Lucene search
+L

3615 matches found

cve
cve
added 6 days ago7 views

CVE-2026-57475

Deloitte AI Assist for Customer had an unauthenticated POST vulnerability on public API endpoints that allowed a remote attacker to perform limited additions to the configuration. These changes were not used by the system. On 2026-03-25, access was restricted and authentication enforced for the e...

6.9CVSS6.2AI score0.0034EPSS
Exploits0References4
euvd
euvd
added 2026/07/02 5:5 p.m.10 views

EUVD-2024-55647

Landray OA contains an unauthenticated HQL injection vulnerability that allows unauthenticated attackers to query arbitrary Hibernate entity classes by injecting malicious HQL syntax into the uid POST parameter of the wechatLoginHelper.do endpoint. Attackers can exploit the lack of input...

8.7CVSS6.2AI score0.00564EPSS
Exploits0References4
euvd
euvd
added 2026/06/11 10:13 a.m.10 views

EUVD-2026-36221

A Missing Authorization vulnerability in the playbook import functionality in Dialogflow CX on Google Cloud Platform allows an authenticated user with specific roles to escalate privileges and potentially take over a GCP project using a maliciously crafted playbook import. This vulnerability was...

9.4CVSS5.5AI score0.00207EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/11 10:13 a.m.30 views

CVE-2026-4764 Privilege Escalation in Dialogflow CX via Playbook Import

A Missing Authorization vulnerability in the playbook import functionality in Dialogflow CX on Google Cloud Platform allows an authenticated user with specific roles to escalate privileges and potentially take over a GCP project using a maliciously crafted playbook import. This vulnerability was...

9.4CVSS0.00207EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:45 p.m.10 views

CVE-2026-37709

Insecure Permissions vulnerability in grokability snipe-it v.8.4.0 and before and fixed after 2026-03-10 commit 676a9958 allows a remote attacker to execute arbitrary code via the app/Http/Controllers/Api/UploadedFilesController.php component...

9.8CVSS6AI score0.00475EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:17 p.m.9 views

CVE-2026-33583

Exposure of the QKEY used as input into the ‘OTA-Quantum’ device registration process and internal system keys via an unauthenticated and unencrypted HTTP GET method in the Arqit Symmetric Key Agreement Platform. This issue affects Symmetric Key Agreement Platform: before 26.03...

8.7CVSS5.5AI score0.00208EPSS
Exploits0References1
wordfence
wordfence
added 2026/05/29 4:23 p.m.31 views

Wordfence Bug Bounty Program Monthly Report – March 2026

In March 2026, the Wordfence Bug Bounty Program received 1718 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by the Wordfence Threat...

6.2AI score
Exploits0
nvidia
nvidia
added 2026/05/26 12:0 a.m.24 views

Security Bulletin: NVIDIA Merlin - May 2026

NVIDIA has released a software update for NVIDIA® Merlin. To protect your system, clone or update this software to include any commit after March 11, 2026 from the NVIDIA-Merlin/Transformers4Rec GitHub repo. Go to NVIDIA Product Security. Details The following table summarizes the potential...

7.8CVSS5.9AI score0.00416EPSS
Exploits0Affected Software1
euvd
euvd
added 2026/05/13 9:32 p.m.26 views

EUVD-2026-30113

Exposure of the QKEY used as input into the ‘OTA-Quantum’ device registration process and internal system keys via an unauthenticated and unencrypted HTTP GET method in the Arqit Symmetric Key Agreement Platform. This issue affects Symmetric Key Agreement Platform: before 26.03...

8.7CVSS5.8AI score0.00208EPSS
Exploits0References2
cve
cve
added 2026/04/29 4:46 a.m.35 views

CVE-2026-21023

The vulnerability CVE-2026-21023 affects PackageManagerService prior to SMR Mar-2026 Release 1, enabling local attackers to modify installation restrictions on specific apps. Root cause: insufficient verification of data authenticity in PackageManagerService. Impact per the sources: trivial local...

6.9CVSS5.2AI score0.00104EPSS
Exploits0References1Affected Software1
thn
thn
added 2026/04/27 2:19 p.m.8 views

Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack

Checkmarx has disclosed that its ongoing investigation tied to the supply chain security incident has revealed that a cybercriminal group published data related to the company on the dark web. "Based on current evidence, we believe this data originated from Checkmarx's GitHub repository, and that...

5.9AI score
Exploits0
vulnrichment
vulnrichment
added 2026/04/21 7:15 p.m.4 views

CVE-2026-40873 mailcow: dockerized vulnerable to stored XSS in Quarantine attachment filenames

mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the Quarantine details modal injects attachment filenames into HTML without escaping, allowing arbitrary HTML/JS execution. An attacker can deliver an email with a crafted attachment name s...

8.9CVSS5.9AI score0.00325EPSS
Exploits0References1
nessus
nessus
added 2026/04/17 12:0 a.m.5 views

Security Updates for Microsoft Windows Admin Center in Azure Portal (March 2026)

The Microsoft Windows Admin Center in Azure Portal installed on the remote host is missing a security update. It is, therefore, affected by a vulnerability: - Elevation of Privilege vulnerability in Windows Admin Center in Azure Portal CVE-2026-23660 Note that Nessus has not tested for this issue...

7.8CVSS5.8AI score0.00308EPSS
Exploits0References2
mskb
mskb
added 2026/04/14 2:0 p.m.8 views

April 14, 2026—KB5082123 (OS Build 17763.8644)

None None...

8.8CVSS6.8AI score0.03447EPSS
Exploits6
githubexploit
githubexploit
added 2026/04/09 6:11 a.m.206 views

Exploit for CVE-2026-40271

Lazarus Group: 19-Day A/B Test Campaign Analysis TLP:CLEA...

6AI score
Exploits1
github
github
added 2026/04/08 12:18 a.m.12 views

Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder

CVSSv3.1 Rating: Medium CVSSv3.1 Score: 5.9 CVSSv3.1 Vector String: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Summary and Impact An issue exists in the the EventStream header decoder in AWS SDK for Go v2 in versions predating 2026-03-23. An actor can send a malformed EventStream response frame...

5.9AI score
Exploits0References3Affected Software12
ptsecurity
ptsecurity
added 2026/04/08 12:0 a.m.9 views

PT-2026-31394

Name of the Vulnerable Software and Affected Versions SonicWall SMA1000 series appliances Description An SQL injection flaw exists in SonicWall SMA1000 series appliances. A remote authenticated attacker with read-only administrator privileges can escalate privileges to primary administrator. The...

9CVSS7.2AI score0.00613EPSS
Exploits0References13
osv
osv
added 2026/04/07 6:14 p.m.6 views

GHSA-WPC6-37G7-8Q4W OpenClaw: Shell init-file options could satisfy exec allowlist script matching

Summary Before OpenClaw 2026.3.31, exec allowlist matching could treat shell init-file wrapper invocations as if the approved script itself were being executed. Shell options such as --rcfile, --init-file, and --startup-file could therefore inherit allowlist trust from a matched script path even...

7.3CVSS6.1AI score0.00118EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/04/07 12:0 a.m.13 views

PT-2026-30819

Name of the Vulnerable Software and Affected Versions Weaver Fanwei E-cology versions prior to 20260312 Description An unauthenticated remote code execution flaw exists due to exposed debug functionality. Attackers can execute arbitrary system commands by sending crafted POST requests to the...

9.8CVSS7AI score0.2148EPSS
Exploits1References69
euvd
euvd
added 2026/04/06 4:8 p.m.4 views

EUVD-2026-19354

Bruno is an open source IDE for exploring and testing APIs. Prior to 3.2.1, Bruno was affected by a supply chain attack involving compromised versions of the axios npm package, which introduced a hidden dependency deploying a cross-platform Remote Access Trojan RAT. Users of @usebruno/cli who ran...

9.8CVSS5.8AI score0.00234EPSS
Exploits0References5
Rows per page
Query Builder