Lucene search
+L

3128 matches found

CVE
CVE
added 2026/05/20 4:6 p.m.98 views

CVE-2026-20223

Cisco Secure Workload is affected by a vulnerability in the access validation of internal REST APIs that could allow an unauthenticated, remote attacker to access site resources with Site Admin privileges. The issue arises from insufficient validation/authentication when accessing REST API endpoi...

10CVSS5.8AI score0.00835EPSS
Exploits1References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/05/15 12:0 a.m.7 views

[20260707] - Core - XSS in the generic image output layout

Lack of escaping leads to an XSS vulnerability in the generic image output layout...

8.4CVSS5.9AI score0.00147EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/05/12 12:0 a.m.40 views

CVE-2026-31240

The mem0 1.0.0 server lacks authentication and authorization controls for its memory management API endpoints. Critical functions such as updating memory records PUT /memories/memoryid are exposed without any verification of the requester's identity or permissions. A remote attacker can exploit...

0.00372EPSS
Exploits0References2
OSV
OSV
added 2026/05/09 6:10 a.m.13 views

BELL-CVE-2026-43217

Bulletin has no description...

5.5CVSS6AI score0.00126EPSS
Exploits0References1
NVD
NVD
added 2026/05/08 4:16 a.m.18 views

CVE-2026-43941

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, Electerm's terminal hyperlink handler passes any URL clicked in the terminal directly to shell.openExternal without any protocol validation. An attacker who controls terminal...

9.6CVSS0.00394EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/04 9:42 a.m.18 views

OpenSSH: OpenSSH: Low integrity impact from unconfirmed proxy-mode multiplexing sessions

A flaw was found in OpenSSH. This vulnerability allows for a low integrity impact due to the omission of connection multiplexing confirmation for proxy-mode multiplexing sessions. A local user, under specific and complex conditions requiring user interaction, could potentially establish a...

2.5CVSS5.8AI score0.0013EPSS
Exploits0References7
OSV
OSV
added 2026/04/28 10:20 a.m.7 views

MINI-VRGX-VHPJ-3VPM

Bulletin has no description...

6.9CVSS4.9AI score0.00527EPSS
Exploits0
OSV
OSV
added 2026/04/28 9:15 a.m.4 views

MINI-PPPW-6JRW-8WXR

Bulletin has no description...

6.3CVSS4.8AI score0.00395EPSS
Exploits0
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.10 views

SenseLive X3050 访问控制错误漏洞

The SenseLive X3050 is a data collection and environmental monitoring device designed for IoT scenarios by SenseLive Corporation. The SenseLive X3050 has a access control vulnerability, which stems from the lack of authentication or authorization in the embedded management services. This...

9.8CVSS5.8AI score0.00546EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.9 views

WWBN AVideo 信息泄露漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to version 26 contain an information leakage vulnerability. This vulnerability stems from the lack of authentication mechanisms, which may lead to information leaks...

5.3CVSS5.8AI score0.00367EPSS
Exploits1References2
OSV
OSV
added 2026/04/03 4:16 p.m.3 views

DEBIAN-CVE-2026-23449

In the Linux kernel, the following vulnerability has been resolved: net/sched: teql: Fix double-free in teqlmasterxmit Whenever a TEQL devices has a lockless Qdisc as root, qdiscreset should be called using the seqlock to avoid racing with the datapath. Failure to do so may cause crashes like the...

7.8CVSS5.3AI score0.00129EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/03 3:33 a.m.7 views

Ech0: Unauthenticated SSRF in GetWebsiteTitle allows access to internal services and cloud metadata

Summary The GET /api/website/title endpoint accepts an arbitrary URL via the websiteurl query parameter and makes a server-side HTTP request to it without any validation of the target host or IP address. The endpoint requires no authentication. An attacker can use this to reach internal network...

7.2CVSS6AI score0.00289EPSS
Exploits2References3Affected Software1
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.9 views

Microsoft Azure MCP Server 访问控制错误漏洞

Microsoft Azure MCP Server is a core server component developed by Microsoft Corporation in the United States, used for managing and coordinating services and resources on the Azure cloud platform. There is an access control vulnerability in Microsoft Azure MCP Server; this vulnerability stems fr...

9.1CVSS5.8AI score0.00827EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/01 5:3 p.m.6 views

CVE-2026-33580

OpenClaw before 2026.3.28 contains a missing rate limiting vulnerability in the Nextcloud Talk webhook authentication that allows attackers to brute-force weak shared secrets. Attackers who can reach the webhook endpoint can exploit this to forge inbound webhook events by repeatedly attempting...

6.5CVSS5.9AI score0.00365EPSS
Exploits0References1
CNVD
CNVD
added 2026/03/31 12:0 a.m.7 views

HCL Aftermarket DPC SQL Injection Vulnerability

HCL Aftermarket DPC is a digital spare parts and aftermarket management platform for HCL India. HCL Aftermarket DPC suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements, which can be exploited by an attacker to execut...

8.3CVSS6AI score0.00271EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/03/26 10:5 p.m.22 views

Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation)

Summary pki.verifyCertificateChain does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate lacks both the basicConstraints and keyUsage extensions. This allows any leaf certificate without these extensions to act as a CA and sign other certificates, which node-for...

9.1CVSS6.9AI score0.00348EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.10 views

CVE-2026-30946

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior 9.5.2-alpha.2 and 8.6.15, an unauthenticated attacker can exhaust Parse Server resources CPU, memory, database connections through crafted queries that exploit the lack of complexity limi...

8.7CVSS5.7AI score0.00562EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/03/25 9:57 p.m.270 views

cross-site-scripting-lab

XSS Lab Documentation Overview What Is Cross-Site Scr...

6.2AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/03/23 3:23 p.m.11 views

CVE-2026-33488

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the createKeys function in the LoginControl plugin's PGP 2FA system generates 512-bit RSA keys, which have been publicly factorable since 1999. An attacker who obtains a target user's public key can factor the...

7.4CVSS5.7AI score0.00251EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/20 11:17 p.m.3 views

CVE-2026-32666

WebCTRL systems that communicate over BACnet inherit the protocol's lack of network layer authentication. WebCTRL does not implement additional validation of BACnet traffic so an attacker with network access could spoof BACnet packets directed at either the WebCTRL server or associated...

7.5CVSS5.8AI score0.00328EPSS
Exploits0References4
Rows per page
Query Builder