Lucene search
K

999 matches found

NVD
NVD
added 2 days ago5 views

CVE-2026-10134

IBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to read every secret available to the Langflow process, read and modify every flow, conversation, message, file upload, and saved component in the Langflow database, can connect to internal services, abuse cloud metadata endpoints, laterally...

10CVSS0.00314EPSS
Exploits0References1
CVE
CVE
added 2 days ago17 views

CVE-2026-10134

IBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to read every secret available to the Langflow process, read and modify every flow, conversation, message, file upload, and saved component in the Langflow database, can connect to internal services, abuse cloud metadata endpoints, laterally...

10CVSS5.8AI score0.00314EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago4 views

EUVD-2026-40404

IBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to read every secret available to the Langflow process, read and modify every flow, conversation, message, file upload, and saved component in the Langflow database, can connect to internal services, abuse cloud metadata endpoints, laterally...

10CVSS5.8AI score0.00314EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago4 views

EUVD-2026-40381

IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute arbitrary OS commands and read sensitive files including credentials, enabling complete system compromise and lateral movement...

9.9CVSS6AI score0.00288EPSS
Exploits0References1
Nuclei
Nuclei
added 4 days ago17 views

rConfig <=3.9.4 - SQL Injection

rConfig 3.9.4 and prior has unauthenticated snippets.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. id: CVE-2020-10549 info: name: rConfig 3.9.4 or apply th...

9.8CVSS7.2AI score0.36164EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 5 days ago9 views

PT-2026-53221

Name of the Vulnerable Software and Affected Versions Delta Electronics DTM Soft affected versions not specified Description The software is susceptible to the deserialization of untrusted data, which can allow an attacker to execute arbitrary code. Real-world exploitation has been observed where...

8.4CVSS6AI score0.00388EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.16 views

PT-2026-51133

Name of the Vulnerable Software and Affected Versions Simple File List versions prior to 6.3.8 Description The Simple File List plugin for WordPress contains a flaw where a missing authorization check on the frontmanage shortcode attribute allows authenticated attackers with contributor-level...

6.5CVSS5.8AI score0.00267EPSS
Exploits0References10
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 9:35 p.m.7 views

Malicious code in dotenv-sync (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c91932ecf0decc2b900d3e3cd6effe3c4cb1c4ec5ddfd98cde2460facf9f7ae1 On Windows, src/envsync/init.py lines 39-44 unconditionally calls ctypes.CDLL on a bundled 2.9MB PE file parser.pyd at top-level import, wrapped in...

6.1AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 9:34 p.m.8 views

Malicious code in disksweep (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a6449a8f35de848928e7f17d88c87db80e5aee40e8b53c375e07fc7d43cc05e On every import disksweep, the package's top-level src/disksweep/init.py lines 18-24 calls ctypes.CDLL on a 2.9 MB Windows binary parser.pyd shipped...

5.8AI score
Exploits0References5
OSV
OSV
added 2026/06/17 9:34 p.m.6 views

MAL-2026-6081 Malicious code in disksweep (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a6449a8f35de848928e7f17d88c87db80e5aee40e8b53c375e07fc7d43cc05e On every import disksweep, the package's top-level src/disksweep/init.py lines 18-24 calls ctypes.CDLL on a 2.9 MB Windows binary parser.pyd shipped...

5.8AI score
Exploits0References5
OSV
OSV
added 2026/06/17 9:32 p.m.17 views

MAL-2026-6083 Malicious code in syncagents (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aebf468a6887fb09002d4ae4aceab77e347034b389b02e252844f7d0d81fabd6 The PyPI package 'syncagents' impersonates the legitimate PyPI package 'agentsync' — the README, PKG-INFO, CHANGELOG, and project URLs all point at...

5.9AI score
Exploits0References6
Metasploit
Metasploit
added 2026/06/17 7:3 p.m.155 views

NTLM Relay to Self (HTTP to LDAP) - Post Exploitation

This module performs an NTLM relay-to-self privilege escalation attack. It starts an HTTP-to-LDAP relay server on the compromised host, then triggers the WebClient service via an ETW event allowing a low-privilege user to start it, and coerces the local machine account to authenticate via...

5.4AI score
Exploits0
EUVD
EUVD
added 2026/06/12 7:32 p.m.13 views

EUVD-2026-35397

TYPO3 CMS has Broken Access Control in its DataHandler...

5.3CVSS5.2AI score0.00238EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.10 views

PT-2026-47743

Name of the Vulnerable Software and Affected Versions TYPO3 CMS versions 13.0.0 through 13.4.31 TYPO3 CMS versions 14.0.0 through 14.3.3 Description Backend users can move records to a different page even if they lack the necessary edit permissions on the source page. Recommendations Update TYPO3...

5.3CVSS5.2AI score0.00238EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.8 views

TYPO3 CMS 安全漏洞

TYPO3 CMS is a content management system developed under the TYPO3 open source project. Versions 13.0.0–13.4.31 and 14.0.0–14.3.3 of TYPO3 CMS have security vulnerabilities. These vulnerabilities stem from the ability of users at the backend to move records to different pages without the necessar...

5.3CVSS5.4AI score0.00238EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.8 views

CVE-2026-7824

An issue was discovered in the PaperCut Hive Ricoh embedded application. When the "Deep Logging" diagnostic mode is enabled, the application inadvertently records administrative credentials in plain text within the log files. An attacker with administrative access to the PaperCut Hive management...

5.9CVSS5.5AI score0.00242EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/06/04 3:10 p.m.17 views

Agentic AI Is Transforming Defense, But Only Secure IT Infrastructure Will Maximize It

Over the past several weeks, the cybersecurity community has been reminded how quickly frontier and agentic AI in defense networks can challenge our assumptions. When Anthropic's Claude Mythos model was made available to a limited set of organizations as a technical preview, it was reported that ...

5.6AI score
Exploits0
Talos Blog
Talos Blog
added 2026/06/04 12:5 p.m.10 views

Winning the cyber marathon with Tony Giandomenico

In the high-speed world of cybersecurity, the difference between a breach and a breakthrough often comes down to endurance. Tony Giandomenico, Senior Director of Product Management with Cisco Talos, joins me to discuss how he balances the intensity of leading major product launches with the...

5.7AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/05/29 10:6 p.m.22 views

Admidio has IDOR in `documents-files.php` `mode=move_save` that lets any folder-uploader exfiltrate files from private folders

Summary modules/documents-files.php gates state-changing modes by checking that the actor has hasUploadRight on the URL parameter folderuuid. The movesave handler then operates on a separate URL parameter fileuuid and calls File::moveToFolder$destFolderUUID. File::moveToFolder checks the upload...

5.7AI score0.00032EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/29 6:3 p.m.19 views

CVE-2026-47740

Shopper: Authorization bypass vulnerability in a headless e-commerce Admin Panel. Before 2.8.0, multiple Filament actions on the admin Order detail and Order shipments tables could be invoked by an authenticated user with only read_orders or browse_orders permissions, without needing edit_orders....

8.1CVSS5.8AI score0.00258EPSS
Exploits0References2
Rows per page
Query Builder