Lucene search
K

678 matches found

EUVD
EUVD
added yesterday4 views

EUVD-2026-36111

Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.1, on POSIX, escapeshellarg‘/usr/bin/wkhtmltopdf’ returns the literal string ‘/usr/bin/wkhtmltopdf’ with the single-quote characters included. isexecutable then looks for a file...

7.5CVSS5.5AI score
Exploits0References2
Cvelist
Cvelist
added yesterday16 views

CVE-2026-50638 Metrics::Any::Adapter::DogStatsd versions before 0.04 for Perl does not protect against metric injections

Metrics::Any::Adapter::DogStatsd versions before 0.04 for Perl does not protect against metric injections. The statsd protocol and extensions such as dogstatsd allow mutiple metrics,separated by newlines, to be sent per packet. Metrics::Any::Adapter::DogStatsd which extends...

Exploits0References3
Positive Technologies
Positive Technologies
added 2 days ago5 views

PT-2026-47748

Backend users with write access to the form definition database table were able to directly create, update, or delete form definition records via DataHandler, bypassing the Form Framework's persistence validation and permission checks. This allowed injecting arbitrary form configurations,...

8.7CVSS5.7AI score0.00027EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2 days ago5 views

PT-2026-48312

Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding perform insufficient validation of the bound parameter. An attacker can supply a crafted string to break out of the intended regular expression quoting. Affected versions: Spring Data MongoDB 5.0.0...

5.9CVSS5.5AI score0.00033EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 3 days ago3 views

CVE-2026-9549

Stored cross-site scripting in the service discovery active check output in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an administrator who can configure active or custom checks to inject malicious HTML or JavaScript into check output that executes in the browser of an adm...

4.8CVSS5.2AI score0.00023EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 6 days ago4 views

CVE-2026-39861

Claude Code is an agentic coding tool. Prior to version 2.1.64, Claude Code's sandbox did not prevent sandboxed processes from creating symlinks pointing to locations outside the workspace. When Claude Code subsequently wrote to a path within such a symlink, its unsandboxed process followed the...

10CVSS6.2AI score0.00168EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 6 days ago6 views

CVE-2026-44830

Nocturne Memory is a lightweight, rollbackable, and visual Long-Term Memory Server for MCP Agents. Prior to 2.4.1, when APITOKEN is unset or empty, the BearerTokenAuthMiddleware bypasses authentication for all HTTP requests. Combined with the default 0.0.0.0 host binding and CORS alloworigins="",...

8.7CVSS5.5AI score0.00021EPSS
Exploits0References1
CVE
CVE
added 2026/06/04 2:26 a.m.10 views

CVE-2026-41011

The CVE affects BOSH: all versions prior to v282.1.12 (inclusive). PackagePersister.validate_tgz constructs a tar command (tar -tf #{tgz}) using a name derived from release.MF without Shellwords.escape, and passes it to Bosh::Common::Exec.sh (via /bin/sh -c). The Models::Package validation runs a...

8.7CVSS5.8AI score0.00024EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.8 views

PT-2026-46114

This module provides spam protection using the CleanTalk cloud service. The module doesn't sufficiently sanitize API response messages before rendering them in HTML output. The cleantalk die and ct die functions output the CleanTalk API response message directly into HTML without proper...

5.9AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.9 views

PT-2026-46082

This module provides spam protection using the CleanTalk cloud service. The module doesn't sufficiently sanitize API response messages before rendering them in HTML output. The cleantalk die and ct die functions output the CleanTalk API response message directly into HTML without proper...

5.9AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/02 10:1 p.m.4 views

CVE-2026-42507 Arbitrary inputs are included in errors without any escaping in net/textproto

When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...

5.8AI score0.00038EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/02 10:1 p.m.6 views

CVE-2026-42507

When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...

5.3CVSS5.8AI score0.00038EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/02 10:1 p.m.27 views

CVE-2026-42507 Arbitrary inputs are included in errors without any escaping in net/textproto

When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading content to errors that are printed or logged...

0.00038EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.11 views

PT-2026-45875

Name of the Vulnerable Software and Affected Versions Go affected versions not specified Description Functions within the net/textproto package include input as part of the error when returning errors. This behavior allows an attacker to inject misleading content into errors that are subsequently...

5.3CVSS5.8AI score0.00038EPSS
Exploits0References30
Vulnrichment
Vulnrichment
added 2026/05/27 2:19 p.m.8 views

CVE-2026-44830 Empty API_TOKEN disables authentication on network-reachable HTTP/SSE transport

Nocturne Memory is a lightweight, rollbackable, and visual Long-Term Memory Server for MCP Agents. Prior to 2.4.1, when APITOKEN is unset or empty, the BearerTokenAuthMiddleware bypasses authentication for all HTTP requests. Combined with the default 0.0.0.0 host binding and CORS alloworigins="",...

8.7CVSS5.9AI score0.00021EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 2:19 p.m.36 views

CVE-2026-44830 Empty API_TOKEN disables authentication on network-reachable HTTP/SSE transport

Nocturne Memory is a lightweight, rollbackable, and visual Long-Term Memory Server for MCP Agents. Prior to 2.4.1, when APITOKEN is unset or empty, the BearerTokenAuthMiddleware bypasses authentication for all HTTP requests. Combined with the default 0.0.0.0 host binding and CORS alloworigins="",...

8.7CVSS0.00021EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/25 9:0 a.m.7 views

EUVD-2026-31657

A vulnerability was detected in SourceCodester Simple POS and Inventory System 1.0. This issue affects the function delete of the file /admin/deleteproduct.php of the component GET Parameter Handler. The manipulation of the argument ID results in sql injection. The attack may be launched remotely...

5.8CVSS5.7AI score0.00036EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.6 views

Unity Linux 20.1060e / 20.1070e Security Update: ant (UTSA-2026-016647)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016647 advisory. As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them...

7.5CVSS6.8AI score0.01104EPSS
Exploits0References4
Akamai Blog
Akamai Blog
added 2026/05/21 10:20 a.m.5 views

CVE-2026-9082: Mitigating a Critical SQL Injection Vulnerability in Drupal

Learn how the complex Drupal SQLi vulnerability CVE-2026-9082 exploits PostgreSQL environments and its data theft risks — and how to ensure you’re protected...

9.8CVSS5.8AI score0.10403EPSS
Exploits11
Snyk
Snyk
added 2026/05/20 3:31 p.m.6 views

Command Injection

Overview setup-php is a Setup PHP for use with GitHub Actions Affected versions of this package are vulnerable to Command Injection via the process that resolves PHP version from repository-controlled files such as .php-version, composer.lock, or composer.json and incorporates the value into the...

6.3CVSS6.2AI score
Exploits0References2
Rows per page
Query Builder