS6AI score0.00142EPSS
Exploits0References1
CVE
CVE
added 6 days ago7 views

CVE-2026-31981

A stored HTML injection vulnerability affects the Diagram tab and Graph view of Guardian/CMC (N2OS) prior to 26.2.0. An authenticated administrator can inject HTML into configuration data via multiple input vectors; when viewed by others, the HTML may render and enable phishing or open redirects....

5.9CVSS6AI score0.00142EPSS
Exploits0References1Affected Software2
CVE
CVE
added last week9 views

CVE-2026-35211

OpenCTI exposes a script filter operator in the GraphQL FilterOperator enum prior to version 7.260401.0. An authenticated user with the KNOWLEDGE capability can pass user-supplied Elasticsearch Painless script values directly into search queries without validation, enabling potentially expensive ...

6.5CVSS6AI score0.0037EPSS
Exploits0References4Affected Software1
CVE
CVE
added last week84 views

CVE-2026-6352

GitLab EE contains an authorization flaw in GraphQL operations that could allow an authenticated user with auditor-level access to modify compliance violation records. Affected versions include all 18.2-era releases before 18.11.7, all 19.0-era releases before 19.0.4, and all 19.1-era releases be...

2.7CVSS6AI score0.00264EPSS
Exploits0References3Affected Software1
CVE
CVE
added last week15 views

CVE-2026-44840

CVE-2026-44840 (Dgraph) : The vulnerability is in the GraphQL path for checkUserPassword, where user-supplied password values are interpolated into a DQL query via fmt.Sprintf without escaping or parameterization. This allows a specially crafted password (e.g., containing a ".") to break the DQL ...

7.5CVSS6.1AI score0.00484EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.10 views

PT-2026-56614

Name of the Vulnerable Software and Affected Versions GitLab EE versions 18.2 through 18.11.6 GitLab EE versions 19.0 through 19.0.3 GitLab EE versions 19.1 through 19.1.1 Description An improper authorization issue exists in certain GraphQL operations that could allow an authenticated user with...

2.7CVSS6.1AI score0.00264EPSS
Exploits0References7
NVD
NVD
added 2026/07/07 9:17 p.m.20 views

CVE-2026-58473

Cognee before 1.2.0 contains an improper access control vulnerability that allows unauthenticated attackers to overwrite the global LLM provider configuration by self-registering an account and calling the settings endpoint, which performs no admin or superuser check. Attackers can redirect all L...

9.3CVSS0.00372EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/07 8:34 p.m.6 views

CVE-2026-58473

Cognee before 1.2.0 contains an improper access control vulnerability that allows unauthenticated attackers to overwrite the global LLM provider configuration by self-registering an account and calling the settings endpoint, which performs no admin or superuser check. Attackers can redirect all L...

9.3CVSS6AI score0.00372EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/07 8:34 p.m.34 views

CVE-2026-58473 Cognee < 1.2.0 Unauthorized LLM Configuration Overwrite via /api/v1/settings

Cognee before 1.2.0 contains an improper access control vulnerability that allows unauthenticated attackers to overwrite the global LLM provider configuration by self-registering an account and calling the settings endpoint, which performs no admin or superuser check. Attackers can redirect all L...

9.3CVSS0.00372EPSS
Exploits0References4
OSV
OSV
added 2026/07/07 3:26 p.m.8 views

GO-2026-5837 Dgraph Vulnerable to DQL Injection via checkUserPassword GraphQL Query in github.com/dgraph-io/dgraph

Dgraph Vulnerable to DQL Injection via checkUserPassword GraphQL Query in github.com/dgraph-io/dgraph...

7.5CVSS5.9AI score0.00484EPSS
Exploits0References3
CVE
CVE
added 2026/07/07 9:17 a.m.15 views

CVE-2026-48891

A vulnerability in Apache Airflow affects the UI at /ui/dependencies where the scheduling graph endpoint applies the caller’s readable-Dag filter to the top-level Dag key but still exposes Dag IDs in dep.source and dep.target for trigger/sensor entries. An authenticated UI user with read access t...

4.3CVSS6AI score0.00636EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/07/07 9:17 a.m.6 views

EUVD-2026-42025

A bug in Apache Airflow's /ui/dependencies scheduling graph endpoint applied the caller's readable-Dag filter to the top-level serialized Dag key but still emitted referenced Dag IDs through the dep.source and dep.target fields of trigger / sensor dependency entries. An authenticated UI user with...

4.3CVSS6AI score0.00636EPSS
Exploits0References3
OSV
OSV
added 2026/07/07 9:17 a.m.3 views

CVE-2026-48891 Apache Airflow: /ui/dependencies scheduling graph leaks unreadable Dag identifiers via trigger/sensor dep.source/dep.target

A bug in Apache Airflow's /ui/dependencies scheduling graph endpoint applied the caller's readable-Dag filter to the top-level serialized Dag key but still emitted referenced Dag IDs through the dep.source and dep.target fields of trigger / sensor dependency entries. An authenticated UI user with...

4.3CVSS6AI score0.00636EPSS
Exploits0References6
NOZOMI
NOZOMI
added 2026/07/07 12:0 a.m.5 views

HTML injection in Diagram tab and Graph view in Guardian/CMC before 26.2.0

Summary A Stored HTML Injection vulnerability was discovered in the Diagram tab and Graph view due to a shared input validation function being insufficiently restrictive. Impact An authenticated user with administrative privileges can inject malicious HTML tags into N2OS configuration data throug...

5.9CVSS5.9AI score0.00142EPSS
Exploits0Affected Software2
Rows per page
Query Builder