Lucene search
+L

2427759 matches found

Cvelist
Cvelist
added 50 minutes ago4 views

CVE-2026-16073 AstrBotDevs AstrBot T2I Feature base.py NetworkRenderStrategy.render cross site scripting

A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.25.2. Affected by this issue is the function Star.texttoimage/NetworkRenderStrategy.render of the file astrbot/core/star/base.py of the component T2I Feature. The manipulation leads to cross site scripting. The attack is...

5.1CVSS
Exploits0References5
CVE
CVE
added 50 minutes ago3 views

CVE-2026-16073 AstrBotDevs AstrBot T2I Feature base.py NetworkRenderStrategy.render cross site scripting

A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.25.2. Affected by this issue is the function Star.texttoimage/NetworkRenderStrategy.render of the file astrbot/core/star/base.py of the component T2I Feature. The manipulation leads to cross site scripting. The attack is...

5.1CVSS3.4AI score
Exploits0References5
NVD
NVD
added 1 hour ago5 views

CVE-2026-63309

SurrealDB before 3.1.5 fail to apply field-level SELECT permissions to ORDER BY clauses, allowing authenticated users to leak the relative ordering of restricted field values. Attackers can issue ORDER BY queries on indexed restricted fields to recover the hidden values' sort order across records...

5.3CVSS
Exploits0References3
NVD
NVD
added 1 hour ago4 views

CVE-2026-63101

Open Event Server through 1.19.1 contains a missing authentication vulnerability that allows unauthenticated attackers to export the complete member roster of any group, including email addresses, names, join dates, and roles, by submitting requests to the group followers CSV export endpoint whic...

8.7CVSS
Exploits0References2
NVD
NVD
added 1 hour ago5 views

CVE-2026-63308

Helm through 4.2.3, fixed in commit ba6c9a2, contains a denial of service vulnerability in the Files.Lines template helper in pkg/engine/files.go that allows attackers to trigger an index out of range panic by including zero-length byte slices in chart files. Attackers can include empty files in...

5.3CVSS
Exploits0References4
NVD
NVD
added 1 hour ago3 views

CVE-2026-63307

Chat2DB before 5.3.0 contains an insecure direct object reference vulnerability in the GET /api/connection/datasource/id endpoint. The handler calls dataSourceService.queryExistentid, ... without an ownership check and returns the decrypted password field, allowing any authenticated non-admin use...

7.1CVSS
Exploits0References3
NVD
NVD
added 1 hour ago5 views

CVE-2026-57860

ForgeCode tailcallhq/forgecode, an AI pair-programming CLI, automatically loads and executes the MCP servers defined in a repository's .mcp.json file on startup without user confirmation. A malicious repository can supply a crafted .mcp.json whose mcpServers entries specify arbitrary command and...

8.4CVSS
Exploits0References5
The Hacker News
The Hacker News
added 1 hour ago4 views

New NadMesh Botnet Hunts Exposed AI Services for Cloud Keys and Kubernetes Tokens

A Go botnet called NadMesh turned up in early July hunting exposed AI services, and the operator's own dashboard claims 3,811 unique AWS keys. A Shodan harvester keeps the scan queue stocked with ComfyUI, Ollama, n8n, Open WebUI, Langflow, and Gradio: the image generators, local model runners, an...

5.7AI score
Exploits0
F5 Networks
F5 Networks
added 2 hours ago2 views

K000162312: Linux kernel vulnerability CVE-2022-50865

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: tcp: fix a signed-integer-overflow bug in tcpaddbacklog The type of skrcvbuf and sksndbuf in struct sock is int, and in tcpaddbacklog, the variable limit is caculated by adding skrcvbuf, sksndbuf and...

5.4AI score0.00168EPSS
Exploits0Affected Software1
NVD
NVD
added 2 hours ago3 views

CVE-2026-63099

TheHive through 4.1.24 contains a broken object-level authorization vulnerability in the attachment download endpoints that allows any authenticated user to access attachments belonging to other organizations by supplying a content-hash identifier. Attackers can exploit the missing...

7.1CVSS
Exploits0References2
NVD
NVD
added 2 hours ago4 views

CVE-2026-63100

Maybe through 0.6.0 contains a missing authorization vulnerability that allows authenticated low-privilege member-role users to access and modify global hosting settings by exploiting unprotected show and update actions in the Settings::HostingsController, where the beforeaction ensureadmin filte...

7.1CVSS
Exploits0References2
NVD
NVD
added 2 hours ago5 views

CVE-2026-63097

Dendrite through 0.13.8 contains an improper access control vulnerability in the syncapi /context endpoint syncapi/routing/context.go that allows authenticated local users to access post-leave room state events by exploiting a flawed membership check that evaluates only the RoomExists field while...

5.3CVSS
Exploits0References2
NVD
NVD
added 2 hours ago5 views

CVE-2026-63098

TheHive through 4.1.24 contains an unauthenticated information disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by sending a GET request to the /api/status endpoint, which lacks authentication enforcement in the StatusCtrl.scala handler...

6.9CVSS
Exploits0References2
NVD
NVD
added 2 hours ago5 views

CVE-2026-63095

Dendrite through 0.13.8 contains an improper authorization vulnerability in the Matrix Client-Server API that allows any authenticated local user to delete third-party identifier bindings belonging to other users by submitting an arbitrary address and medium to the account deletion endpoint witho...

7.1CVSS
Exploits0References2
NVD
NVD
added 2 hours ago5 views

CVE-2026-63096

Dendrite through 0.13.8 contains a server-side request forgery vulnerability that allows unauthenticated attackers to cause the server to open outbound TLS connections to arbitrary hosts and ports by supplying an unvalidated serverName parameter to the legacy media download endpoint. Attackers ca...

6.9CVSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2 hours ago3 views

CVE-2026-63309

SurrealDB before 3.1.5 fail to apply field-level SELECT permissions to ORDER BY clauses, allowing authenticated users to leak the relative ordering of restricted field values. Attackers can issue ORDER BY queries on indexed restricted fields to recover the hidden values' sort order across records...

5.3CVSS5.3AI score
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2 hours ago8 views

CVE-2026-63309 SurrealDB < 3.1.5 Information Disclosure via ORDER BY

SurrealDB before 3.1.5 fail to apply field-level SELECT permissions to ORDER BY clauses, allowing authenticated users to leak the relative ordering of restricted field values. Attackers can issue ORDER BY queries on indexed restricted fields to recover the hidden values' sort order across records...

5.3CVSS
Exploits0References3
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-45215

SurrealDB before 3.1.5 fail to apply field-level SELECT permissions to ORDER BY clauses, allowing authenticated users to leak the relative ordering of restricted field values. Attackers can issue ORDER BY queries on indexed restricted fields to recover the hidden values' sort order across records...

5.3CVSS5.2AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2 hours ago5 views

CVE-2026-63309 SurrealDB < 3.1.5 Information Disclosure via ORDER BY

SurrealDB before 3.1.5 fail to apply field-level SELECT permissions to ORDER BY clauses, allowing authenticated users to leak the relative ordering of restricted field values. Attackers can issue ORDER BY queries on indexed restricted fields to recover the hidden values' sort order across records...

5.3CVSS5.3AI score
Exploits0References3
CVE
CVE
added 2 hours ago6 views

CVE-2026-63309

CVE-2026-63309 affects SurrealDB prior to 3.1.5. The issue occurs because field-level SELECT permissions are not applied to ORDER BY clauses, allowing authenticated users to infer the relative ordering of restricted-field values. Attackers can issue ORDER BY queries on indexed restricted fields t...

5.3CVSS5.3AI score
Exploits0References3
Rows per page
Query Builder