Lucene search
K

56080 matches found

Wolfi
Wolfi
added 2 days ago11 views

CVE-2026-49838 vulnerabilities

Vulnerabilities for packages: kube-vip...

6.1AI score
Exploits0
Circl
Circl
added 2 days ago8 views

CVE-2026-59217

creationtimestamp| type| source ---|---|--- 2026-07-11 00:34:22+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdg4fw5q22i...

4.3CVSS6.1AI score0.00272EPSS
Exploits1References1
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-43096

Multiple connections to the backend using the same charging station ID are allowed, which could allow an attacker to deploy multiple instances of malicious OCPP clients to overwhelm the backend...

8.7CVSS6.1AI score0.00563EPSS
Exploits0References4
Nuclei
Nuclei
added 2 days ago81 views

Ivanti EPM - Credential Coercion Vulnerability in GetHashForWildcard

A vulnerability in Ivanti Endpoint Manager EPM allows an unauthenticated attacker to coerce the EPM machine account credential via the GetHashForWildcard endpoint. The vulnerability exists due to improper input validation in the wildcard parameter, allowing an attacker to specify a remote UNC pat...

9.8CVSS7.2AI score0.89738EPSS
Exploits1References2
NVD
NVD
added 3 days ago6 views

CVE-2026-44383

Multiple connections to the backend using the same charging station ID are allowed, which could allow an attacker to deploy multiple instances of malicious OCPP clients to overwhelm the backend...

8.7CVSS0.00563EPSS
Exploits0References3
Circl
Circl
added 3 days ago7 views

CVE-2026-55687

creationtimestamp| type| source ---|---|--- 2026-07-10 23:10:31+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdbgh23va2y 2026-07-11 20:00:27+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mqfhbirnbl2k 2026-07-11 20:00:28+00:00| seen|...

7.5CVSS6.1AI score0.00385EPSS
Exploits0References3
Circl
Circl
added 3 days ago9 views

CVE-2026-59161

creationtimestamp| type| source ---|---|--- 2026-07-10 22:58:13+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdaqhoxmm2x 2026-07-10 23:42:53+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqddaddmyn2e...

8.7CVSS6.1AI score0.00524EPSS
Exploits0References2
Circl
Circl
added 3 days ago7 views

CVE-2026-54001

creationtimestamp| type| source ---|---|--- 2026-07-10 22:22:13+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqd6q42vrb2z 2026-07-10 23:40:20+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdd3r4mkg2x...

7CVSS6.1AI score0.00108EPSS
Exploits0References2
Circl
Circl
added 3 days ago8 views

CVE-2026-8595

creationtimestamp| type| source ---|---|--- 2026-07-10 22:18:55+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqd6k6jia32c 2026-07-10 22:49:51+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdabfyz4f2y 2026-07-11 00:16:40+00:00| seen|...

6.8CVSS6.1AI score0.00221EPSS
Exploits0References3
NVD
NVD
added 3 days ago4 views

CVE-2026-58499

EverOS is a memory runtime for agents. Prior to 1.0.1, EverOS is vulnerable to path traversal in the POST /api/v1/memory/add ingestion endpoint because the per-message senderid field was not validated as a path-safe identifier, unlike appid and projectid. During user-memory extraction, senderid i...

8.2CVSS0.00356EPSS
Exploits0References3
CVE
CVE
added 3 days ago7 views

CVE-2026-58499

EverOS is affected by a path-traversal vulnerability in the POST /api/v1/memory/add ingestion endpoint prior to version 1.0.1. The per-message sender_id was not validated as a path-safe identifier, unlike app_id/project_id, and is used as owner_id to build the filesystem path for persisting extra...

8.2CVSS6.1AI score0.00356EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-58499 Path traversal in EverOS /api/v1/memory/add via unvalidated sender_id

EverOS is a memory runtime for agents. Prior to 1.0.1, EverOS is vulnerable to path traversal in the POST /api/v1/memory/add ingestion endpoint because the per-message senderid field was not validated as a path-safe identifier, unlike appid and projectid. During user-memory extraction, senderid i...

8.2CVSS0.00356EPSS
Exploits0References3
Chainguard
Chainguard
added 3 days ago6 views

GHSA-V853-W46P-FV2H vulnerabilities

Vulnerabilities for packages: apache-tomee...

6.1AI score
Exploits0
Circl
Circl
added 3 days ago5 views

CVE-2026-55464

creationtimestamp| type| source ---|---|--- 2026-07-10 20:12:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqcxhgdnd325 2026-07-11 01:12:56+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdibdxcnr22...

5.4CVSS6.1AI score0.00173EPSS
Exploits0References2
Circl
Circl
added 3 days ago5 views

GHSA-489G-7RXV-6C8Q

creationtimestamp| type| source ---|---|--- 2026-07-10 18:42:23+00:00| seen| https://gist.github.com/alon710/bb39e6fca7620239b1bd8e5a02d98b4e...

6.1AI score
Exploits0References1
CVE
CVE
added 3 days ago10 views

CVE-2026-55516

CVE-2026-55516 affects Snipe-IT prior to 8.6.2. A PATCH/PUT to /api/v1/maintenances/{maintenance_id} first validates access to the maintenance and asset, then accepts attacker-controlled asset_id, allowing an authorized user to re-parent a maintenance record to an asset outside their company scop...

7.7CVSS6.1AI score0.00218EPSS
Exploits0References3Affected Software1
CVE
CVE
added 3 days ago17 views

CVE-2026-54329

Summary: CVE-2026-54329 affects Snipe-IT before 8.6.2, where the Accessories API can mass-assign the company_id field, enabling a low-privilege user in one company (with FMCS enabled) to create accessory records under another company. Root cause: API create path mass-assigns request parameters di...

8.5CVSS6.1AI score0.00389EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-42910

In JetBrains IntelliJ IDEA before 2026.1.4, 2026.2 code execution via path traversal in project workspace ID handling was possible...

9.8CVSS6.4AI score0.00424EPSS
Exploits0References1
CVE
CVE
added 3 days ago9 views

CVE-2026-38059

The CVE-2026-38059 entry concerns iDirect iQ200 devices where the /api/identity and /api/ REST endpoints are exposed without authentication. An unauthenticated attacker with network access can retrieve sensitive device data including serial number, Device ID (DID), Terminal Private Key (TPK) iden...

8.7CVSS6.1AI score0.00592EPSS
Exploits0References3
CVE
CVE
added 3 days ago8 views

CVE-2026-22659

FlaskBB up to version 2.2.0 is vulnerable to an authorization bypass. The issue arises when an attacker manipulates a batch request with crafted topic ID lists, causing a low-ID topic from a permitted forum to be used as an anchor and bypass the permission check applied only to the first result. ...

8.1CVSS6.2AI score0.00284EPSS
Exploits0References3
Rows per page
Query Builder