Lucene search
+L

5066 matches found

cve
cve
added 2 hours ago4 views

CVE-2026-62230

Grav

8.7CVSS6.1AI score
Exploits0References2
nuclei
nuclei
added yesterday19 views

Kramer VIAware - Privilege Escalation and Remote Code Execution

Kramer VIAware, all tested versions, allow privilege escalation and remote code execution due to misconfigured sudo permissions. Attackers can execute arbitrary system commands remotely if the web interface is accessible, due to vulnerabilities in the handling of privileged operations through...

10CVSS7.6AI score0.70753EPSS
Exploits5References5
nuclei
nuclei
added yesterday502 views

InfluxDB <1.7.6 - Authentication Bypass

InfluxDB before 1.7.6 contains an authentication bypass vulnerability via the authenticate function in services/httpd/handler.go. A JWT token may have an empty SharedSecret aka shared secret. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized...

9.8CVSS6.9AI score0.30921EPSS
Exploits3References5
nuclei
nuclei
added yesterday38 views

GeoServer - Missing Authorization on REST API Index

GeoServer contains a missing authorization vulnerability that allows unauthorized access to the REST API Index page, potentially exposing sensitive configuration information. id: CVE-2025-27505 info: name: GeoServer - Missing Authorization on REST API Index author: securitytaters severity: medium...

5.3CVSS6.1AI score0.01022EPSS
Exploits0References3
nuclei
nuclei
added yesterday100 views

Keycloak - Open Redirect

A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially...

6.1CVSS6.1AI score0.01959EPSS
Exploits0References2
nuclei
nuclei
added yesterday102 views

ResourceSpace - Metadata Export

In Montala ResourceSpace through 9.8 before r19636, csvexportresultsmetadata.php allows attackers to export collection metadata via a non-NULL k value. id: CVE-2022-31260 info: name: ResourceSpace - Metadata Export author: ritikchaddha severity: medium description: | In Montala ResourceSpace...

6.5CVSS6.7AI score0.01862EPSS
Exploits1References2
nuclei
nuclei
added yesterday7 views

Gorse < 0.5.10 - Unauthenticated Database Dump

Gorse 0.5.10 contains an authentication bypass caused by empty adminapikey in /api/dump and /api/restore endpoints, letting unauthenticated remote attackers access and modify protected data, exploit requires default empty adminapikey configuration. id: CVE-2026-56782 info: name: Gorse 0.5.10 -...

9.8CVSS6.1AI score0.03016EPSS
Exploits2References2
nuclei
nuclei
added yesterday21 views

Open WebUI < 0.9.5 - Information Disclosure

Open WebUI 0.9.5 contains an information disclosure vulnerability caused by unauthenticated access to GET /api/v1/retrieval/ endpoint, letting remote attackers retrieve live RAG pipeline configuration without authorization, exploit requires no authentication. id: CVE-2026-45397 info: name: Open...

5.3CVSS6.2AI score0.0072EPSS
Exploits1References3
nuclei
nuclei
added yesterday51 views

Boa 0.94.13 - Information Disclosure

Boa 0.94.13 allows remote attackers to obtain sensitive information via a misconfiguration involving backup.html, preview.html, js/log.js, log.html, email.html, online-users.html, and config.js. NOTE- multiple third parties report that this is a site-specific issue because those files are not par...

7.5CVSS7.1AI score0.10329EPSS
Exploits2References2
nvd
nvd
added 2 days ago5 views

CVE-2026-40952

CVE-2026-40952 is a privilege misconfiguration in the Secure Access installer for the Windows client and server prior to version 14.55. Attackers with local access to the client or server can use it to elevate privileges to Administrator when Secure Access is installed in a non-default location...

8.5CVSS0.00105EPSS
Exploits0References1
attackerkb
attackerkb
added 2 days ago3 views

CVE-2026-40952

CVE-2026-40952 is a privilege misconfiguration in the Secure Access installer for the Windows client and server prior to version 14.55. Attackers with local access to the client or server can use it to elevate privileges to Administrator when Secure Access is installed in a non-default location...

8.5CVSS6.1AI score0.00105EPSS
Exploits0References2
euvd
euvd
added 2 days ago7 views

EUVD-2026-44779

CVE-2026-40952 is a privilege misconfiguration in the Secure Access installer for the Windows client and server prior to version 14.55. Attackers with local access to the client or server can use it to elevate privileges to Administrator when Secure Access is installed in a non-default location...

8.5CVSS6.1AI score0.00105EPSS
Exploits0References1
nvd
nvd
added 2 days ago6 views

CVE-2026-61736

LightRAG provides simple and fast retrieval-augmented generation. Prior to 1.5.4, the server defaults to CORSORIGINS= combined with allowcredentials=True in lightrag/api/lightragserver.py, causing Starlette CORSMiddleware to effectively whitelist every origin for credentialed cross-origin request...

9.3CVSS0.00305EPSS
Exploits0References6
nvd
nvd
added 2 days ago5 views

CVE-2026-56400

open-webui before 0.3.14 contains a cross-origin resource sharing misconfiguration allowing arbitrary origins with alloworigins= and authenticated requests to the /api/v1/functions endpoint. Attackers can execute arbitrary code on the openwebui instance by crafting malicious cross-site requests...

9.6CVSS0.00264EPSS
Exploits1References2
cve
cve
added 2 days ago5 views

CVE-2026-56400

open-webui before 0.3.14 is described as vulnerable to a cross-origin resource sharing misconfiguration that allows arbitrary origins (allow_origins=*) and authenticated requests to the /api/v1/functions endpoint. The result is remote code execution by crafting malicious cross-site requests from ...

9.6CVSS6.3AI score0.00264EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2 days ago32 views

CVE-2026-56400 open-webui - Remote Code Execution via CORS Misconfiguration and Session Validation

open-webui before 0.3.14 contains a cross-origin resource sharing misconfiguration allowing arbitrary origins with alloworigins= and authenticated requests to the /api/v1/functions endpoint. Attackers can execute arbitrary code on the openwebui instance by crafting malicious cross-site requests...

9CVSS0.00264EPSS
Exploits1References2
nvd
nvd
added 3 days ago5 views

CVE-2026-46637

Twig is a template language for PHP. Prior to 3.26.0, several filters in twig/markdown-extra and twig/cssinliner-extra are registered with issafe = all, causing Twig to treat plain text or HTML output as safe in HTML, JavaScript, CSS, URL, and other contexts where the output is not properly...

5.4CVSS0.00175EPSS
Exploits0References4
osv
osv
added 3 days ago4 views

GHSA-Q3FV-X8VG-QQM4 Trivy: Helm chart tar bomb causes OOM via unbounded io.ReadAll in parser

Summary When Trivy scans a Helm chart archive .tgz, its custom tar unpacker reads each entry with io.ReadAlltr and no size limit. An attacker who can place a malicious .tgz file in the scanned path can craft a small compressed archive that decompresses to gigabytes, causing the Trivy process to b...

8.7CVSS6.1AI score0.0025EPSS
Exploits0References6
thn
thn
added 3 days ago18 views

Microsoft Maps Three Salesforce Attack Paths Tied to a Year of ShinyHunters Activity

Attackers whose methods line up with the data-extortion group ShinyHunters have spent the past year walking into corporate Salesforce environments without exploiting a single flaw in the platform. The way in has been the trust the organization had already extended, usually through the OAuth...

6.1AI score
Exploits0
cvelist
cvelist
added 3 days ago29 views

CVE-2026-44768 Security misconfiguration in SAP CRM (WebClient UI)

SAP CRM WebClient UI allows an attacker to inject and execute malicious scripts in the context of the application due to the absence of a Content Security Policy CSP configuration for certain restrictive directives. This vulnerability has a low impact on the integrity of the application...

4.1CVSS0.00165EPSS
Exploits0References2
Rows per page
Query Builder