Lucene search
+L

3536 matches found

NVD
NVD
added yesterday4 views

CVE-2026-56349

n8n before version 2.10.0 contains an input validation vulnerability in the Guardrail node that allows attackers to bypass default guardrail instructions. End users can craft malicious inputs to circumvent guardrail protections and compromise workflow integrity...

6.3CVSS
Exploits0References2
Cvelist
Cvelist
added yesterday13 views

CVE-2026-56349 n8n - Guardrail Node Bypass via Crafted Input

n8n before version 2.10.0 contains an input validation vulnerability in the Guardrail node that allows attackers to bypass default guardrail instructions. End users can craft malicious inputs to circumvent guardrail protections and compromise workflow integrity...

6.3CVSS
Exploits0References2
Nuclei
Nuclei
added yesterday9 views

Pinger 1.0 - Remote Code Execution

Pinger 1.0 contains a remote code execution vulnerability that allows attackers to inject shell commands through the ping and socket parameters. Attackers can exploit the unsanitized input in ping.php to write arbitrary PHP files and execute system commands by appending shell metacharacters. id:...

9.8CVSS6.6AI score0.03135EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday14 views

WordPress Calls to Action <=2.4.3 - Authenticated Reflected XSS

Calls to Action plugin before 2.5.1 for WordPress contains stored XSS caused by unsanitized input in open-tab parameter in wp-admin/edit.php and wp-cta-variation-id parameter in ab-testing-call-to-action-example/, letting remote attackers inject arbitrary web script or HTML, exploit requires...

6.1CVSS6.5AI score0.02645EPSS
Exploits3References5
CVE
CVE
added 2 days ago29 views

CVE-2026-48801

Linkify-it (linkify-it) prior to version 5.0.1 has an O(N^2) scan loop in LinkifyIt.prototype.match, making inputs with many fuzzy links or emails vulnerable to resource exhaustion on a request hot path that renders untrusted Markdown with linkify: true. The issue arises from re-slicing input and...

8.7CVSS6.1AI score0.00445EPSS
Exploits0References2
NVD
NVD
added 2 days ago6 views

CVE-2026-15736

Snowflake SQLAlchemy versions prior to 1.11.0 contain several security vulnerabilities, including: Improper handling of user-supplied column identifiers in merge operations could allow SQL injection through attacker-controlled input keys. An attacker may be able to exploit this through request...

8.3CVSS0.00267EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago4 views

EUVD-2026-43570

OpenClaw versions 2026.6.6 before 2026.6.9 contain an authorization bypass vulnerability in Discord guild actions that allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to skip cross-provider requester...

8.1CVSS6.2AI score0.00233EPSS
Exploits0References3
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-43569

OpenClaw versions 2026.6.6 before 2026.6.9 contain an authorization bypass vulnerability in message mutation handling that allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to skip requester authorization and...

7.1CVSS6.2AI score0.00207EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-62194 OpenClaw 2026.5.20 < 2026.6.9 Privilege Escalation via Plugin Install

OpenClaw versions 2026.5.20 before 2026.6.9 contain a privilege escalation vulnerability in plugin install commands that allows lower-trust callers to execute or persist actions beyond their intended authorization. Attackers can exploit misconfigured input paths or enabled features to escalate...

8.8CVSS0.00251EPSS
Exploits0References2
OSV
OSV
added 6 days ago3 views

DEBIAN-CVE-2026-56366

ImageMagick before 7.1.2-18 contains a memory leak vulnerability in the META reader when processing APP1JPEG input paths. Attackers can trigger this memory leak by providing specially crafted APP1JPEG image files, causing denial of service through resource exhaustion...

6.5CVSS6.1AI score0.00169EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago7 views

CVE-2026-41876

R-SOFT DMS is vulnerable to OS Command Injection in konwertujAction function. The document converter executes shell commands using unsanitized file paths and format parameters. This allows an authenticated attacker to execute arbitrary system commands with the privileges of the web server user...

8.7CVSS6.3AI score0.01228EPSS
Exploits0References2
CVE
CVE
added 6 days ago7 views

CVE-2026-41876

CVE-2026-41876 affects R-SOFT DMS. The vulnerability is an OS Command Injection in konwertujAction(), where the document converter executes shell commands using unsanitized file paths and format parameters, allowing an authenticated attacker to run arbitrary commands with the web server user’s pr...

8.7CVSS6.3AI score0.01228EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 6 days ago9 views

CVE-2026-44512

A flaw was found in Open Neural Network Exchange ONNX, an open standard for machine learning interoperability. This vulnerability allows a remote attacker to cause an unrecoverable denial of service DoS by providing a specially crafted untrusted model. The flaw occurs when the...

6.5CVSS6.1AI score0.00191EPSS
Exploits1References7
EUVD
EUVD
added last week9 views

EUVD-2026-42657

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, Coolify's app/Jobs/ApplicationDeploymentJob.php generatehealthcheckcommands function directly interpolated the healthcheckhost, healthcheckmethod, and healthcheckpath...

8.8CVSS6.2AI score0.00417EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/07/09 3:9 a.m.3 views

SUSE CVE-2026-14380

DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile. When a string is assigned to a DBI handle's Profile attribute, DBI splits it into path, package and arguments, and interpolates the package part in a string eval with no validation of the package...

7.3CVSS6.3AI score0.00498EPSS
Exploits0References4
NVD
NVD
added 2026/07/08 8:16 p.m.6 views

CVE-2026-44512

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. From 1.9.0 before 1.22.0, onnx.versionconverter.convertversion can dereference a null pointer in Upsample67::adaptupsample67 in onnx/versionconverter/adapters/upsample67.h when processing an untrusted mod...

5.5CVSS0.00191EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/07/08 7:32 p.m.40 views

CVE-2026-44512 ONNX: Null Pointer Dereference in Upsample Version Converter Adapter (Zero Inputs)

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. From 1.9.0 before 1.22.0, onnx.versionconverter.convertversion can dereference a null pointer in Upsample67::adaptupsample67 in onnx/versionconverter/adapters/upsample67.h when processing an untrusted mod...

5.5CVSS0.00191EPSS
Exploits1References4
CVE
CVE
added 2026/07/08 7:32 p.m.11 views

CVE-2026-44512

Open Neural Network Exchange (ONNX) has a vulnerability in version_converter.convert_version() for opset upgrades prior to 1.22.0. The Upsample_6_7 adapter dereferences inputs()[0] without validating that inputs exist, causing a null-pointer dereference (SIGSEGV) when processing a model with an U...

5.5CVSS6AI score0.00191EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/07/08 7:32 p.m.6 views

CVE-2026-44512 ONNX: Null Pointer Dereference in Upsample Version Converter Adapter (Zero Inputs)

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. From 1.9.0 before 1.22.0, onnx.versionconverter.convertversion can dereference a null pointer in Upsample67::adaptupsample67 in onnx/versionconverter/adapters/upsample67.h when processing an untrusted mod...

5.5CVSS6.1AI score0.00191EPSS
Exploits1References6
OSV
OSV
added 2026/07/07 4:3 p.m.8 views

PYSEC-2026-1448 libsodium has Incomplete List of Disallowed Inputs

libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to cryptocoreed25519isvalidpoint, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group. This advisoory...

4.5CVSS6AI score0.00166EPSS
Exploits0References16
Rows per page
Query Builder