Lucene search
+L

178 matches found

CVE
CVE
added 3 days ago10 views

CVE-2026-52891

Wekan prior to v9.07 is vulnerable to command execution via avatar upload. The avatar filename is embedded in shell commands in models/avatars.js and models/fileValidation.js, allowing shell metacharacters (e.g., ` and $( ) to run commands on the server through child_process.exec(). Impact: high ...

9.9CVSS6.2AI score0.00403EPSS
Exploits0References3
OSV
OSV
added 3 days ago3 views

CVE-2026-52891 Wekan: Shell Injection via Avatar Upload

Wekan is open source kanban built with Meteor. Prior to 9.07, Wekan avatar upload functionality embeds user-supplied filenames into paths later passed to childprocess.exec for MIME-type detection. Because models/avatars.js and models/fileValidation.js used a shell command with the avatar filename...

9.9CVSS6.2AI score0.00403EPSS
Exploits0References5
EUVD
EUVD
added 3 days ago11 views

EUVD-2026-36546

Koel: Server-Side Request Forgery SSRF in radio station creation due to missing validation bail...

6.3CVSS6.1AI score0.0016EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/07/10 3:45 p.m.9 views

CVE-2026-15376 Eleveo Call Recording Software statisticReportAction.do improper authorization

A vulnerability was found in Eleveo Call Recording Software 9.7.0. Affected is an unknown function of the file /callrec/statisticReportAction.do. The manipulation results in improper authorization. The attack can be launched remotely. The exploit has been made public and could be used. The vendor...

6.5CVSS6.3AI score0.00256EPSS
Exploits0References5
CVE
CVE
added 2026/07/10 3:0 p.m.7 views

CVE-2026-15374

Technical details beyond the initial description are not publicly available in the provided documents. Monitor for updates on CVE-2026-15374 affecting Eleveo Call Recording Software 9.7.0, specifically the /callrec/roleAddAction.do improper authorization vulnerability.

6.5CVSS6.3AI score0.00256EPSS
Exploits0References5
OSV
OSV
added 2026/07/09 6:28 p.m.4 views

CVE-2026-59149 Mockoon: Path traversal in templated `filePath` lets a request escape the served directory (prefix-only base check)

Mockoon provides way to design and run mock APIs. Prior to 9.7.0, a FILE response whose filePath embeds request data is confined by getSafeFilePath in packages/commons-server/src/libs/server/server.ts with resolvedPath.startsWithstaticBaseDir. That prefix test has no path-separator boundary, so a...

6.5CVSS6.1AI score0.0033EPSS
Exploits0References7
CVE
CVE
added 2026/07/09 6:27 p.m.14 views

CVE-2026-59148

The CVE covers Mockoon prior to version 9.7.0, where the admin API was mounted on the same Express listener as user mock routes with default-enabled, unauthenticated access and permissive CORS (Access-Control-Allow-Origin: ). This allowed any unauthenticated client on the mock server port to: rea...

8.8CVSS6AI score0.00173EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:16 a.m.10 views

CVE-2026-57759

Unauthenticated Cross Site Request Forgery CSRF in ProfileGrid = 5.9.9.7 versions...

8.8CVSS5.8AI score0.00142EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/02 11:14 a.m.41 views

CVE-2026-27404 WordPress LMS theme <= 9.7 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in LMS = 9.7 versions...

7.1CVSS0.0018EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/07/02 9:14 a.m.6 views

WordPress ProfileGrid plugin <= 5.9.9.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by dodoh4t in WordPress Plugin ProfileGrid versions = 5.9.9.9...

8.8CVSS6.1AI score0.00142EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/06/25 7:16 p.m.5 views

UBUNTU-CVE-2026-56766

Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an...

8.8CVSS6.6AI score0.01325EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 6:1 p.m.5 views

CVE-2026-56766

Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an...

8.8CVSS6.8AI score0.01325EPSS
Exploits2References3
EUVD
EUVD
added 2026/06/15 9:30 p.m.10 views

EUVD-2026-36991

Subscriber Broken Access Control in ChatBot = 7.9.7 versions...

7.1CVSS5.1AI score0.00307EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/15 8:41 p.m.36 views

CVE-2026-48714 i18next-http-middleware missingKeyHandler does not reject keys whose segments contain prototype-polluting names

i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. In versions prior to 3.9.7, the missingKeyHandler blocked the literal request-body keys proto, constructor, and prototype added in 3.9.3, see GHSA-5fgg-jcpf-8jjw, but did not...

9.1CVSS0.00419EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.28 views

PT-2026-49426

Subscriber Broken Access Control in ChatBot = 7.9.7 versions...

7.1CVSS5.1AI score0.00307EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 6:51 p.m.26 views

CVE-2026-50552

Koel (open-source music streaming) is affected prior to version 9.7.1 by a Server-Side Request Forgery (SSRF) in the radio station creation endpoint (POST /api/radio/stations). The url validation rules are declared without bail, allowing the HasAudioContentType rule to issue HTTP requests even af...

6.3CVSS5.5AI score0.0016EPSS
Exploits0References2
OSV
OSV
added 2026/06/12 6:51 p.m.3 views

CVE-2026-50552 Koel: Server-Side Request Forgery (SSRF) in radio station creation due to missing validation bail

Koel is a free, open-source music streaming solution. Prior to version 9.7.1, Koel contains a Server-Side Request Forgery SSRF vulnerability in the radio station creation endpoint POST /api/radio/stations. The url field validation rules are declared without the bail keyword, so the...

6.3CVSS6AI score0.0016EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/26 8:1 p.m.19 views

EUVD-2026-31981

Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the Spindle extension build pipeline calls bun install without the --ignore-scripts flag before running the static backend safety scan assertSafeBackendBundle. A malicious extension that ships a package.json with a preinstall,...

9.1CVSS6.2AI score0.0037EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/26 8:0 p.m.8 views

CVE-2026-44449

Lumiverse is a full-featured AI chat application. Prior to 0.9.7, when the primary toSmbPathfullPath call throws, the method falls back to a dirname/basename split and only validates the directory prefix. The basename is concatenated directly into the smbclient -c script without validation...

9.1CVSS6AI score0.00451EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

OpenCTI 访问控制错误漏洞

OpenCTI is an open-source network threat intelligence platform developed by OpenCTI. Versions of OpenCTI prior to 6.9.7 contained a access control vulnerability. This vulnerability stemmed from incorrect Access Control Lists ACLs when users were editing relationship additions, potentially allowin...

7.2CVSS5.8AI score0.00316EPSS
Exploits0References2
Rows per page
Query Builder