12415 matches found
LolLMS < 2.2.0 - Server-Side Request Forgery
A Server-Side Request Forgery SSRF vulnerability exists in parisneo/lollms versions prior to 2.2.0. The /api/files/export-content endpoint processes Markdown image URLs by downloading them via downloadimagetotemp in backend/routers/files.py without any validation, allowing an unauthenticated...
CVE-2026-54572
creationtimestamp| type| source ---|---|--- 2026-07-14 23:00:43+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mqncql57ag2c 2026-07-14 23:20:52+00:00| seen| https://bsky.app/profile/potato.software/post/3mqndun2muq2x 2026-07-15 00:24:24+00:00| seen|...
CVE-2026-54572 rclone: Unvalidated symlink target in local `--links` — arbitrary file write from an untrusted remote
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, with -l/--links, rclone serializes symlinks as .rclonelink text objects and recreates them on a local destination without validating the target, allowing an...
CVE-2026-54572
Rogue symlink handling in rclone before 1.74.4: when using -l/--links, rclone serializes symlinks as .rclonelink and recreates them locally without validating the target, allowing an attacker-controlled remote to plant an escaping symlink and cause subsequent writes to land outside the destinatio...
CVE-2026-61520
Simple Machines Forum 2.1 prior to commit 4bf35cf and 3.0 prior to commit b4d23df contains a server-side request forgery vulnerability in the image proxy that allows authenticated attackers to trigger internal HTTP requests by embedding attacker-controlled URLs in BBCode image tags, which the pro...
CVE-2026-61520
The CVE-2026-61520 entry documents a server-side request forgery in Simple Machines Forum (SMF) image proxy. Affected versions are SMF 2.1 prior to commit 4bf35cf and SMF 3.0 prior to commit b4d23df. The vulnerability allows authenticated attackers to trigger internal HTTP requests by embedding a...
CVE-2026-6851
An Improper link resolution before file access 'link following' vulnerability in the File Shredder module as used in Bitdefender Total Security and Internet Security on Windows allows a less-privileged local user to elevate rights by leveraging a race conditions via Symbolic Links. This issue...
CVE-2026-6851 Improper link resolution before file access in Bitdefender Total Security via Link Following (VA-13681)
An Improper link resolution before file access 'link following' vulnerability in the File Shredder module as used in Bitdefender Total Security and Internet Security on Windows allows a less-privileged local user to elevate rights by leveraging a race conditions via Symbolic Links. This issue...
EUVD-2026-43632
An Improper link resolution before file access 'link following' vulnerability in the File Shredder module as used in Bitdefender Total Security and Internet Security on Windows allows a less-privileged local user to elevate rights by leveraging a race conditions via Symbolic Links. This issue...
CVE-2026-6851
An Improper link resolution before file access 'link following' vulnerability in the File Shredder module as used in Bitdefender Total Security and Internet Security on Windows allows a less-privileged local user to elevate rights by leveraging a race conditions via Symbolic Links. This issue...
CVE-2026-6851
The CVE-2026-6851 entry concerns Bitdefender products on Windows: Bitdefender Total Security and Bitdefender Internet Security, specifically the File Shredder module. The vulnerability is described as an improper link resolution before file access (link following) that enables a less-privileged l...
CVE-2026-44761
creationtimestamp| type| source ---|---|--- 2026-07-14 00:56:04+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqkypxf4yz2v 2026-07-14 01:30:26+00:00| seen| https://infosec.exchange/users/offseq/statuses/116915740682728635 2026-07-14 01:30:27+00:00| seen|...
CVE-2026-44752
CVE-2026-44752 affects SAP NetWeaver Application Server Java (often noted with the Configuration Wizard). The vulnerability is a Cross-Site Scripting (XSS) issue where an unauthenticated attacker can inject malicious JavaScript through crafted URLs. When a victim loads such a URL, the script runs...
CVE-2026-61462
creationtimestamp| type| source ---|---|--- 2026-07-13 18:48:04+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqke5w7ni22d 2026-07-13 19:02:29+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqkexp5qxn2t 2026-07-14 04:01:23+00:00| seen|...
CVE-2026-61958
creationtimestamp| type| source ---|---|--- 2026-07-13 11:37:40+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqjm4cslsu2y 2026-07-13 11:37:42+00:00| seen| https://bsky.app/profile/qiancx.bsky.social/post/3mqjm4elph22m 2026-07-14 02:25:56+00:00| seen|...
CVE-2026-57424
Missing Authorization vulnerability in knitpay Razorpay Payment Links for WooCommerce rzp-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Razorpay Payment Links for WooCommerce: from n/a through = 2.1.4...
CVE-2026-6850
creationtimestamp| type| source ---|---|--- 2026-07-13 09:38:05+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqjfgfdc4x26 2026-07-13 09:48:04+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqjfycu6co22 2026-07-13 09:48:06+00:00| seen|...
Arbitrary Command Execution
GitHub CLI is vulnerable to Arbitrary Command Execution. The vulnerability is due to insufficient validation of JupyterLab URLs returned by a Codespace, where attacker-controlled non-loopback URLs such as vscode:// are passed to VS Code, allowing malicious Codespaces to execute arbitrary commands...
CVE-2026-57424
CVE-2026-57424 affects the WordPress plugin Razorpay Payment Links for WooCommerce (rzp-woocommerce). Multiple sources describe a Missing Authorization / Broken Access Control vulnerability in versions up to and including 2.1.4, allowing exploitation of improperly configured access control. Conne...
CVE-2026-57424 WordPress Razorpay Payment Links for WooCommerce plugin <= 2.1.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in knitpay Razorpay Payment Links for WooCommerce rzp-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Razorpay Payment Links for WooCommerce: from n/a through = 2.1.4...