Lucene search
+L

2138 matches found

nvd
nvd
added yesterday5 views

CVE-2026-59255

BloodHound through 9.4.0, fixed in commit 8f79035, contains a missing authorization vulnerability in the custom-nodes API endpoints that allows any authenticated user to modify the global graph schema. Attackers with valid session tokens can create, update, or delete custom node types affecting a...

7.1CVSS
Exploits0References4
attackerkb
attackerkb
added yesterday3 views

CVE-2026-59255

BloodHound through 9.4.0, fixed in commit 8f79035, contains a missing authorization vulnerability in the custom-nodes API endpoints that allows any authenticated user to modify the global graph schema. Attackers with valid session tokens can create, update, or delete custom node types affecting a...

7.1CVSS6.1AI score
Exploits0References5
euvd
euvd
added yesterday4 views

EUVD-2026-44754

BloodHound through 9.4.0, fixed in commit 8f79035, contains a missing authorization vulnerability in the custom-nodes API endpoints that allows any authenticated user to modify the global graph schema. Attackers with valid session tokens can create, update, or delete custom node types affecting a...

7.1CVSS6.1AI score
Exploits0References4
cve
cve
added yesterday6 views

CVE-2026-59255

BloodHound (through 9.4.0) contains a missing authorization flaw in the custom-nodes API endpoints that lets any authenticated user modify the global graph schema by calling unprotected POST, PUT, and DELETE operations. The issue affects the custom-nodes management API and can affect all users/te...

7.1CVSS6.1AI score
Exploits0References4
cvelist
cvelist
added yesterday25 views

CVE-2026-59255 BloodHound Missing Authorization on Custom Node Management API

BloodHound through 9.4.0, fixed in commit 8f79035, contains a missing authorization vulnerability in the custom-nodes API endpoints that allows any authenticated user to modify the global graph schema. Attackers with valid session tokens can create, update, or delete custom node types affecting a...

7.1CVSS
Exploits0References4
nvd
nvd
added 2 days ago3 views

CVE-2026-49458

DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Prior to 3.4.6, DOMPurify.sanitizenode, INPLACE: true accepted same-origin foreign-realm DOM nodes while follow-on checks used parent-realm constructors, causing instanceof checks for forms, named node maps, documen...

6.1CVSS0.00288EPSS
Exploits0References3
cvelist
cvelist
added 3 days ago34 views

CVE-2026-15584 Redhatinsights/incluster-checks: incluster-checks: privileged host-chroot debug pods created in shared default namespace enable privilege escalation to node root

A privilege escalation vulnerability was found in the incluster-checks tool for OpenShift. The tool creates privileged debug pods with host filesystem access in the shared default namespace, where any user with the standard edit role can exec into them and obtain root access on cluster nodes...

7.5CVSS0.00246EPSS
Exploits0References2
thn
thn
added 2026/07/09 4:1 a.m.13 views

Fake 7-Zip Installers Turn Devices Into Residential Proxy Nodes

Cybersecurity researchers have disclosed details of a new threat actor dubbed Lurking Lizard that has been operating an end-to-end malicious residential proxy business using an infrastructure comprising more than 230 lookalike domains. The activity dates back to at least August 2022, according to...

6.1AI score
Exploits0
euvd
euvd
added 2026/07/06 9:54 p.m.7 views

EUVD-2026-25004

mknod: Device nodes created mislabeled on SELinux, with broken cleanup removedir on a node...

4.4CVSS5.9AI score0.00142EPSS
Exploits1References5
euvd
euvd
added 2026/07/06 8:21 p.m.10 views

EUVD-2026-24998

cp: -R reads device nodes as streams, destroying device semantics...

5.5CVSS5.9AI score0.00177EPSS
Exploits1References6
osv
osv
added 2026/07/06 5:55 a.m.5 views

BIT-MASTODON-2026-50129 Mastodon: Persistent anonymous DoS via unhandled NoMethodError in MATH_TRANSFORMER

Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.11, 4.4.18, and 4.3.24, a DoS can be triggered by Uncaught Exception vulerability, due to missing exception handling in the math sanitizer. Malformed nodes can result in a DoS of a whole server or targeted...

7.5CVSS5.9AI score0.00263EPSS
Exploits0References2
thn
thn
added 2026/07/02 6:54 p.m.14 views

Google Disrupts NetNut Residential Proxy Network Spanning 2 Million Home Devices

Google has significantly degraded NetNut , one of the biggest networks that turns home devices into rented relays for other people's traffic. Working with the FBI, Lumen, and others, Google's Threat Intelligence Group GTIG said this week it had reduced the network's pool of usable devices by...

6AI score
Exploits0
euvd
euvd
added 2026/07/02 5:12 p.m.11 views

EUVD-2026-36322

OpenClaw: Paired nodes could forge exec lifecycle events without system.run provenance...

8.6CVSS5.8AI score0.00342EPSS
Exploits0References3
osv
osv
added 2026/07/01 5:59 p.m.2 views

CVE-2026-53492 containerd CRI checkpoint restore CDI annotation smuggling

containerd is an open-source container runtime. In Versions prior to 2.3.2, 2.2.5 and 2.1.9, the CRI implementation improperly trusts Container Device Interface CDI annotations found within untrusted checkpoint image metadata during container restoration. When restoring a container from a...

8.4CVSS6AI score0.00412EPSS
Exploits0References3
nvd
nvd
added 2026/06/30 8:17 p.m.6 views

CVE-2026-7803

IBM Langflow OSS 1.0.0 through 1.10.0 could allow arbitrary code execution due to improper validation of flow nodes with missing or empty component type fields...

9.8CVSS0.00357EPSS
Exploits0References1
euvd
euvd
added 2026/06/30 7:21 p.m.7 views

EUVD-2026-40387

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 's Object Query Language engine resolves attacker-supplied class names via Class.forName and invokes their constructors with no allow-list at three distinct sinks SELECT NEW, enum literals, and reflection-based comparators; an authenticated remo...

7.5CVSS6.1AI score0.00283EPSS
Exploits0References1
euvd
euvd
added 2026/06/30 7:15 p.m.6 views

EUVD-2026-40383

IBM Langflow OSS 1.0.0 through 1.10.0 could allow arbitrary code execution due to improper validation of flow nodes with missing or empty component type fields...

9.8CVSS6.4AI score0.00357EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/06/30 7:15 p.m.6 views

CVE-2026-7803

IBM Langflow OSS 1.0.0 through 1.10.0 could allow arbitrary code execution due to improper validation of flow nodes with missing or empty component type fields...

9.8CVSS6.4AI score0.00357EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2026/06/30 7:15 p.m.45 views

CVE-2026-7803 Flow Validation Bypass via Empty Component Type Field

IBM Langflow OSS 1.0.0 through 1.10.0 could allow arbitrary code execution due to improper validation of flow nodes with missing or empty component type fields...

9.8CVSS0.00357EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/30 12:0 a.m.12 views

PT-2026-53947

Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.10.0 Description Improper validation of flow nodes that have missing or empty component type fields can lead to arbitrary code execution. Arbitrary code execution occurs when an attacker can run...

9.8CVSS6.6AI score0.00357EPSS
Exploits0References4
Rows per page
Query Builder