Lucene search
+L

2030 matches found

Nuclei
Nuclei
added yesterday62 views

Vtiger CRM v7.2.0 - Directory Listing

Vtiger CRM v7.2.0 contains a directory traversal vulnerability caused by improper access controls in /libraries and /layout directories, letting attackers display hidden files and list directories, exploit requires no authentication. id: CVE-2020-19363 info: name: Vtiger CRM v7.2.0 - Directory...

6.5CVSS6.4AI score0.03613EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday31 views

Langflow < 1.3.0 - Remote Code Execution via validate_code() exec()

Langflow contains a remote code execution caused by inclusion of functionality from untrusted control sphere in the execglobals parameter at the validate endpoint, letting remote attackers execute arbitrary code as root, exploit requires no authentication. id: CVE-2026-0770 info: name: Langflow...

9.8CVSS9.5AI score0.10371EPSS
Exploits8References3
NVD
NVD
added 3 days ago10 views

CVE-2024-34268

EQ-3 Eqiva CC-RT-BLE Bluetooth Smart Radiator Thermostat Firmware up to the latest version 1.46 was discovered to allow unsecured bluetooth connections. This vulnerability allows attackers to gain full access to the device without authentication...

7.1CVSS0.00206EPSS
Exploits0References2
OSV
OSV
added 3 days ago8 views

CVE-2026-46562 Yamcs: Remote Code Execution via Mission Database algorithm override

Yamcs is a mission control framework. Prior to 5.12.7, the Nashorn ScriptEngine used to evaluate user-supplied JavaScript algorithm text in yamcs-core/src/main/java/org/yamcs/algorithms/ScriptAlgorithmExecutorFactory.java was constructed without a ClassFilter, so a user with the...

9.8CVSS6.3AI score0.0062EPSS
Exploits0References7
CVE
CVE
added 3 days ago12 views

CVE-2026-35148

HCL DFXServer is affected by a Missing Access Control vulnerability (CVE-2026-35148). The issue allows certain endpoints to be accessed without authentication in another browser, enabling any network user to invoke APIs without verification of identity or authorization. CVSS v3.1 base score: 6.3 ...

6.3CVSS6.1AI score0.00167EPSS
Exploits0References1
CVE
CVE
added 3 days ago6 views

CVE-2024-34268

CVE-2024-34268 affects the EQ-3 Eqiva CC-RT-BLE Bluetooth Smart Radiator Thermostat. The issue is that firmware up to 1.46 allows unsecured Bluetooth connections, enabling attackers to gain full access to the device without authentication. The CVSS v3.1 metrics from the entry indicate: AV Adjacen...

7.1CVSS6.1AI score0.00206EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago33 views

CVE-2024-34268

EQ-3 Eqiva CC-RT-BLE Bluetooth Smart Radiator Thermostat Firmware up to the latest version 1.46 was discovered to allow unsecured bluetooth connections. This vulnerability allows attackers to gain full access to the device without authentication...

7.1CVSS0.00206EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 4 days ago13 views

@andrea9293/mcp-documentation-server: Web UI API binds to all interfaces without authentication by default

Summary @andrea9293/mcp-documentation-server v1.13.0 documents that a Web UI starts automatically on port 3080. However, the Web UI/API appears to bind to all network interfaces by default :3080 / 0.0.0.0:3080 instead of localhost-only, and its document-management API endpoints do not require...

6.3AI score
Exploits0References4Affected Software1
CVE
CVE
added 4 days ago6 views

CVE-2026-61427

PraisonAI before 4.6.78 has an authentication bypass in the MCP HTTP-stream transport: running with --transport http-stream and no API key allows unauthenticated clients to initialize sessions, enumerate tools (tools/list), and invoke tools (tools/call). The dispatcher forwards tool-call argument...

7.3CVSS6.1AI score0.00338EPSS
Exploits0References2
CVE
CVE
added 4 days ago16 views

CVE-2026-13230

The CVE-2026-13230 entry concerns TP-Link Kasa EC70 v4 and EC71 v4. The issue lies in the local discovery mechanism, where geolocation-related data can be retrieved without authentication. Affects confidentiality only; no evidence of integrity or availability impact is reported. Exploitation cont...

5.3CVSS6.1AI score0.00246EPSS
Exploits0References5
Cvelist
Cvelist
added 4 days ago40 views

CVE-2026-13230 Information Disclosure Vulnerability in Local Discovery Response in TP-Link Kasa EC70 and EC71

An information disclosure vulnerability was identified in TP-Link Kasa EC70 v4 and EC71 v4 in the local discovery mechanism, which exposes sensitive geolocation information without requiring authentication. This issue allows an attacker on the same local network to retrieve geolocation-related da...

5.3CVSS0.00246EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 4 days ago10 views

PT-2026-58866

Name of the Vulnerable Software and Affected Versions TP-Link Kasa EC70 v4 TP-Link Kasa EC71 v4 Description An information disclosure issue exists in the local discovery mechanism. This flaw allows an unauthenticated attacker on the same local network to retrieve sensitive geolocation information...

5.3CVSS5.2AI score0.00246EPSS
Exploits0References8
NVD
NVD
added 5 days ago5 views

CVE-2025-56361

A reachable assertion vulnerability exists in the Matter SDK connectedhomeip 1.3 thru 1.4, specifically within the Level Control cluster's server tick logic emberAfLevelControlClusterServerTickCallback. When a MoveToLevel command is executed and followed by a conflicting write to the OperationMod...

7.5CVSS0.00398EPSS
Exploits1References2
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-43603

EIPStackGroup OpENer 2.3.0 commit 76b95cf has an out-of-bounds read issue in Connection Manager handling of ForwardOpen requests when processing short malformed packets. An attacker can send a valid ENIP outer frame carrying a malformed CIP ForwardOpen/LargeForwardOpen request, causing the parser...

9.1CVSS6.1AI score0.00434EPSS
Exploits0References3
CVE
CVE
added 5 days ago7 views

CVE-2025-56361

Summary: A reachable assertion vulnerability exists in the Matter SDK (connectedhomeip) 1.3–1.4 within the Level Control cluster server tick logic (emberAfLevelControlClusterServerTickCallback). If a MoveToLevel command is followed by a conflicting write to the OperationMode attribute in the Pump...

7.5CVSS6AI score0.00398EPSS
Exploits1References2Affected Software1
Zero Science Lab
Zero Science Lab
added 5 days ago36 views

SIP Sustainable Irrigation Platform 5.x (nr-url) Blind SSRF

Summary SIP is a free Raspberry Pi based Python program for controlling irrigation systems sprinkler, drip, hydroponic, etc. It uses web technology to provide an intuitive user interface UI in several languages. The UI can be accessed in your favorite browser on desktop, laptop, and mobile device...

6.5CVSS6.2AI score0.00261EPSS
Exploits2
NVD
NVD
added 6 days ago6 views

CVE-2026-15680

Lorex 2K Indoor Wi-Fi Security Camera CDeviceOperator Format String Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lorex 2K Indoor Wi-Fi Security Cameras. Authentication is not required to exploit th...

7.5CVSS0.0026EPSS
Exploits0References1
CVE
CVE
added 6 days ago8 views

CVE-2026-15680

CVE-2026-15680 affects Lorex 2K Indoor Wi‑Fi Security Camera. The vulnerability is in the sonia binary’s JSON request parsing, where lack of validation of a user‑supplied string used as a format specifier can allow a network‑adjacent attacker to execute arbitrary code with root privileges. Authen...

7.5CVSS7.3AI score0.0026EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-15680 Lorex 2K Indoor Wi-Fi Security Camera CDeviceOperator Format String Remote Code Execution Vulnerability

Lorex 2K Indoor Wi-Fi Security Camera CDeviceOperator Format String Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lorex 2K Indoor Wi-Fi Security Cameras. Authentication is not required to exploit th...

7.5CVSS0.0026EPSS
Exploits0References1
CVE
CVE
added 6 days ago13 views

CVE-2026-15685

CVE-2026-15685 affects Ollama, with the vulnerability located in the downloadBlob function where user-supplied data is not properly validated, allowing an out-of-bounds memory access and resulting in a denial-of-service condition. The issue, linked to ZDI-CAN-27277, can be triggered remotely with...

7.5CVSS7AI score0.00391EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder