Lucene search
K

85 matches found

ATTACKERKB
ATTACKERKB
added 3 days ago6 views

CVE-2026-40008

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Apache IoTDB. The pipe processor reads a fully qualified Java class name and instantiates it using Class.forName.newInstance without any validation or allowlisting. This issue affects Apache IoTDB:...

9.8CVSS6.1AI score0.00332EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-40008 Apache IoTDB: Arbitrary Class Instantiation via Pipe Transfer RPC

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Apache IoTDB. The pipe processor reads a fully qualified Java class name and instantiates it using Class.forName.newInstance without any validation or allowlisting. This issue affects Apache IoTDB:...

0.00332EPSS
Exploits0References1
NVD
NVD
added 3 days ago5 views

CVE-2026-55615

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.5, Neo4jChatAgent passes LLM-generated Cypher queries straight to the Neo4j driver with no validation, no statement-type allowlist, and no opt-out gate. The query text is influenceable by prompt...

9.2CVSS0.00461EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-42193

When the application opens a PDF and JavaScript resets the form fields, the script re-enters the interface. The underlying native object is damaged, but the application does not perform validation. The function call on the damaged object leads to the application crashing...

7.8CVSS5.9AI score0.00116EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago7 views

CVE-2026-42145

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, the file upload endpoint app/Http/Controllers/UploadController.php for database backup restore uploads did not enforce file type or size validation, allowing an authenticat...

3.1CVSS5.9AI score0.0025EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/06/27 12:30 a.m.6 views

EUVD-2026-39924

The DMP-5000 file service exposes authenticated arbitrary file upload functionality. There are exposed endpoints which allows authenticated users to upload files of any type without validation. No file extension filtering or content inspection is enforced which allows executable binaries and...

8.4CVSS5.9AI score0.00459EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/27 12:30 a.m.7 views

EUVD-2026-39927

A vulnerability exists in H.View IP cameras certificate-related upload interfaces allow authenticated users to store arbitrary file content to fixed, persistent filesystem locations without validating file type, structure, or size. This design omission enables the placement of unexpected or...

8.6CVSS5.9AI score0.004EPSS
Exploits0References4
NVD
NVD
added 2026/06/26 11:17 p.m.14 views

CVE-2026-33560

The DMP-5000 file service exposes authenticated arbitrary file upload functionality. There are exposed endpoints which allows authenticated users to upload files of any type without validation. No file extension filtering or content inspection is enforced which allows executable binaries and...

8.8CVSS0.00459EPSS
Exploits0References2
CVE
CVE
added 2026/06/26 10:48 p.m.16 views

CVE-2026-33560

The CVE-2026-33560 issue affects the DMP-5000 file service, where an authenticated user can upload files of any type without validation, because there is no file-extension filtering or content inspection, allowing executable binaries/scripts to be written to the server. The vulnerability stems fr...

8.8CVSS5.9AI score0.00459EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/26 10:48 p.m.56 views

CVE-2026-33560 Daktronics Controller Firmware Unrestricted Upload of File with Dangerous Type

The DMP-5000 file service exposes authenticated arbitrary file upload functionality. There are exposed endpoints which allows authenticated users to upload files of any type without validation. No file extension filtering or content inspection is enforced which allows executable binaries and...

8.4CVSS0.00459EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/26 10:48 p.m.8 views

CVE-2026-33560

The DMP-5000 file service exposes authenticated arbitrary file upload functionality. There are exposed endpoints which allows authenticated users to upload files of any type without validation. No file extension filtering or content inspection is enforced which allows executable binaries and...

8.4CVSS5.9AI score0.00459EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.9 views

PT-2026-52989

Name of the Vulnerable Software and Affected Versions DMP-5000 affected versions not specified Description The file service allows authenticated users to upload files of any type without validation. The system does not enforce file extension filtering or content inspection, which enables the uplo...

8.8CVSS5.8AI score0.00459EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/06/25 3:50 p.m.7 views

CVE-2026-54033

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, LibreChat allows users to configure custom OpenAI-compatible API endpoints by setting a baseURL. This URL is used to construct HTTP requests without any SSRF validation — no private IP check, no scheme...

7.7CVSS5.9AI score0.00207EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.20 views

PT-2026-48315

Name of the Vulnerable Software and Affected Versions Spring Security versions 5.7.0 through 5.7.23 Spring Security versions 5.8.0 through 5.8.25 Spring Security versions 6.3.0 through 6.3.16 Spring Security versions 6.4.0 through 6.4.16 Spring Security versions 6.5.0 through 6.5.10 Spring Securi...

6.1CVSS5.8AI score0.00211EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.13 views

CVE-2026-47782

Android App "RoboForm Password Manager" provided by Siber Systems, Inc. handles Android intents without sufficient URL validation, user confirmation nor notification. If a URL to some malicious web page is given through an intent, RoboForm may silently download files without user confirmation nor...

4.6CVSS5.2AI score0.00132EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/03 3:28 a.m.14 views

Important: Red Hat Security Advisory: samba security update

An update for samba is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

9.8CVSS5.9AI score0.12797EPSS
Exploits9References4
EUVD
EUVD
added 2026/05/27 2:13 p.m.11 views

EUVD-2026-32508

Jenkins LDAP Plugin 807.v7d7de30930cf and earlier deserializes data from LDAP referrals without validation...

6.6CVSS5.8AI score0.0027EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.22 views

PT-2026-44010

Jenkins LDAP Plugin 807.v7d7de30930cf and earlier deserializes data from LDAP referrals without validation...

5.8AI score0.0027EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.15 views

PT-2026-44012

Name of the Vulnerable Software and Affected Versions Jenkins Active Directory Plugin versions prior to 2.42 Description The plugin deserializes data from LDAP referrals without proper validation. Deserialization is the process of converting a data stream back into an object, which, when performe...

6.6CVSS5.8AI score0.0027EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/12 4:21 p.m.54 views

CVE-2026-43989 JunoClaw: upload_wasm accepted arbitrary filesystem paths without validation

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the uploadwasm MCP tool accepted a filesystem path from the agent and uploaded whatever bytes the path resolved to, with no validation of location, symlink target, file size, or file format. This vulnerability is...

8.5CVSS0.00147EPSS
Exploits0References3
Rows per page
Query Builder