Lucene search
+L

321 matches found

CVE
CVE
added yesterday14 views

CVE-2026-52869

The MCP Python SDK (mcp on PyPI) has a vulnerability affecting versions prior to 1.27.2 in its SSE and stateful Streamable HTTP transports. These transports (mcp.server.sse.SseServerTransport and mcp.server.streamable_http_manager.StreamableHTTPSessionManager) route requests to an existing sessio...

7.1CVSS6.1AI score0.00054EPSS
Exploits0References6
CVE
CVE
added 4 days ago15 views

CVE-2026-15509

Leantime up to 3.8.0 is affected by a vulnerability in the JSON-RPC Endpoint functions editUser/addUser where manipulating the role argument leads to improper authorization. The issue is exploitable remotely and has been publicly disclosed; vendor response was not provided. Affected impact includ...

6.5CVSS6.2AI score0.00333EPSS
Exploits0References5
Cvelist
Cvelist
added 4 days ago38 views

CVE-2026-15509 Leantime JSON-RPC Endpoint addUser improper authorization

A vulnerability has been found in Leantime up to 3.8.0. This impacts the function editUser/addUser of the component JSON-RPC Endpoint. The manipulation of the argument role leads to improper authorization. The attack is possible to be carried out remotely. The exploit has been disclosed to the...

6.5CVSS0.00333EPSS
Exploits0References5
NVD
NVD
added 2026/07/06 9:16 p.m.11 views

CVE-2026-59712

Leantime's Users::getUser method in the JSON-RPC API lacks proper authorization checks, allowing authenticated users to retrieve full user credential rows including password hashes, TOTP secrets, and session tokens. Attackers can exploit this by calling users.getUser with arbitrary user IDs to...

8.6CVSS0.0025EPSS
Exploits0References4
CVE
CVE
added 2026/07/06 8:43 p.m.19 views

CVE-2026-59712

According to the connected NVD records, CVE-2026-59712 affects Leantime’s JSON-RPC API via the Users::getUser method. The vulnerability arises from missing authorization checks, enabling authenticated users to call users.getUser with arbitrary user IDs and enumerate accounts. The outcome is expos...

8.6CVSS6AI score0.0025EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.7 views

Quest NetVault Backup Server < 14.0.2 Multiple Vulnerabilities

The version of Quest NetVault Backup Server running on the remote host is prior to 14.0.2. It is, therefore, affected by multiple vulnerabilities, including: - A cross-site scripting vulnerability in the viewclient webpage that allows remote attackers to bypass authentication. User interaction is...

8.8CVSS7.1AI score0.01373EPSS
Exploits0References11
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 6:43 p.m.8 views

Malicious code in tailwindcss-effector (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4780f88b1924c1d5104a4ea18803a0180e9339e5c9a9bf787f9ed4901e1729e3 src/index.js appends a heavily obfuscated async IIFE after a legitimate-looking TailwindCSS plugin. On import, the IIFE issues HTTPS requests to remo...

6AI score
Exploits0References2
OSV
OSV
added 2026/06/25 6:43 p.m.12 views

MAL-2026-6472 Malicious code in tailwindcss-effector (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4780f88b1924c1d5104a4ea18803a0180e9339e5c9a9bf787f9ed4901e1729e3 src/index.js appends a heavily obfuscated async IIFE after a legitimate-looking TailwindCSS plugin. On import, the IIFE issues HTTPS requests to remo...

6AI score
Exploits0References2
EUVD
EUVD
added 2026/06/25 12:33 a.m.8 views

EUVD-2026-39148

Quest NetVault Backup NVBULogDaemon Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS6.4AI score0.01373EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 12:17 a.m.8 views

CVE-2026-9782

Quest NetVault Backup NVBUDeviceDrive SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS0.00689EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 12:17 a.m.10 views

CVE-2026-9787

Quest NetVault Backup NVBULogDaemon Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS0.01373EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 12:17 a.m.13 views

CVE-2026-9784

Quest NetVault Backup NVBULibraryPort SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS0.00689EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 12:17 a.m.10 views

CVE-2026-7570

Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS0.00689EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:14 p.m.6 views

CVE-2026-9784

Quest NetVault Backup NVBULibraryPort SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS7.8AI score0.00689EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/24 11:14 p.m.42 views

CVE-2026-9784 Quest NetVault Backup NVBULibraryPort SQL Injection Remote Code Execution Vulnerability

Quest NetVault Backup NVBULibraryPort SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS0.00689EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 11:14 p.m.37 views

CVE-2026-9783 Quest NetVault Backup NVBURemovableMedia SQL Injection Remote Code Execution Vulnerability

Quest NetVault Backup NVBURemovableMedia SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS0.00689EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:14 p.m.6 views

CVE-2026-9782

Quest NetVault Backup NVBUDeviceDrive SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS7.8AI score0.00689EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/24 11:14 p.m.44 views

CVE-2026-9782 Quest NetVault Backup NVBUDeviceDrive SQL Injection Remote Code Execution Vulnerability

Quest NetVault Backup NVBUDeviceDrive SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS0.00689EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:14 p.m.5 views

CVE-2026-9781

Quest NetVault Backup NVBURASDevice SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS7.8AI score0.00689EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-52144

Name of the Vulnerable Software and Affected Versions Quest NetVault Backup affected versions not specified Description A flaw in the processing of NVBUDashboard JSON-RPC messages allows remote attackers to execute arbitrary code in the context of NETWORK SERVICE. The issue stems from improper...

8.8CVSS6.3AI score0.00689EPSS
Exploits0References7
Rows per page
Query Builder