Lucene search
K

12444 matches found

RedHat Linux
RedHat Linux
added 14 hours ago4 views

firefox: thunderbird: Mitigation bypass in the DOM: Security component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...

9.1CVSS6AI score0.00251EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 14 hours ago5 views

firefox: thunderbird: Sandbox escape in the DOM: Workers component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape in the DOM: Workers component...

9.6CVSS6AI score0.00363EPSS
Exploits0References6
Nuclei
Nuclei
added 15 hours ago30 views

MCP Inspector < 0.14.0 UnauthenticatedRemote Code Execution

The MCP inspector is a developer tool for testing and debugging MCP servers. Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP commands over stdio. id...

9.4CVSS7.5AI score0.38532EPSS
Exploits0References5
EUVD
EUVD
added 22 hours ago4 views

EUVD-2026-43564

OpenClaw versions before 2026.6.8 contain an authorization bypass vulnerability in OpenAI-compatible HTTP model overrides that allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to bypass admin authorization...

7.6CVSS6.2AI score
Exploits0References3
Cvelist
Cvelist
added 22 hours ago9 views

CVE-2026-44753 Information Disclosure vulnerability in SAP HANA Extended Application Services classic model (User Self Service)

SAP HANA Database user self service tools allows an unauthenticated user to send specially crafted requests that produce distinguishable responses, enabling enumeration of valid user accounts and email addresses. Successful exploitation could allow the attacker to enumerate valid user accounts,...

3.7CVSS
Exploits0References2
CVE
CVE
added yesterday10 views

CVE-2026-62186

OpenClaw is affected in versions before 2026.6.8 by an authorization bypass vulnerability in OpenAI-compatible HTTP model overrides. The issue allows lower-trust callers to bypass admin authorization policies and execute restricted operations via misconfigured input paths. Exploitation details ar...

7.6CVSS6.2AI score
Exploits0References2Affected Software1
Cvelist
Cvelist
added yesterday30 views

CVE-2026-62186 OpenClaw < 2026.6.8 Authorization Bypass via HTTP Model Override

OpenClaw versions before 2026.6.8 contain an authorization bypass vulnerability in OpenAI-compatible HTTP model overrides that allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to bypass admin authorization...

7.6CVSS
Exploits0References2
NVD
NVD
added yesterday3 views

CVE-2026-57409

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows DOM-Based XSS.This issue affects Active Products Tables for WooCommerce: from n/a through = 1.1.0...

7.1CVSS0.00251EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday28 views

CVE-2026-57380 WordPress Extensions for Leaflet Map plugin <= 5.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hupe13 Extensions for Leaflet Map extensions-leaflet-map allows DOM-Based XSS.This issue affects Extensions for Leaflet Map: from n/a through = 5.1...

7.1CVSS0.00251EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added yesterday3 views

firefox: thunderbird: Mitigation bypass in the DOM: Security component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...

9.1CVSS6AI score0.00251EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added yesterday6 views

firefox: thunderbird: Mitigation bypass in the DOM: Security component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...

6.5CVSS6AI score0.00248EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added yesterday4 views

firefox: thunderbird: Sandbox escape in the DOM: Navigation component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape in the DOM: Navigation component...

9.6CVSS6AI score0.00393EPSS
Exploits0References6
EUVD
EUVD
added yesterday6 views

EUVD-2026-43277

A vulnerability has been found in yashbhalgat HashNeRF-pytorch up to 82885e698295982504eb6a26d060a6b2473e3706. Affected by this issue is the function torch.load of the file runnerf.py of the component Checkpoint File Handler. The manipulation of the argument ckptpath leads to deserialization. The...

5.3CVSS5.6AI score0.00121EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added yesterday3 views

firefox: thunderbird: Sandbox escape in the DOM: Navigation component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape in the DOM: Navigation component...

9.6CVSS6AI score0.00393EPSS
Exploits0References6
CVE
CVE
added 2 days ago17 views

CVE-2026-15511

Comfast CF-WR631AX V3 devices affected up to version 2.7.0.8; the FastCGI Backend’s /usr/bin/webmgnt module function system_wl_upload_pic_file accepts a manipulated filename, leading to OS command injection. Attacks can be remotely initiated; the exploit has been publicly disclosed and vendor res...

10CVSS6.7AI score0.0269EPSS
Exploits0References5
OSV
OSV
added 2 days ago3 views

MINI-C645-J392-74H9

Bulletin has no description...

9.1CVSS6.1AI score0.00466EPSS
Exploits0
OSV
OSV
added 2 days ago3 views

CVE-2026-56259 Crawl4AI - LLM Credential Exfiltration via base_url and Environment Variable Resolution

Crawl4AI before 0.8.8 contains credential exfiltration vulnerabilities in the Docker API server that allow attackers to redirect LLM API calls to attacker-controlled endpoints and read arbitrary environment variables. Attackers can exploit the unauthenticated /md, /llm, and /llm/job endpoints by...

8.8CVSS6.2AI score0.00268EPSS
Exploits0References4
Cvelist
Cvelist
added 3 days ago38 views

CVE-2026-60088 PraisonAI before 4.6.78 Path Traversal via Custom Commands

PraisonAI before 4.6.78 fails to validate file path references in custom command templates, allowing attackers to read files outside the workspace. Attackers can include path traversal sequences like @../outsidesecret.txt or absolute paths in project command files to exfiltrate process-readable...

6.8CVSS0.00147EPSS
Exploits0References3
Snyk
Snyk
added 4 days ago4 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview 9router is a 9Router CLI - Start and manage 9Router server Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition through the image process in open-sse/translator/concerns/image.js. An attacker can access internal-only HTTP services by...

7.4CVSS6.1AI score0.00154EPSS
Exploits0References2
NVD
NVD
added 4 days ago6 views

CVE-2026-22660

FlaskBB through 2.2.0, fixed in commit a5da9a5, contains a logic flaw vulnerability that allows authenticated administrators to delete all built-in authorization groups by exploiting a type mismatch in the bulk delete protection check. The bulk AJAX endpoint in the management views compares...

8.6CVSS0.00328EPSS
Exploits0References3
Rows per page
Query Builder