Lucene search
K

391 matches found

CVE
CVE
added 2 days ago16 views

CVE-2026-61498

CVE-2026-61498 affects Vitec Flamingo 4.12.2. The vulnerability is an unauthenticated OS command injection in the admin/ajax/gen_graphs.php endpoint, where input values from GET parameters (start, end, key, format) are unsafely passed to shell commands via passthru(), enabling remote command exec...

9.8CVSS6.3AI score0.02165EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2 days ago7 views

CVE-2026-61498

Vitec Flamingo 4.12.2 contains an unauthenticated OS command injection vulnerability in the admin/ajax/gengraphs.php endpoint that allows remote unauthenticated attackers to execute arbitrary commands by supplying shell metacharacters in the start, end, key, or format HTTP GET parameters. Attacke...

9.8CVSS6.3AI score0.02165EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2 days ago5 views

PT-2026-57817

Name of the Vulnerable Software and Affected Versions Vitec Flamingo version 4.12.2 Description An unauthenticated OS command injection exists in the 'admin/ajax/gen graphs.php' endpoint. Remote attackers can execute arbitrary commands with root privileges by providing shell metacharacters throug...

9.8CVSS6.3AI score0.02165EPSS
Exploits0References10
NVD
NVD
added 2026/06/25 11:17 p.m.9 views

CVE-2026-40083

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have SQL Injection through unsanitized unserialize+implode in managers.php. At line 756 of managers.php, the application assigns $selecteditems by calling...

7.2CVSS0.00279EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 10:39 p.m.6 views

CVE-2026-40083

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have SQL Injection through unsanitized unserialize+implode in managers.php. At line 756 of managers.php, the application assigns $selecteditems by calling...

7.2CVSS6AI score0.00279EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/06/25 10:39 p.m.41 views

CVE-2026-40083 Cacti: SQL Injection in managers.php

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have SQL Injection through unsanitized unserialize+implode in managers.php. At line 756 of managers.php, the application assigns $selecteditems by calling...

7.2CVSS0.00279EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/06/25 10:39 p.m.5 views

CVE-2026-40083

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have SQL Injection through unsanitized unserialize+implode in managers.php. At line 756 of managers.php, the application assigns $selecteditems by calling...

7.2CVSS5.9AI score0.00279EPSS
Exploits1
OSV
OSV
added 2026/06/24 7:40 p.m.3 views

CVE-2026-46349 Mastodon: LD-Signature Bypass via JSON-LD Named-Graph Restructuring

Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, Mastodon's normalization of incoming activities signed with Linked-Data Signatures does not sufficiently protect the activities from a certain class of spoofing, allowing attackers to...

5.3CVSS6AI score0.00162EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/06/05 12:0 a.m.25 views

MOLOT System Card: Malicious Operational Logic Observation Transformer

MOLOT Malicious Operational Logic Observation Transformer is a static malicious-code detection system designed for SAST setup where package metadata, maintainer history, and dynamic execution traces may be unavailable or unreliable. The system represents source code as behavior sequences derived...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.12 views

PT-2026-45977

Apache Airflow's scheduler-side deadline-reference decoder SerializedCustomReference.deserialize reference imported and dispatched arbitrary class paths drawn from DAG-author-controlled serialized state without an allowlist or plugin-registry gate. A DAG author whose code reaches the scheduler —...

7.3CVSS6AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.17 views

PT-2026-45365

Name of the Vulnerable Software and Affected Versions apache-airflow versions prior to 3.2.2 Description The 'structure data' endpoint in the Airflow UI fails to verify if the caller has read permissions for linked DAGs Directed Acyclic Graphs, which are collections of all the tasks you want to...

3.1CVSS5.5AI score0.00459EPSS
Exploits0References14
Fedora
Fedora
added 2026/05/28 12:48 a.m.18 views

[SECURITY] Fedora 43 Update: rrdtool-1.9.0-8.fc43

RRD is the Acronym for Round Robin Database. RRD is a system to store and display time-series data i.e. network bandwidth, machine-room temperature, server load average. It stores the data in a very compact way that will not expand over time, and it presents useful graphs by processing the data t...

5.8AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/05/27 4:12 a.m.8 views

SUSE CVE-2023-51448

Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection SQLi vulnerability within the SNMP Notification Receivers feature in the file 'managers.php'. An authenticated attacker with the “Settings/Utilities” permission can send a crafted HTT...

8.8CVSS7.4AI score0.09022EPSS
Exploits1References4
Packet Storm News
Packet Storm News
added 2026/05/27 12:0 a.m.13 views

HunterAgent: Neuro-Symbolic Attack Trace Reconstruction under Anti-Forensics

Modern alert-triage systems reduce SOC burden by filtering false positives, but flagging a high-risk alert is only the start of incident response. Threat hunting requires reconstructing causal attack chains across heterogeneous, partially corrupted logs. Against APTs using anti-forensics parent-P...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/18 9:0 p.m.6 views

@ant-design/graphs (>=2.0.0 <=2.0.4), @antv/g6-extension-react (>=0.0.1 <=0.1.19) potentially affected by unknown CVE via @antv/react-g (=2.1.1)

@antv/react-g NPM version =2.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/react-g and may be impacted: - @ant-design/graphs =2.0.0, =0.0.1, =0.1.19 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVREACTG-16755026...

5.5AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/18 9:0 p.m.7 views

@ant-design/graphs (>=2.0.0 <=2.0.4), @antv/g6-extension-react (>=0.0.1 <=0.1.19) potentially affected by unknown CVE via @antv/react-g (=2.1.1)

@antv/react-g NPM version =2.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/react-g and may be impacted: - @ant-design/graphs =2.0.0, =0.0.1, =0.1.19 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVREACTG-16754857...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/12 12:0 a.m.23 views

Do Skill Descriptions Tell the Truth? Detecting Undisclosed Security Behaviors in Code-Backed LLM Skills

Programmatic skills in LLM ecosystems consist of a natural-language description and executable implementation files. Users and LLMs rely on the description to understand the skill's scope. However, the implementation may perform security-relevant operations, such as credential access, network...

5.9AI score
Exploits0
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

Heym 安全漏洞

Heym is an open-source AI-native workflow automation platform developed by heymrun. Versions of Heym prior to 0.0.21 contained security vulnerabilities. These vulnerabilities stemmed from sandbox escape vulnerabilities in custom Python tool executors, which could allow authenticated workflow...

8.8CVSS5.8AI score0.00227EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/05/10 12:0 a.m.14 views

Oracle Poisoning: Corrupting Knowledge Graphs to Weaponise AI Agent Reasoning

We define Oracle Poisoning, an attack class in which an adversary corrupts a structured knowledge graph that AI agents query at runtime via tool-use protocols, causing incorrect conclusions through correct reasoning. Unlike prompt injection, Oracle Poisoning manipulates the data agents reason ove...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/08 12:0 a.m.11 views

Securing the Dark Matter: A Semantic-Enhanced Neuro-Symbolic Framework for Supply Chain Analysis of Opaque Industrial Software

Automated vulnerability detection in critical-infrastructure software confronts a fundamental barrier: industrial software is routinely deployed as stripped, symbol-free binaries that deprive conventional Software Composition Analysis of the source-level transparency it requires. Existing binary...

5.8AI score
Exploits0
Rows per page
Query Builder