Lucene search
K

10404 matches found

Nuclei
Nuclei
added 10 hours ago127 views

OX Appsuite - Cross-Site Scripting

OX App Suite through 7.10.4 allows XSS via the app loading mechanism the PATHINFO to the /appsuite URI. id: CVE-2020-24701 info: name: OX Appsuite - Cross-Site Scripting author: DhiyaneshDk severity: medium description: | OX App Suite through 7.10.4 allows XSS via the app loading mechanism the...

6.1CVSS6.4AI score0.06788EPSS
Exploits3References5
Nuclei
Nuclei
added 10 hours ago90 views

NocoBase - SQL Injection

NocoBase versions prior to 2.0.39 contain a SQL injection vulnerability in the @nocobase/database package. The queryParentSQL function in eager-loading-tree.ts constructs a recursive CTE query by directly concatenating user-controlled primary key values into the SQL WHERE IN clause without...

8.8CVSS6.2AI score0.01875EPSS
Exploits1References2
NVD
NVD
added 4 days ago4 views

CVE-2026-55229

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.34.0, Gotenberg's /forms/libreoffice/convert endpoint allows a specially crafted document to cause LibreOffice to automatically retrieve external HTTPS resources and local file resources during document conversion, enabling bli...

7.5CVSS0.00355EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago9 views

Malicious code in type-plint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37979cc60cff25e26406f3426f0dd7aeac12c13e55402c89f78228080cac0ad9 The package advertises itself as a pino-style logger but its exported middleware spawns lib/caller.js as a detached Node child process. lib/caller.js...

6.3AI score
Exploits0References2
NVD
NVD
added 4 days ago9 views

CVE-2026-61437

PraisonAI pip package praisonaiagents before 1.6.78 contains an unsafe dynamic module loading vulnerability in AgentFlow.resolvepydanticclass src/praisonai-agents/praisonaiagents/workflows/workflows.py. When a workflow step uses a string outputpydantic reference, the framework locates and imports...

8.5CVSS0.00129EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago29 views

CVE-2026-61437 PraisonAI before 1.6.78 Remote Code Execution via tools.py

PraisonAI pip package praisonaiagents before 1.6.78 contains an unsafe dynamic module loading vulnerability in AgentFlow.resolvepydanticclass src/praisonai-agents/praisonaiagents/workflows/workflows.py. When a workflow step uses a string outputpydantic reference, the framework locates and imports...

8.5CVSS0.00129EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42900

PraisonAI pip package praisonaiagents before 1.6.78 contains an unsafe dynamic module loading vulnerability in AgentFlow.resolvepydanticclass src/praisonai-agents/praisonaiagents/workflows/workflows.py. When a workflow step uses a string outputpydantic reference, the framework locates and imports...

8.5CVSS6.3AI score0.00129EPSS
Exploits0References2
CVE
CVE
added 4 days ago6 views

CVE-2026-61437

CVE-2026-61437 : PraisonAI (pip package praisonaiagents) prior to 1.6.78 contains an unsafe dynamic module loading vulnerability in AgentFlow.resolve_pydantic_class. When a workflow step uses a string output_pydantic reference, the framework imports a sibling tools.py from the workflow directory ...

8.5CVSS6.3AI score0.00129EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 4 days ago3 views

The vulnerability of the SP Page Builder component of the JoomShaper application software allows a hacker to execute arbitrary code.

The vulnerability of the SP Page Builder component of the JoomShape application software involves unlimited loading of dangerous files. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

10CVSS6.4AI score0.01569EPSS
Exploits6References9Affected Software1
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-57194

Name of the Vulnerable Software and Affected Versions praisonaiagents versions prior to 1.6.78 Description An unsafe dynamic module loading issue exists in the AgentFlow. resolve pydantic class function. When a workflow step utilizes a string output pydantic reference, the framework imports a...

8.5CVSS6.4AI score0.00129EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 5 days ago6 views

perl: Perl threads have a working directory race condition where file operations may target unintended paths

A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations...

5.9CVSS5.9AI score0.0037EPSS
Exploits0References11
CVE
CVE
added 6 days ago67 views

CVE-2026-55760

Handlebars.java (Java) CVE-2026-55760 affects the library when user-controlled input is passed to Handlebars.compile() using FileTemplateLoader or ClassPathTemplateLoader. Prior to version 4.5.2, this allows path traversal and arbitrary file reads via template names derived from URL path paramete...

7.5CVSS6AI score0.00414EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 6 days ago5 views

openCryptoki: openCryptoki: Information disclosure and Denial of Service via malformed BER-encoded cryptographic objects

A flaw was found in openCryptoki, a PKCS11 Cryptographic Token Interface Standard library. The BER/DER Basic Encoding Rules/Distinguished Encoding Rules decoding functions in the shared common library do not properly validate attacker-controlled length fields against actual buffer boundaries. Thi...

6.8CVSS6.1AI score0.0016EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/07/07 4:24 p.m.4 views

CVE-2026-58371

A flaw was found in SeaweedFS. This vulnerability allows a remote attacker to disclose sensitive information by exploiting an unvalidated JSONP JavaScript Object Notation with Padding callback parameter. The system reflects the callback parameter directly into responses without proper validation ...

3.1CVSS5.8AI score0.0021EPSS
Exploits0References8
OSV
OSV
added 2026/07/07 4:3 p.m.6 views

PYSEC-2026-1925 SKOPS Card.get_model happily allows arbitrary code execution

Summary The Card class of skops, used for model documentation and sharing, allows arbitrary code execution. When a file other than .zip is provided to the Card class during instantiation, the internally invoked Card.getmodel method silently falls back to joblib without warning. Unlike the .skops...

8.4CVSS6.6AI score0.00212EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2026/07/07 11:46 a.m.4 views

CVE-2011-10043

Module::Load versions before 0.22 for Perl allow arbitrary modules outside of @INC to be loaded. Module names starting with "::" could be passed to the load function to specify arbitrary module paths. Attackers able to influence module names passed to load could use that bug to execute arbitrary...

9.8CVSS6.1AI score0.00429EPSS
Exploits0
OSV
OSV
added 2026/07/07 11:45 a.m.5 views

PYSEC-2026-1152 Apache Airflow ODBC Provider Argument Injection vulnerability

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Apache Software Foundation Apache Airflow ODBC Provider. In OdbcHook, A privilege escalation vulnerability exists in a system due to controllable ODBC driver parameters that allow the loading of...

7.8CVSS7.2AI score0.0075EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/07/06 7:33 p.m.6 views

CVE-2026-44362

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20.0 and prior to version 4.11.0, a vulnerability in OP-TEE’s subkey rollback protection allows the use of revoked ...

5.5CVSS6AI score0.00122EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/07/06 7:33 p.m.33 views

CVE-2026-44362 OP-TEE's subkey rollback protection can be bypassed with older subkey versions

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20.0 and prior to version 4.11.0, a vulnerability in OP-TEE’s subkey rollback protection allows the use of revoked ...

5.5CVSS0.00122EPSS
Exploits0References1
OSV
OSV
added 2026/07/06 6:52 p.m.4 views

CVE-2026-55379 Pillow BdfFontFile`: `Image.new()` called without `_decompression_bomb_check()` — bomb protection bypass via font loading

Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdfchar read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new without calling Image.decompressionbombcheck, bypassing Pillow's documented decompression bomb protection...

7.5CVSS6AI score0.00364EPSS
Exploits1References5
Rows per page
Query Builder