Lucene search
K

822 matches found

EUVD
EUVD
added 12 hours ago8 views

EUVD-2026-43267

A vulnerability was detected in kLOsk adloop up to 0.9.0. This vulnerability affects the function validateurls of the file src/adloop/ads/write.py. Performing a manipulation of the argument finalurl results in server-side request forgery. The attack may be initiated remotely. The exploit is now...

6.5CVSS6.4AI score
Exploits0References8
Cvelist
Cvelist
added 3 days ago26 views

CVE-2026-56690

Dell PowerFlex Manager, Version prior to 5.1.0.1, contains an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure, Information...

8.5CVSS0.0023EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 3 days ago5 views

Langflow < 1.9.1 Multiple Vulnerabilities

The version of Langflow installed on the remote host is prior to 1.9.1. It is, therefore, affected by multiple vulnerabilities: - An Insecure Direct Object Reference IDOR vulnerability in the /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user...

9.3CVSS6.3AI score0.00467EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 4 days ago5 views

dnsmasq < 2.93 Heap-Based Buffer Overflow (CVE-2026-12725)

The version of dnsmasq installed on the remote host is prior to 2.93. It is, therefore, affected by a heap-based buffer overflow vulnerability. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies containing unsupported algorithm or digest types can cause...

5.9CVSS6.2AI score0.00403EPSS
Exploits0References3
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-59822 LiteLLM: MCP Authentication Bypass via OAuth2 Passthrough Fallback

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.84.0, LiteLLM's MCP Streamable HTTP endpoint allowed an unauthenticated attacker to use a fabricated Authorization header to trigger an OAuth2 passthrough fallback path that replaced failed LiteLLM key...

8.8CVSS0.00286EPSS
Exploits0References4
Debian CVE
Debian CVE
added 5 days ago6 views

CVE-2026-60102

Horde Virtual File System VFS API before 3.0.1 contains an OS command injection vulnerability in the HordeVfsSmb driver where the escapeShellCommand method fails to sanitize command substitution sequences, allowing authenticated attackers to inject arbitrary shell commands through user-controlled...

8.8CVSS6.2AI score0.01803EPSS
Exploits0
NVD
NVD
added 6 days ago10 views

CVE-2026-34149

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, DatabaseBackupJob interpolates user-controlled database credentials and MongoDB collection exclusion names into backup shell commands without adequate escaping, allowing an...

3.3CVSS0.00221EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-34158

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, the executeInDocker helper wraps user-controlled commands in single quotes without escaping embedded single quotes. Attackers who can edit application settings can inject a...

8.8CVSS6.2AI score0.00363EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.10 views

Microsoft Edge (Chromium) < 150.0.4078.48 (CVE-2026-57991)

The version of Microsoft Edge installed on the remote Windows host is prior to 150.0.4078.48. It is, therefore, affected by a vulnerability as referenced in the July 2, 2026 advisory. - Improper link resolution before file access 'link following' in Microsoft Edge Chromium-based allows an...

7.4CVSS5.9AI score0.00745EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.10 views

Keycloak < 26.6.4 Multiple Vulnerabilities

The version of Keycloak installed on the remote host is prior to 26.6.4. It is, therefore, affected by multiple vulnerabilities, including the following: - A user with group-admin privileges can escalate to realm-admin, gaining full administrative control over the realm. CVE-2026-9099 - An...

8.1CVSS6.1AI score0.00519EPSS
Exploits0References9
EUVD
EUVD
added 2026/07/02 6:0 a.m.8 views

EUVD-2026-41254

The Adminify WordPress plugin before 4.2.10 does not perform per-user read-capability checks on the results returned by one of its administration search features, allowing users with a low-privilege role Contributor to disclose non-public content that WordPress would not otherwise expose to them,...

2.7CVSS5.7AI score0.00189EPSS
Exploits0References1
OSV
OSV
added 2026/06/30 11:17 p.m.6 views

DEBIAN-CVE-2026-14110

Inappropriate implementation in DarkMode in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.8AI score0.00195EPSS
Exploits0References1
OSV
OSV
added 2026/06/30 11:17 p.m.4 views

DEBIAN-CVE-2026-13991

Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS5.8AI score0.00169EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 10:39 p.m.15 views

CVE-2026-14121

CVE-2026-14121 affects Chromoting in Google Chrome on Linux, due to a use-after-free in Chromoting that enables a remote attacker to execute arbitrary code via malicious network traffic. Affected: Chrome/Chromium on Linux prior to 150.0.7871.47. Impact signals in the source documents include high...

9.8CVSS6.2AI score0.00339EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/30 10:39 p.m.25 views

CVE-2026-14080

Insufficient validation of untrusted input in TabSwitcher in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via malicious network traffic. Chromium security severity: Low...

0.00181EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 10:38 p.m.28 views

CVE-2026-13905

Race in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a local attacker to obtain potentially sensitive information from process memory via physical access to the device. Chromium security severity: Medium...

0.00092EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/30 10:38 p.m.5 views

CVE-2026-13902

Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS5.8AI score0.00245EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.10 views

LangChain < 1.3.9 Path Traversal (CVE-2026-55443)

The version of LangChain installed on the remote host is prior to 1.3.9. It is, therefore, affected by a path traversal vulnerability: - Several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root director...

5.5CVSS5.9AI score0.00157EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.11 views

PT-2026-51567

Name of the Vulnerable Software and Affected Versions GNU SASL versions prior to 2.2.4 Description The NTLM client lacks sanitization of a short challenge within the gsasl ntlm client step function. This flaw allows a crafted server to cause memory disclosure. Recommendations Update to version...

5.3CVSS5.8AI score0.00241EPSS
Exploits1References9
CBLMariner
CBLMariner
added 2026/06/22 9:21 p.m.7 views

CVE-2026-45844 affecting package kernel for versions less than 6.6.141.1-1

CVE-2026-45844 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...

5.5CVSS5.8AI score0.00117EPSS
Exploits0
Rows per page
Query Builder