Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9740 matches found

SUSE CVE
SUSE CVEadded 2026/04/10 11:25 p.m.3 views

SUSE CVE-2026-34178

In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/index.yaml in the supplied tar archive but creates the instance from backup/container/backup.yaml, a separate file in the same archive that is never checked against project restrictions. An...

9.1CVSS5.9AI score0.0007EPSS
Exploits1References3
Github Security Blog
Github Security Blogadded 2026/04/10 9:8 p.m.11 views

paperclip Vulnerable to Unauthenticated Remote Code Execution via Import Authorization Bypass

Summary An unauthenticated attacker can achieve full remote code execution on any network-accessible Paperclip instance running in authenticated mode with default configuration. No user interaction, no credentials, just the target's address. The entire chain is six API calls. I verified every ste...

10CVSS6.7AI score0.00774EPSS
Exploits2References3Affected Software2
Github Security Blog
Github Security Blogadded 2026/04/10 9:0 p.m.6 views

gramps-webapi: Zip Slip Path Traversal in Media Archive Import

Summary A path traversal vulnerability Zip Slip exists in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with directory-traversal filenames to write arbitrary files outside the intended temporary extraction directory on the...

9.1CVSS5.9AI score0.00074EPSS
Exploits0References5Affected Software1
OSV
OSVadded 2026/04/10 9:0 p.m.0 views

GHSA-M5GR-86J6-99JP gramps-webapi: Zip Slip Path Traversal in Media Archive Import

Summary A path traversal vulnerability Zip Slip exists in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with directory-traversal filenames to write arbitrary files outside the intended temporary extraction directory on the...

9.1CVSS5.9AI score0.00074EPSS
Exploits0References5
Github Security Blog
Github Security Blogadded 2026/04/10 7:32 p.m.5 views

PraisonAI Vulnerable to RCE via Automatic tools.py Import

PraisonAI automatically imports ./tools.py from the current working directory when launching certain components. This includes call.py, toolresolver.py, and CLI tool-loading paths. A malicious tools.py placed in the process working directory is executed immediately, allowing arbitrary Python code...

8.4CVSS6.4AI score0.00012EPSS
Exploits1References4Affected Software2
OSV
OSVadded 2026/04/10 7:32 p.m.2 views

GHSA-G985-WJH9-QXXC PraisonAI Vulnerable to RCE via Automatic tools.py Import

PraisonAI automatically imports ./tools.py from the current working directory when launching certain components. This includes call.py, toolresolver.py, and CLI tool-loading paths. A malicious tools.py placed in the process working directory is executed immediately, allowing arbitrary Python code...

8.4CVSS6.4AI score0.00012EPSS
Exploits1References4
OSV
OSVadded 2026/04/10 7:20 p.m.3 views

GHSA-Q96J-3FMM-7FV4 LXD: Importing a crafted backup leads to project restriction bypass

Summary LXD instance backup import validates project restrictions against backup/index.yaml embedded in the tar archive, but creates the actual instance from backup/container/backup.yaml extracted to the storage volume. Because these are separate, independently attacker-controlled files within th...

9.1CVSS5.8AI score0.0007EPSS
Exploits1References4
EUVD
EUVDadded 2026/04/10 7:20 p.m.2 views

EUVD-2026-20874

LXD: Importing a crafted backup leads to project restriction bypass...

9.1CVSS5.8AI score0.0007EPSS
Exploits1References3
NVD
NVDadded 2026/04/10 7:16 p.m.2 views

CVE-2026-27460

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.5, a critical Denial of Service DoS vulnerability was in the recipe import functionality. This vulnerability allows an authenticated user to crash the server or make a significantly...

6.5CVSS0.00054EPSS
Exploits1References1
Cvelist
Cvelistadded 2026/04/10 7:9 p.m.16 views

CVE-2026-27460 Tandoor Recipes Affected by Denial of Service via Recipe Import

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.5, a critical Denial of Service DoS vulnerability was in the recipe import functionality. This vulnerability allows an authenticated user to crash the server or make a significantly...

6.5CVSS0.00054EPSS
Exploits1References1
EUVD
EUVDadded 2026/04/10 7:9 p.m.1 views

EUVD-2026-21549

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.5, a critical Denial of Service DoS vulnerability was in the recipe import functionality. This vulnerability allows an authenticated user to crash the server or make a significantly...

6.5CVSS5.8AI score0.00054EPSS
Exploits1References1
CVE
CVEadded 2026/04/10 7:9 p.m.3 views

CVE-2026-27460

The vulnerability (CVE-2026-27460) affects Tandoor Recipes prior to version 2.6.5, in the recipe import functionality. An authenticated user can trigger a Denial of Service by uploading a large ZIP file (ZIP bomb), causing server crash or significant performance degradation. Impact is availabilit...

6.5CVSS5.8AI score0.00054EPSS
Exploits1References1Affected Software1
OSV
OSVadded 2026/04/10 6:22 p.m.3 views

MAL-2026-2539 Malicious code in customer-local-ops (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ef5d282201c89a99b3d50d086b0c6916792744bff406f01b7920533e43562212 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6AI score
Exploits0References1
NVD
NVDadded 2026/04/10 6:16 p.m.2 views

CVE-2026-32892

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an OS Command Injection vulnerability in the file move function. The move function in fileManage.lib.php passes user-controlled path values directly into exec shell commands without using...

9.1CVSS0.00095EPSS
Exploits0References3
EUVD
EUVDadded 2026/04/10 5:56 p.m.1 views

EUVD-2026-21524

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an OS Command Injection vulnerability in the file move function. The move function in fileManage.lib.php passes user-controlled path values directly into exec shell commands without using...

9.1CVSS6.1AI score0.00095EPSS
Exploits0References3
CVE
CVEadded 2026/04/10 5:56 p.m.7 views

CVE-2026-32892

CVE-2026-32892 affects Chamilo LMS before 1.11.38 and 2.0.0-RC.3. The vulnerability is an OS command injection in the move() function of fileManage.lib.php, where user-controlled path values are concatenated into shell commands (e.g., exec("mv $source $target")) without escaping. The move_to POST...

9.1CVSS6.1AI score0.00095EPSS
Exploits0References3Affected Software1
NVD
NVDadded 2026/04/10 5:17 p.m.2 views

CVE-2026-35602

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the Vikunja file import endpoint uses the attacker-controlled Size field from the JSON metadata inside the import zip instead of the actual decompressed file content length for the file size enforcement check. By...

7.1CVSS0.00047EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2026/04/10 4:10 p.m.0 views

CVE-2026-35602 Vikunja has a File Size Limit Bypass via Vikunja Import

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the Vikunja file import endpoint uses the attacker-controlled Size field from the JSON metadata inside the import zip instead of the actual decompressed file content length for the file size enforcement check. By...

5.4CVSS5.7AI score0.00047EPSS
Exploits1References3
CVE
CVEadded 2026/04/10 4:10 p.m.8 views

CVE-2026-35602

Summary: CVE-2026-35602 affects Vikunja prior to v2.3.0, where the file import endpoint uses the attacker-controlled Size from the JSON metadata instead of the decompressed file length to enforce max file size, allowing an attacker to bypass the limit by setting Size to 0. This leads to potential...

7.1CVSS5.7AI score0.00047EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2026/04/10 4:10 p.m.23 views

CVE-2026-35602 Vikunja has a File Size Limit Bypass via Vikunja Import

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the Vikunja file import endpoint uses the attacker-controlled Size field from the JSON metadata inside the import zip instead of the actual decompressed file content length for the file size enforcement check. By...

5.4CVSS0.00047EPSS
Exploits1References3
Rows per page
Query Builder