Lucene search
K

2883113 matches found

CVE
CVE
added 19 minutes ago2 views

CVE-2026-58492 grav-plugin-database: SQL Injection in PDO::tableExists() due to Unsanitized Table Name Interpolation

grav-plugin-database is the database plugin for Grav CMS. Prior to 1.2.0, the PDO::tableExists method interpolates its table argument directly into a raw SQL query string without sanitization, escaping, quoting, or whitelisting, allowing attacker-controlled table names passed by consuming plugin ...

9.2CVSS
Exploits0References3
Cvelist
Cvelist
added 19 minutes ago2 views

CVE-2026-58492 grav-plugin-database: SQL Injection in PDO::tableExists() due to Unsanitized Table Name Interpolation

grav-plugin-database is the database plugin for Grav CMS. Prior to 1.2.0, the PDO::tableExists method interpolates its table argument directly into a raw SQL query string without sanitization, escaping, quoting, or whitelisting, allowing attacker-controlled table names passed by consuming plugin ...

9.2CVSS
Exploits0References3
NVD
NVD
added 25 minutes ago3 views

CVE-2026-54149

MaxKB is an open-source AI assistant for enterprise. Prior to 2.10.0-lts, MaxKB tool import functionality in apps/tools/serializers/tool.py and MCP referencing mode in apps/application/chatpipeline/step/chatstep/impl/basechatstep.py do not consistently validate MCP transport type, allowing an...

8.8CVSS
Exploits0References2
The Hacker News
The Hacker News
added 45 minutes ago3 views

Six New U-Boot Flaws Could Let Malicious Images Crash Devices or Run Code at Boot

Researchers at firmware security firm Binarly have found six new flaws in U-Boot, the small program that starts up hardware as varied as home routers, smart cameras, and the management chips inside data-center servers. Four of the bugs can crash a device. The other two could let an attacker who...

8.2CVSS6.5AI score0.00108EPSS
Exploits0
CVE
CVE
added 49 minutes ago15 views

CVE-2026-54063 Excelize: Unbounded Row Index Allocation in Worksheet Parser (checkSheet OOM/Panic DoS)

Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the checkSheet function in github.com/xuri/excelize/v2 uses an attacker-controlled XML attribute value directly as the length argument to makexlsxRow, row without validating it against the Exc...

7.5CVSS0.0007EPSS
Exploits0References2
Cvelist
Cvelist
added 49 minutes ago2 views

CVE-2026-54063 Excelize: Unbounded Row Index Allocation in Worksheet Parser (checkSheet OOM/Panic DoS)

Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the checkSheet function in github.com/xuri/excelize/v2 uses an attacker-controlled XML attribute value directly as the length argument to makexlsxRow, row without validating it against the Exc...

7.5CVSS0.0007EPSS
Exploits0References2
CVE
CVE
added 54 minutes ago11 views

CVE-2026-59161 Excelize: Streaming GetRows row-bound bypass causes attacker-controlled allocation

Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the streaming worksheet reader used by Rows and GetRows does not enforce the TotalRows limit on the row r attribute, allowing a small XLSX file with a row number above 1048576 and no cell...

8.7CVSS
Exploits0References4
Cvelist
Cvelist
added 54 minutes ago2 views

CVE-2026-59161 Excelize: Streaming GetRows row-bound bypass causes attacker-controlled allocation

Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the streaming worksheet reader used by Rows and GetRows does not enforce the TotalRows limit on the row r attribute, allowing a small XLSX file with a row number above 1048576 and no cell...

8.7CVSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 1 hour ago4 views

Malicious code in ohcm-culture-formatting (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5679f4434881406ce5af055e04a3ab7403158df3404c928a7fbc67596d0e9631 [email protected] declares a preinstall hook "preinstall": "node index.js" that auto-executes on npm install. index.js uses...

6.1AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 1 hour ago4 views

Malicious code in eth-react-redirection (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 581bd6ff87fb89c83d76fffd9fac9aab57039cd200f8d9f8991ce3a997511644 Package published as a React navigation library but ships code from an unrelated logger fork with an injected remote-execute payload. lib/levels.js...

6.3AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 1 hour ago5 views

Malicious code in rtc-integration-frontend-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector acfd49527fb8be1135feb424b68f6c46779ba146d8372d276eac1735770d6e5a [email protected] registers a postinstall lifecycle hook "postinstall": "node index.js" that fires automatically on npm install...

6.1AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 1 hour ago4 views

Malicious code in type-plint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37979cc60cff25e26406f3426f0dd7aeac12c13e55402c89f78228080cac0ad9 The package advertises itself as a pino-style logger but its exported middleware spawns lib/caller.js as a detached Node child process. lib/caller.js...

6.3AI score
Exploits0References1
NVD
NVD
added 1 hour ago5 views

CVE-2026-61444

PraisonAI versions before 4.6.78 contain a code injection vulnerability in deploy/api.py where the agentsfile parameter is directly interpolated into an f-string without sanitization. Attackers can inject arbitrary Python code that executes when the generated server code runs via subprocess.Popen...

9.4CVSS
Exploits0References2
NVD
NVD
added 1 hour ago4 views

CVE-2026-61437

PraisonAI pip package praisonaiagents before 1.6.78 contains an unsafe dynamic module loading vulnerability in AgentFlow.resolvepydanticclass src/praisonai-agents/praisonaiagents/workflows/workflows.py. When a workflow step uses a string outputpydantic reference, the framework locates and imports...

8.5CVSS
Exploits0References2
NVD
NVD
added 1 hour ago4 views

CVE-2026-59792

In JetBrains IntelliJ IDEA before 2026.1.4, 2026.2 code execution via path traversal in project workspace ID handling was possible...

9.6CVSS
Exploits0References1
Vulnrichment
Vulnrichment
added 1 hour ago2 views

CVE-2026-54149 MaxKB MCP tool import validation bypass allows post-authentication remote code execution

MaxKB is an open-source AI assistant for enterprise. Prior to 2.10.0-lts, MaxKB tool import functionality in apps/tools/serializers/tool.py and MCP referencing mode in apps/application/chatpipeline/step/chatstep/impl/basechatstep.py do not consistently validate MCP transport type, allowing an...

8.8CVSS
Exploits0References2
CVE
CVE
added 1 hour ago3 views

CVE-2026-54149

MaxKB is affected by CVE-2026-54149 prior to version 2.10.0-lts. The vulnerability resides in tool import validation (apps/tools/serializers/tool.py) and MCP referencing mode (apps/application/chat_pipeline/step/chat_step/impl/base_chat_step.py), where MCP transport type is not consistently valid...

8.8CVSS6.2AI score
Exploits0References2
Cvelist
Cvelist
added 1 hour ago3 views

CVE-2026-54149 MaxKB MCP tool import validation bypass allows post-authentication remote code execution

MaxKB is an open-source AI assistant for enterprise. Prior to 2.10.0-lts, MaxKB tool import functionality in apps/tools/serializers/tool.py and MCP referencing mode in apps/application/chatpipeline/step/chatstep/impl/basechatstep.py do not consistently validate MCP transport type, allowing an...

8.8CVSS
Exploits0References2
GithubExploit
GithubExploit
added 1 hour ago20 views

Exploit for Argument Injection in Gnu Inetutils

🔥 Abyssal CVE-2026-24061 Telnet Vulnerability Scanner & Exp...

9.8CVSS7AI score0.98871EPSS
Exploits62
The Hacker News
The Hacker News
added 1 hour ago3 views

Laser Attack Resets Tangem Wallet Passwords on Cards That Can't Be Patched

Researchers at Ledger's Donjon security team have shown that a precisely timed laser pulse, aimed at the chip inside a Tangem crypto wallet card, can reset the card's password to anything the attacker picks. No old password. No backup card. Once it is reset, whoever did it controls the wallet and...

6.1AI score
Exploits0
Rows per page
Query Builder