Lucene search
+L

56476 matches found

Cvelist
Cvelist
added 4 days ago36 views

CVE-2026-61644 FastGPT: /api/core/chat/record/getCollectionQuote can disclose cross-tenant dataset text due to an unbound initialId lookup

FastGPT is a knowledge-based AI application platform. From 4.14.17 until 4.15.0-beta5, the POST /api/core/chat/record/getCollectionQuote endpoint authenticates the caller's chat and collection context, but the initialId center-node lookup is not bound to that authorized context. A low-privileged...

7.7CVSS0.00243EPSS
Exploits0References4
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-44677

FastGPT is a knowledge-based AI application platform. From 4.14.17 until 4.15.0-beta5, the POST /api/core/chat/record/getCollectionQuote endpoint authenticates the caller's chat and collection context, but the initialId center-node lookup is not bound to that authorized context. A low-privileged...

7.7CVSS6.1AI score0.00243EPSS
Exploits0References4
CVE
CVE
added 4 days ago9 views

CVE-2026-61644

FastGPT contains a cross-tenant data disclosure in POST /api/core/chat/record/getCollectionQuote. From 4.14.17 through 4.15.0-beta5, the initialId center-node lookup is not bound to the caller’s authenticated chat/collection context, allowing a low-privileged tenant to supply attacker-owned appId...

7.7CVSS6.1AI score0.00243EPSS
Exploits0References4
Chainguard
Chainguard
added 4 days ago5 views

CVE-2026-50170 vulnerabilities

Vulnerabilities for packages: kubeflow-katib...

8.2CVSS6.1AI score0.00267EPSS
Exploits0
NVD
NVD
added 4 days ago7 views

CVE-2026-61452

The Grav API plugin getgrav/grav-plugin-api before 2.0.4 contains an improper session invalidation vulnerability where JWT access tokens are issued without a jti JWT ID claim and therefore cannot be revoked server-side. Unlike refresh tokens, access tokens remain valid for their full lifetime...

6.9CVSS0.00194EPSS
Exploits0References2
NVD
NVD
added 4 days ago6 views

CVE-2026-59236

Authorization Bypass Through User-Controlled Key CWE-639 in the Excel import handlers CustomerImport, LeadImport, ProductImport in Roskus Prospero Flow CRM before 5.14.0 allows a remote, authenticated user of any role or company to create customer, lead, and product records inside another company...

6.9CVSS0.0047EPSS
Exploits0References3
OSV
OSV
added 4 days ago5 views

UBUNTU-CVE-2026-56135

In NTFS-3G through 2026.2.25, a heap-based buffer overflow exists in the function buildinheritedid in libntfs-3g/security.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered by creating a file in a crafted...

6.2AI score
Exploits0References3
OSV
OSV
added 4 days ago4 views

UBUNTU-CVE-2026-42618

In NTFS-3G through 2026.2.25, a heap buffer overflow exists in ntfsdecompress in compress.c that allows an attacker to corrupt one byte of heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered by reading the special crafted file...

6.2AI score
Exploits0References3
OSV
OSV
added 4 days ago4 views

CVE-2026-61452 Grav before 2.0.4 Improper Session Invalidation JWT Access Tokens

The Grav API plugin getgrav/grav-plugin-api before 2.0.4 contains an improper session invalidation vulnerability where JWT access tokens are issued without a jti JWT ID claim and therefore cannot be revoked server-side. Unlike refresh tokens, access tokens remain valid for their full lifetime...

6.9CVSS6.1AI score0.00194EPSS
Exploits0References4
Cvelist
Cvelist
added 4 days ago35 views

CVE-2026-59236 Authorization bypass in Prospero Flow CRM Excel import allows cross-tenant record injection

Authorization Bypass Through User-Controlled Key CWE-639 in the Excel import handlers CustomerImport, LeadImport, ProductImport in Roskus Prospero Flow CRM before 5.14.0 allows a remote, authenticated user of any role or company to create customer, lead, and product records inside another company...

6.9CVSS0.0047EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago4 views

EUVD-2026-44622

Authorization Bypass Through User-Controlled Key CWE-639 in the Excel import handlers CustomerImport, LeadImport, ProductImport in Roskus Prospero Flow CRM before 5.14.0 allows a remote, authenticated user of any role or company to create customer, lead, and product records inside another company...

6.9CVSS6.1AI score0.0047EPSS
Exploits0References3
OSV
OSV
added 4 days ago3 views

MINI-7JMW-FMMJ-X688

Bulletin has no description...

7.5CVSS6.1AI score0.00435EPSS
Exploits1
Circl
Circl
added 4 days ago9 views

CVE-2026-59837

creationtimestamp| type| source ---|---|--- 2026-07-15 10:13:15+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116923458848771348 2026-07-15 14:20:29+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mqow55nlat2n...

6.6CVSS6.1AI score0.00578EPSS
Exploits0References2
Circl
Circl
added 4 days ago11 views

CVE-2026-59839

creationtimestamp| type| source ---|---|--- 2026-07-15 07:22:41+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116922788149851186 2026-07-15 14:20:29+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mqow55nlat2n...

5.5CVSS6.1AI score0.00208EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago6 views

EUVD-2025-210471

A use of uninitialized value vulnerability exists in the Matter SDK connectedhomeip before 1.4.0, where the GetDestinationGroupId.Value method is called without first checking whether a value exists. This leads to a crash when an InvokeCommand is sent without initializing the destination group ID...

7.5CVSS6AI score0.00331EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 4 days ago7 views

Linux Distros Unpatched Vulnerability : CVE-2026-59886

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the univ.Real type converted its mantissa, base, and exponent value to a Python float using exact...

7.5CVSS6.1AI score0.00339EPSS
Exploits0References3
Circl
Circl
added 5 days ago8 views

CVE-2026-5269

creationtimestamp| type| source ---|---|--- 2026-07-14 23:52:54+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqnfnw7qtt2i 2026-07-15 15:46:04+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqp2wcttif2y...

9.8CVSS6.1AI score0.00274EPSS
Exploits0References2
NVD
NVD
added 5 days ago8 views

CVE-2025-56364

A use of uninitialized value vulnerability exists in the Matter SDK connectedhomeip before 1.4.0, where the GetDestinationGroupId.Value method is called without first checking whether a value exists. This leads to a crash when an InvokeCommand is sent without initializing the destination group ID...

7.5CVSS0.00331EPSS
Exploits0References3
Circl
Circl
added 5 days ago4 views

CVE-2026-57973

creationtimestamp| type| source ---|---|--- 2026-07-14 22:04:52+00:00| seen| https://www.thezdi.com/blog/2026/7/14/the-july-2026-security-update-review 2026-07-15 01:04:18+00:00| seen| https://www.thezdi.com/blog/2026/7/14/the-july-2026-security-update-review 2026-07-16 12:52:15+00:00| seen|...

6.3CVSS6.1AI score0.00159EPSS
Exploits0References2
OSV
OSV
added 5 days ago4 views

JLSEC-2026-714

Two potential heap out-of-bounds write locations existed in DecodeObjectId in wolfcrypt/src/asn.c. First, a bounds check only validates one available slot before writing two OID arc values out0 and out1, enabling a 2-byte out-of-bounds write when outSz equals 1. Second, multiple callers pass...

9.8CVSS6.1AI score0.00283EPSS
Exploits0References1
Rows per page
Query Builder