Lucene search
K

934397 matches found

Packet Storm News
Packet Storm News
added 2026/09/10 12:0 a.m.220 views

IServ Schoolserver User Enumeration

IServ Schoolserver suffers from a user enumeration vulnerability. The vendor does not feel this is an issue...

5.8AI score
Exploits0
CVE
CVE
added 15 minutes ago3 views

CVE-2026-50148 Metabase: Remote Code Execution via Snowflake JDBC Driver Arbitrary File Write

Metabase is an open-source business intelligence and embedded analytics tool. From 1.54.0 until 1.54.24, 1.55.24, 1.56.25, 1.57.19, 1.58.14, 1.59.10, and 1.60.4, a Metabase user with permission to add or edit a database connection can achieve remote code execution on the Metabase server by...

10CVSS0.00338EPSS
Exploits0References1
Cvelist
Cvelist
added 15 minutes ago2 views

CVE-2026-50148 Metabase: Remote Code Execution via Snowflake JDBC Driver Arbitrary File Write

Metabase is an open-source business intelligence and embedded analytics tool. From 1.54.0 until 1.54.24, 1.55.24, 1.56.25, 1.57.19, 1.58.14, 1.59.10, and 1.60.4, a Metabase user with permission to add or edit a database connection can achieve remote code execution on the Metabase server by...

10CVSS0.00338EPSS
Exploits0References1
NVD
NVD
added 16 minutes ago1 views

CVE-2026-62294

Flameshot is powerful yet simple to use screenshot software. Prior to 14.0.0, the Open With feature wrote screenshots to a predictable temporary path and followed symlinks, creating a time-of-check to time-of-use race that allowed a local unprivileged attacker on the same machine to pre-plant a...

5.1CVSS
Exploits0References4
NVD
NVD
added 16 minutes ago1 views

CVE-2026-61684

FastGPT is a knowledge-based AI application platform. In 4.15.0-beta4, FastGPT plugin invoke reverse-call endpoints under /api/invoke/ authenticate only by verifying a JWT signed with INVOKETOKENSECRET, which defaults to the constant string token and was not set in official deployment templates. ...

8.8CVSS
Exploits0References4
NVD
NVD
added 16 minutes ago1 views

CVE-2026-61736

LightRAG provides simple and fast retrieval-augmented generation. Prior to 1.5.4, the server defaults to CORSORIGINS= combined with allowcredentials=True in lightrag/api/lightragserver.py, causing Starlette CORSMiddleware to effectively whitelist every origin for credentialed cross-origin request...

9.3CVSS
Exploits0References6
NVD
NVD
added 16 minutes ago1 views

CVE-2026-61835

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 12.0.0, the SSRF protection on Directus's file-import-from-URL feature can be bypassed using the address 0.0.0.0 because api/src/request/is-denied-ip.ts treats 0.0.0.0 as a keyword for local interfaces but...

7.7CVSS
Exploits0References4
NVD
NVD
added 16 minutes ago1 views

CVE-2026-61836

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 12.0.0, when response caching is enabled, the cache-key derivation in api/src/utils/get-cache-key.ts includes version, path, query, and accountability.user but omits authorization context such as share, role...

8.6CVSS
Exploits0References4
NVD
NVD
added 16 minutes ago1 views

CVE-2026-61644

FastGPT is a knowledge-based AI application platform. From 4.14.17 until 4.15.0-beta5, the POST /api/core/chat/record/getCollectionQuote endpoint authenticates the caller's chat and collection context, but the initialId center-node lookup is not bound to that authorized context. A low-privileged...

7.7CVSS
Exploits0References4
NVD
NVD
added 16 minutes ago1 views

CVE-2026-61646

FastGPT is a knowledge-based AI application platform. Prior to 4.15.0-beta5, FastGPT's shared SSRF guard validates only the initial request URL before handing the request to axios, and axios follows redirects by default. An authenticated workflow user can configure an HTTP request node to call an...

6.3CVSS
Exploits0References2
NVD
NVD
added 16 minutes ago1 views

CVE-2026-55723

When NGINX Ingress Controller is configured with Custom Resource Definitions CRDs or Ingress annotations, an injection vulnerability exists in the configuration generator of NGINX Ingress Controller. Multiple user-controllable fields are written into the generated NGINX configuration without...

8.7CVSS
Exploits0References1
NVD
NVD
added 16 minutes ago1 views

CVE-2026-54560

Cloudreve is a self-hosted file management and sharing system. From 4.12.0 until 4.16.1, Cloudreve's OAuth access tokens are issued without the OAuth clientid claim, so the JWT verifier does not load token scopes into request context and RequiredScopes treats the request like non-scoped session...

7.6CVSS
Exploits0References3
NVD
NVD
added 16 minutes ago1 views

CVE-2026-54562

Cloudreve is a self-hosted file management and sharing system. Prior to 4.16.1, Cloudreve's remote download workflow accepts user-supplied URLs at POST /api/v4/workflow/download and passes them to the configured downloader without blocking loopback, localhost, IPv6 localhost, or...

6.5CVSS
Exploits0References3
NVD
NVD
added 17 minutes ago1 views

CVE-2026-33213

Redash is a package for data visualization and sharing. From 5.0.2 to 26.3.0, the getnextpath function in Redash's authentication module stripped the scheme and netloc from user-supplied next parameters but did not normalize multiple leading slashes, allowing a crafted login URL such as...

6.1CVSS
Exploits0References2
GithubExploit
GithubExploit
added 20 minutes ago2 views

SuperAlts-Discord-Services-Pentest

SuperAlts Security Assessment Executive Summary This repo...

Exploits0
CVE
CVE
added 24 minutes ago2 views

CVE-2026-44986 Penpot: Pre-authenticated account takeover via team-invitation token + prepare-register-profile

Penpot is an open-source design tool for design and code collaboration. Prior to 2.14.5, Penpot exposed teamsinvitations.clj invitation tokens from create-team-invitations, embedded an existing profile id in auth.clj prepare-register-profile, and had auth.clj register-profile issue a session base...

9.9CVSS0.00083EPSS
Exploits0References4
Cvelist
Cvelist
added 24 minutes ago2 views

CVE-2026-44986 Penpot: Pre-authenticated account takeover via team-invitation token + prepare-register-profile

Penpot is an open-source design tool for design and code collaboration. Prior to 2.14.5, Penpot exposed teamsinvitations.clj invitation tokens from create-team-invitations, embedded an existing profile id in auth.clj prepare-register-profile, and had auth.clj register-profile issue a session base...

9.9CVSS0.00083EPSS
Exploits0References4
CVE
CVE
added 27 minutes ago3 views

CVE-2026-45806 Penpot: Authenticated SSRF in remote image import via create-file-media-object-from-url

Penpot is an open-source design tool for design and code collaboration. Prior to 2.15.0, Penpot's remote image import passed the user-controlled url from frontend/src/app/main/data/workspace/media.cljs into the backend RPC method :create-file-media-object-from-url in...

7.7CVSS0.00032EPSS
Exploits1References2
Cvelist
Cvelist
added 27 minutes ago2 views

CVE-2026-45806 Penpot: Authenticated SSRF in remote image import via create-file-media-object-from-url

Penpot is an open-source design tool for design and code collaboration. Prior to 2.15.0, Penpot's remote image import passed the user-controlled url from frontend/src/app/main/data/workspace/media.cljs into the backend RPC method :create-file-media-object-from-url in...

7.7CVSS0.00032EPSS
Exploits1References2
CVE
CVE
added 30 minutes ago9 views

CVE-2026-47164 Vaultwarden: SSO Email Auto-Link Can Bind an Existing Local Account to an Attacker-Controlled IdP Identity

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's SSO login flow checked the IdP emailverified claim only for new-user creation and not when SSOSIGNUPSMATCHEMAIL=true linked an IdP identity to an existing local account, allowing an attacker-controlled Id...

7.7CVSS0.00053EPSS
Exploits0References4
Rows per page
Query Builder