Lucene search
+L

835 matches found

CVE
CVE
added 4 days ago11 views

CVE-2026-60081

The provided data indicate a memory‑consumption risk in DBI::ProfileData prior to version 1.651 for Perl. The issue arises from an unbounded path index in profile dump files, which can be used to allocate an excessively large array and exhaust memory. Affected component: DBI::ProfileData (Perl). ...

7.5CVSS6.1AI score0.0063EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 4 days ago7 views

Adobe Creative Cloud < 6.10.0.252.3 Multiple Privilege escalation (APSB26-77)

The version of Adobe Creative Cloud installed on the remote Windows host is prior to 6.10.0.252.3. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-77 advisory. - Creative Cloud Desktop is affected by a Time-of-check Time-of-use TOCTOU Race Condition vulnerabilit...

7.8CVSS6.5AI score0.00131EPSS
Exploits0References3
OSV
OSV
added 5 days ago4 views

UBUNTU-CVE-2026-58102

Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hvexts. When building the extension hash via extensions, extensionsbylongname, extensionsbyoid, or hasextensionoid, the code passes OBJobj2txt's return value as the hash-key...

9.1CVSS6.2AI score0.00222EPSS
Exploits0References3
NVD
NVD
added 5 days ago7 views

CVE-2026-58500

MCP Appium is an MCP server that provides AI assistants with tools to automate mobile app testing on Android and iOS. In versions prior to 1.85.10, the createLocatorGeneratorUI function interpolates attacker-controlled element attributes — text, content-desc, resource-id, and locator selector...

8.2CVSS0.00276EPSS
Exploits0References2
CVE
CVE
added 5 days ago18 views

CVE-2026-12257

CVE-2026-12257 affects Mura CMS prior to 10.0.712. The flaw is in the POST handling of the endpoint /index.cfm/_api/json/v1/default, where the method parameter is not properly validated, allowing an attacker to inject and execute arbitrary CFML and instantiate malicious Java objects, resulting in...

9.3CVSS6.7AI score0.00411EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago10 views

EUVD-2026-43267

A vulnerability was detected in kLOsk adloop up to 0.9.0. This vulnerability affects the function validateurls of the file src/adloop/ads/write.py. Performing a manipulation of the argument finalurl results in server-side request forgery. The attack may be initiated remotely. The exploit is now...

6.5CVSS6.4AI score0.00214EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-57918

Name of the Vulnerable Software and Affected Versions Crypt::OpenSSL::X509 versions prior to 2.1.3 Description A heap out-of-bounds read occurs when processing a long certificate extension Object Identifier OID in hv exts. This happens during the construction of the extension hash through the...

6.1AI score0.00222EPSS
Exploits0References6
OSV
OSV
added 2026/07/10 4:35 p.m.4 views

CVE-2026-59193 Grav CMS — Improper Handling of Highly Compressed Data in Installer::unZip()

Grav is a file-based Web platform. Prior to 2.0.0, an authenticated admin.super user can crash Grav or fill the disk by uploading a specially crafted ZIP archive through the Direct Install tool because Installer::unZip calls ZipArchive::extractTo without limits on uncompressed size, entry count, ...

6.9CVSS6.1AI score0.0039EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/07/10 11:43 a.m.29 views

CVE-2026-56690

Dell PowerFlex Manager, Version prior to 5.1.0.1, contains an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure, Information...

8.5CVSS0.00235EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/07/10 12:0 a.m.9 views

Langflow < 1.9.1 Multiple Vulnerabilities

The version of Langflow installed on the remote host is prior to 1.9.1. It is, therefore, affected by multiple vulnerabilities: - An Insecure Direct Object Reference IDOR vulnerability in the /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user...

9.3CVSS6.3AI score0.0056EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2026/07/10 12:0 a.m.9 views

libcurl 8.11.1 < 8.21.0 Netrc Wrong User Password Leak (CVE-2026-8926)

The version of libcurl installed on the remote host is 8.11.1 prior to 8.21.0. It is, therefore, affected by a credential leak vulnerability: - When asking curl to use a .netrc file to find credentials and at the same time specifying a URL with a username without a password, curl could wrongly ge...

9.1CVSS6.1AI score0.0061EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/07/09 12:0 a.m.9 views

dnsmasq < 2.93 Heap-Based Buffer Overflow (CVE-2026-12725)

The version of dnsmasq installed on the remote host is prior to 2.93. It is, therefore, affected by a heap-based buffer overflow vulnerability. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies containing unsupported algorithm or digest types can cause...

5.9CVSS6.2AI score0.00403EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/08 7:32 p.m.33 views

CVE-2026-59822 LiteLLM: MCP Authentication Bypass via OAuth2 Passthrough Fallback

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.84.0, LiteLLM's MCP Streamable HTTP endpoint allowed an unauthenticated attacker to use a fabricated Authorization header to trigger an OAuth2 passthrough fallback path that replaced failed LiteLLM key...

8.8CVSS0.00243EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/07/08 4:25 p.m.6 views

CVE-2026-60102

Horde Virtual File System VFS API before 3.0.1 contains an OS command injection vulnerability in the HordeVfsSmb driver where the escapeShellCommand method fails to sanitize command substitution sequences, allowing authenticated attackers to inject arbitrary shell commands through user-controlled...

8.8CVSS6.2AI score0.01803EPSS
Exploits0
NVD
NVD
added 2026/07/07 4:17 a.m.10 views

CVE-2026-34149

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, DatabaseBackupJob interpolates user-controlled database credentials and MongoDB collection exclusion names into backup shell commands without adequate escaping, allowing an...

3.3CVSS0.00221EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/07 3:28 a.m.6 views

CVE-2026-34158

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, the executeInDocker helper wraps user-controlled commands in single quotes without escaping embedded single quotes. Attackers who can edit application settings can inject a...

8.8CVSS6.2AI score0.00363EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/07/03 12:47 p.m.4 views

CVE-2026-59234 Authorization Bypass Through User-Controlled Key in Prospero Flow CRM calendar event deletion

Authorization Bypass Through User-Controlled Key CWE-639 in CalendarDeleteEventController app/Http/Controllers/Calendar/CalendarDeleteEventController.php, exposed at GET /calendar/event/delete/id, in Prospero Flow CRM before 5.5.3 allows a remote, authenticated attacker to delete arbitrary calend...

6.9CVSS6AI score0.00403EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.11 views

Microsoft Edge (Chromium) < 150.0.4078.48 (CVE-2026-57991)

The version of Microsoft Edge installed on the remote Windows host is prior to 150.0.4078.48. It is, therefore, affected by a vulnerability as referenced in the July 2, 2026 advisory. - Improper link resolution before file access 'link following' in Microsoft Edge Chromium-based allows an...

7.4CVSS5.9AI score0.00745EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.11 views

Keycloak < 26.6.4 Multiple Vulnerabilities

The version of Keycloak installed on the remote host is prior to 26.6.4. It is, therefore, affected by multiple vulnerabilities, including the following: - A user with group-admin privileges can escalate to realm-admin, gaining full administrative control over the realm. CVE-2026-9099 - An...

8.1CVSS6.1AI score0.00519EPSS
Exploits0References9
EUVD
EUVD
added 2026/07/02 6:0 a.m.8 views

EUVD-2026-41254

The Adminify WordPress plugin before 4.2.10 does not perform per-user read-capability checks on the results returned by one of its administration search features, allowing users with a low-privilege role Contributor to disclose non-public content that WordPress would not otherwise expose to them,...

2.7CVSS5.7AI score0.00189EPSS
Exploits0References1
Rows per page
Query Builder