Lucene search
K

56112 matches found

EUVD
EUVD
added 1 hour ago4 views

EUVD-2026-43634

In Eclipse KUKSA Databroker version 0.6.1, the kuksa.val.v2.VAL/PublishValue gRPC handler fails to validate the existence of the optional datapoint field in PublishValueRequest. When a request contains a valid signalid but omits datapoint, the server directly calls unwrap on request.datapoint,...

4.3CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-43623

A vulnerability was identified in code-projects Online Job Portal 1.0. The affected element is an unknown function of the file /Admin/EditUser.php. Such manipulation of the argument UserId leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be...

7.5CVSS6.8AI score
Exploits0References6
EUVD
EUVD
added 9 hours ago4 views

EUVD-2026-43599

A flaw has been found in poco-ai poco-claw up to 0.5.4. Affected is the function getworkspacefile of the file executormanager/app/api/v1/workspace.py of the component Workspace API. Executing a manipulation of the argument userid can lead to authorization bypass. The attack may be launched...

6.9CVSS5.9AI score
Exploits0References8
Chainguard
Chainguard
added yesterday2 views

GHSA-V66C-278H-3VJ4 vulnerabilities

Vulnerabilities for packages: chromium...

6.1AI score
Exploits0
Circl
Circl
added yesterday4 views

CVE-2026-57363

creationtimestamp| type| source ---|---|--- 2026-07-13 18:51:38+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqkeecjaem2a 2026-07-14 01:19:39+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mql224uclj2w...

7.1CVSS6.1AI score0.00251EPSS
Exploits0References2
NVD
NVD
added yesterday6 views

CVE-2026-61462

mcp-gitlab contains a path traversal vulnerability in the jobid parameter of build/index.js that allows attackers to redirect GitLab API requests to arbitrary endpoints. Attackers can supply crafted jobid values like ../../../user to escape the intended path prefix and access arbitrary GitLab API...

9.2CVSS
Exploits0References4
CVE
CVE
added yesterday8 views

CVE-2026-61462

CVE-2026-61462 affects mcp-gitlab. A path traversal weakness exists in the build/index.js job_id parameter, allowing an attacker to escape the intended path prefix (e.g., using ../../../user) and redirect GitLab API requests to arbitrary endpoints. This can enable access to arbitrary GitLab API r...

9.2CVSS6.2AI score
Exploits0References4
Circl
Circl
added yesterday5 views

CVE-2026-9824

creationtimestamp| type| source ---|---|--- 2026-07-13 13:19:51+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqjrszmrjk2s 2026-07-13 14:03:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqjuaxgcny27 2026-07-13 18:19:38+00:00| seen|...

4.3CVSS6.1AI score
Exploits0References4
Circl
Circl
added yesterday7 views

CVE-2026-61955

creationtimestamp| type| source ---|---|--- 2026-07-13 11:59:52+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqjndygvcm2y 2026-07-13 18:04:48+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqkbqk2co427 2026-07-14 02:02:07+00:00| seen|...

7.6CVSS6.1AI score0.00383EPSS
Exploits0References3
Circl
Circl
added yesterday3 views

CVE-2026-57786

creationtimestamp| type| source ---|---|--- 2026-07-13 11:08:55+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqjkivcoiu2w...

8.8CVSS6.1AI score0.00231EPSS
Exploits0References1
Circl
Circl
added yesterday5 views

CVE-2026-57379

creationtimestamp| type| source ---|---|--- 2026-07-13 11:04:56+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqjkbrsxph2i...

7.1CVSS6.1AI score0.00251EPSS
Exploits0References1
Circl
Circl
added yesterday5 views

CVE-2026-57369

creationtimestamp| type| source ---|---|--- 2026-07-13 11:03:10+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqjk6m4vk222 2026-07-13 18:55:41+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqkelkgb7c27 2026-07-14 01:21:35+00:00| seen|...

7.1CVSS6.1AI score0.00251EPSS
Exploits0References4
CVE
CVE
added yesterday9 views

CVE-2026-6541

CVE-2026-6541 affects Mattermost versions 11.7.x <= 11.7.1, 11.6.x <= 11.6.4, and 10.11.x

4.3CVSS6.1AI score
Exploits0References1Affected Software1
Cvelist
Cvelist
added yesterday19 views

CVE-2026-15557 waooAI waoowaoo Internal Task Header api-auth.ts requireProjectAuthLight improper authentication

A weakness has been identified in waooAI waoowaoo up to 0.4.1. Affected by this vulnerability is the function getInternalTaskSession/getAuthSession/requireUserAuth/requireProjectAuth/requireProjectAuthLight in the library src/lib/api-auth.ts of the component Internal Task Header Handler. This...

7.5CVSS0.00507EPSS
Exploits0References6
Circl
Circl
added yesterday6 views

CVE-2026-15531

creationtimestamp| type| source ---|---|--- 2026-07-13 06:30:26+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqj2wvxzcs2e 2026-07-13 21:25:03+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqkmwms2f32w...

5.3CVSS6.2AI score0.00121EPSS
Exploits0References2
Cvelist
Cvelist
added yesterday18 views

CVE-2026-12582 Library Management System < 3.5.8 - Unauthenticated SQL Injection via book_id

The Library Management System WordPress plugin before 3.5.8 does not sanitize and escape a user-supplied parameter before using it in a SQL statement, allowing unauthenticated attackers to perform SQL injection and extract arbitrary data from the database, including user password hashes...

0.00177EPSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-11963

Affected product: WordPress plugin “User Registration & Membership” (before 5.2.2). Vulnerability: Missing authorization check on a membership-upgrade action; the target user is derived from a caller-supplied identifier rather than the current user, enabling any authenticated user (e.g., a subscr...

8.1CVSS6.1AI score0.00132EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday18 views

CVE-2026-12271 Tutor LMS < 3.9.13 - Subscriber+ Arbitrary Quiz Attempt Modification via IDOR

The Tutor LMS WordPress plugin before 3.9.13 does not verify ownership of the targeted quiz attempt before writing to it, allowing authenticated users with subscriber-level access and above to modify and force-complete other students' quiz attempts, overwriting their recorded marks and pass/fail...

0.00132EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday13 views

Schneider Electric U.motion Builder - SQL Injection

The vulnerability exists within processing of trackimportexport.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the objectid input parameter. id: CVE-2018-7765 info: name: Schneider Electric U.motion...

8.8CVSS7.1AI score0.02917EPSS
Exploits3References2
Nuclei
Nuclei
added yesterday78 views

DomainMOD 4.13.0 - Cross-Site Scripting

DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter. id: CVE-2020-20988 info: name: DomainMOD 4.13.0 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.13.0 is vulnerable to...

5.4CVSS6.1AI score0.01331EPSS
Exploits1References2
Rows per page
Query Builder