Lucene search
K

6765 matches found

EUVD
EUVD
added 2026/06/25 6:32 p.m.11 views

EUVD-2026-37289

LangGraph SDK has unsafe URL path construction...

4.2CVSS5.8AI score0.00216EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/25 6:32 p.m.8 views

LangGraph SDK has unsafe URL path construction

Summary langgraph-sdk constructs HTTP request paths for resource operations by interpolating caller-supplied identifier values into URL templates. Without sanitization of those values, identifiers that contain characters with special meaning in URL paths could cause the resulting request to addre...

9.1CVSS5.7AI score0.00216EPSS
Exploits0References4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/25 3:55 p.m.6 views

Security Bulletin: Multiple vulnerabilities in IBM Sterling Connect:Direct for Microsoft Windows

Summary There are vulnerabilities in IBM Semeru Runtime version 17 used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVEs CVE-2026-34282, CVE-2026-22016, CVE-2026-23865, CVE-2026-22021, CVE-2026-22013,...

8.7CVSS6.1AI score0.00702EPSS
Exploits1Affected Software1
NVD
NVD
added 2026/06/25 2:16 p.m.6 views

CVE-2026-47149

In EmberZNet v9.0.2 and earlier, malformed or out-of-range Door Lock user identifiers can trigger out-of-bounds table reads and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devic...

7.1CVSS0.00249EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 1:38 p.m.7 views

CVE-2026-47149

In EmberZNet v9.0.2 and earlier, malformed or out-of-range Door Lock user identifiers can trigger out-of-bounds table reads and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devic...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 1:38 p.m.4 views

EUVD-2026-39404

In EmberZNet v9.0.2 and earlier, malformed or out-of-range Door Lock user identifiers can trigger out-of-bounds table reads and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devic...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.8 views

PT-2026-52596

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description Charging station authentication identifiers are publicly accessible through web-based mapping platforms. Recommendations At the moment, there is no information...

6.9CVSS5.8AI score0.00248EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.7 views

Oracle Linux 9 : fence-agents (ELSA-2026-26206)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-26206 advisory. - bundled PyJWT: upgrade to v2.13.0 to fix CVE-2026-48526 Resolves: RHEL-182313 - bundled pyasn1: fix CVE-2026-30922 Resolves: RHEL-157202 - bundled...

8.2CVSS7.3AI score0.0058EPSS
Exploits2References2
NVD
NVD
added 2026/06/24 2:17 p.m.11 views

CVE-2026-57306

A cross-site request forgery CSRF vulnerability in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b450b1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.2CVSS0.0011EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.4 views

CVE-2026-57307

A missing permission check in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b450b1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.2CVSS5.8AI score0.0014EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 1:20 p.m.8 views

EUVD-2026-38776

A cross-site request forgery CSRF vulnerability in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a81c3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing AWS credentials stored in Jenkins...

5.4CVSS5.8AI score0.00128EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.5 views

CVE-2026-57295

A cross-site request forgery CSRF vulnerability in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a81c3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing AWS credentials stored in Jenkins...

5.4CVSS5.8AI score0.00128EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 1:20 p.m.6 views

EUVD-2026-38774

An incorrect permission check in Jenkins Gitee Plugin 1288.v18bdebc9069b and earlier allows attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS5.9AI score0.0017EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.5 views

CVE-2026-57292

A cross-site request forgery CSRF vulnerability in Jenkins Gitee Plugin 1288.v18bdebc9069b and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method...

5.4CVSS5.8AI score0.00101EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 1:20 p.m.14 views

CVE-2026-57292

The CVE-2026-57292 entry concerns the Jenkins Gitee Plugin (affected versions include 1288.v18b_deb_c9069b_ and earlier). The vulnerability is a cross-site request forgery (CSRF) that allows an attacker to cause the plugin to connect to an attacker-specified URL using attacker-specified credentia...

5.4CVSS5.8AI score0.00101EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:53 a.m.7 views

CVE-2026-56351

n8n before version 2.4.0 contains a sql injection vulnerability in MySQL, PostgreSQL, and Microsoft SQL nodes that allows authenticated users to inject arbitrary SQL through unescaped identifier values in node configuration parameters. Attackers with workflow creation permissions can supply...

9.6CVSS6.1AI score0.00217EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 11:53 a.m.8 views

EUVD-2026-38753

n8n before version 2.4.0 contains a sql injection vulnerability in MySQL, PostgreSQL, and Microsoft SQL nodes that allows authenticated users to inject arbitrary SQL through unescaped identifier values in node configuration parameters. Attackers with workflow creation permissions can supply...

8.2CVSS6.1AI score0.00217EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 11:53 a.m.24 views

CVE-2026-56351

CVE-2026-56351 affects n8n prior to 2.4.0. A SQL injection exists in the MySQL, PostgreSQL, and Microsoft SQL nodes, where unescaped identifier values in node configuration parameters can be exploited by an authenticated user with workflow-creation permissions to inject arbitrary SQL and compromi...

9.6CVSS6.1AI score0.00217EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/24 11:53 a.m.9 views

CVE-2026-56337

Capgo before 12.128.2 has an information disclosure in the public.exist_app_v2 RPC function that lets unauthenticated attackers enumerate app_ids via POST /rest/v1/rpc/exist_app_v2 with arbitrary appid parameters. This SECURITY DEFINER function can reveal whether specific app_ids exist in the pub...

6.9CVSS6AI score0.00261EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 11:53 a.m.11 views

EUVD-2026-38749

Capgo before 12.128.2 contains an unsecured images bucket lacking any row level security controls, allowing unauthenticated attackers to read, insert, and delete stored app icons. Remote attackers can exploit this misconfiguration to delete all icons and leak sensitive app IDs and user IDs...

6.9CVSS5.9AI score0.00208EPSS
Exploits0References2
Rows per page
Query Builder