Lucene search
+L

2015 matches found

attackerkb
attackerkb
added yesterday5 views

CVE-2026-63086

text-generation-inference through 3.3.7 contains a server-side request forgery SSRF vulnerability in the OpenAI-compatible multimodal chat completions endpoint that allows unauthenticated network attackers to coerce the server into issuing arbitrary HTTP GET requests by supplying a crafted imageu...

8.6CVSS6.2AI score
Exploits0References3
euvd
euvd
added yesterday5 views

EUVD-2026-44823

PlaywrightCapture stored capture-specific configuration and runtime data as mutable class-level variables rather than instance-level variables. Consequently, multiple Capture objects running within the same Python process could share state, including HTTP headers, cookies, browser storage, HTTP...

7.1CVSS6.1AI score0.00295EPSS
Exploits0References2
nvd
nvd
added 2 days ago6 views

CVE-2026-63175

PlaywrightCapture stored capture-specific configuration and runtime data as mutable class-level variables rather than instance-level variables. Consequently, multiple Capture objects running within the same Python process could share state, including HTTP headers, cookies, browser storage, HTTP...

7.1CVSS0.00295EPSS
Exploits0References1
cve
cve
added 2 days ago12 views

CVE-2026-63175

PlaywrightCapture has a vulnerability where capture-specific configuration and runtime data are stored as mutable class-level variables instead of instance-level vars on the Catchure object. This can allow multiple Capture objects in the same Python process to share state such as HTTP headers, co...

7.1CVSS6.1AI score0.00295EPSS
Exploits0References1
nvd
nvd
added 2 days ago7 views

CVE-2026-58658

GPUStack through 2.2.1, fixed in commit 4e20551, contains an unauthenticated information disclosure vulnerability that allows unauthenticated attackers to access sensitive inference logs and modify worker configuration by exploiting unprotected /serveLogs and /debug endpoints on the worker port...

8.8CVSS0.0039EPSS
Exploits0References3
euvd
euvd
added 2 days ago4 views

EUVD-2026-44750

GPUStack through 2.2.1, fixed in commit 4e20551, contains an unauthenticated information disclosure vulnerability that allows unauthenticated attackers to access sensitive inference logs and modify worker configuration by exploiting unprotected /serveLogs and /debug endpoints on the worker port...

8.8CVSS6.1AI score0.0039EPSS
Exploits0References4
cvelist
cvelist
added 2 days ago31 views

CVE-2026-58658 GPUStack Unauthenticated Information Disclosure via Worker Endpoints

GPUStack through 2.2.1, fixed in commit 4e20551, contains an unauthenticated information disclosure vulnerability that allows unauthenticated attackers to access sensitive inference logs and modify worker configuration by exploiting unprotected /serveLogs and /debug endpoints on the worker port...

8.8CVSS0.0039EPSS
Exploits0References3
cvelist
cvelist
added 2 days ago36 views

CVE-2026-60062 NGINX Agent Vulnerability

The NGINX Agent configdirs directive allows a low-privileged attacker to gain limited read and write access to files outside of the designated secure directory. The configdirs directive required for this issue can also be configured through NGINX Instance Manager. A successful exploit may allow a...

6.4CVSS0.00197EPSS
Exploits0References1
cve
cve
added 2 days ago8 views

CVE-2026-60062

The CVE-2026-60062 affects the NGINX Agent via the config_dirs directive. A low-privileged, remotely authenticated attacker can gain limited read and write access to files outside the designated secure directory, potentially crossing a security boundary. The config_dirs requirement can also be co...

6.4CVSS5.8AI score0.00197EPSS
Exploits0References1
euvd
euvd
added 2 days ago5 views

EUVD-2026-44682

The NGINX Agent configdirs directive allows a low-privileged attacker to gain limited read and write access to files outside of the designated secure directory. The configdirs directive required for this issue can also be configured through NGINX Instance Manager. A successful exploit may allow a...

6.4CVSS5.8AI score0.00197EPSS
Exploits0References1
f5
f5
added 2 days ago14 views

K000161837: Out-of-band Security Notification (July 15, 2026)

Security Advisory Description On July 15, 2026, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities to help determine the impact to your F5 devices. You can find the details of each issue in the associated articles. Article CVE|...

9.2CVSS6.1AI score0.0083EPSS
Exploits0
f5
f5
added 2 days ago10 views

K000161971: NGINX Agent vulnerability CVE-2026-60062

Security Advisory Description The NGINX Agent configdirs directive allows a low-privileged attacker to gain limited read and write access to files outside of the designated secure directory. The configdirs directive required for this issue can also be configured through NGINX Instance Manager. A...

6.4CVSS5.8AI score0.00197EPSS
Exploits0Affected Software2
euvd
euvd
added 2 days ago6 views

EUVD-2026-44632

phpMyFAQ before 4.1.5 contains a privilege escalation vulnerability in the user/add API endpoint that allows non-SuperAdmin administrators to create SuperAdmin accounts. A delegated administrator with USERADD/EDIT/DELETE permissions can call POST /admin/api/user/add with isSuperAdmin: true and...

8.8CVSS6.1AI score0.00246EPSS
Exploits0References2
redhatcve
redhatcve
added 2 days ago12 views

CVE-2026-14251

A flaw was found in the OpenShift GitOps operator. The ClusterRole reconciler does not validate resource ownership when reconciling ClusterRole objects. A namespace-scoped Argo CD instance can trigger deletion of a ClusterRole owned by a cluster-scoped Argo CD instance by crafting a name collisio...

7.7CVSS6AI score0.00223EPSS
Exploits0References3
cve
cve
added 4 days ago18 views

CVE-2026-62242

CVE-2026-62242 affects Spring Boot Admin Server prior to 4.1.2. The vulnerability is a server-side request forgery in the unauthenticated instance registration flow, where attacker-controlled healthUrl and managementUrl are not validated against private IP ranges or metadata endpoints. This allow...

8.6CVSS6.2AI score0.00283EPSS
Exploits0References5
ossf
ossf
added 4 days ago7 views

Malicious code in @sectest429/hello-npm-world (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 479b9303d76a49dfacb402f0a906e32686b5d276e23f429678150e73e506550d The package advertises a single function module.exports = function helloname but ships a preinstall.js lifecycle script that runs automatically on np...

6.4AI score
Exploits0References2
osv
osv
added 4 days ago4 views

MAL-2026-10478 Malicious code in @sectest429/hello-npm-world (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 479b9303d76a49dfacb402f0a906e32686b5d276e23f429678150e73e506550d The package advertises a single function module.exports = function helloname but ships a preinstall.js lifecycle script that runs automatically on np...

6.4AI score
Exploits0References2
nvd
nvd
added 4 days ago9 views

CVE-2026-49969

Laravel-Mediable before 7.0.0 contains a server-side request forgery vulnerability that allows remote attackers to issue arbitrary HTTP requests from the server by supplying unvalidated caller-controlled URLs to endpoints backed by MediaUploader::fromSource. Attackers can craft URLs targeting...

7.4CVSS0.00241EPSS
Exploits0References3
cvelist
cvelist
added 4 days ago35 views

CVE-2026-49969 Laravel-Mediable < 7.0.0 SSRF via RemoteUrlAdapter URL Handling

Laravel-Mediable before 7.0.0 contains a server-side request forgery vulnerability that allows remote attackers to issue arbitrary HTTP requests from the server by supplying unvalidated caller-controlled URLs to endpoints backed by MediaUploader::fromSource. Attackers can craft URLs targeting...

7.4CVSS0.00241EPSS
Exploits0References3
nvd
nvd
added last week6 views

CVE-2026-56765

Vikunja before 2.2.1 contains an authorization flaw where the LinkSharing.ReadAll endpoint exposes share hashes to users with read access, enabling permission escalation to admin-level shares. The GetTaskAttachment endpoint performs permission checks against user-supplied task IDs but fetches...

9.8CVSS0.00351EPSS
Exploits0References2
Rows per page
Query Builder