Lucene search
K

208 matches found

EUVD
EUVD
added last week5 views

EUVD-2026-41983

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the Livewire component Server\Resources exposes public methods startUnmanaged, stopUnmanaged, restartUnmanaged that accept a container ID parameter directly from the browse...

8.8CVSS6.2AI score0.00352EPSS
Exploits0References4
EUVD
EUVD
added last week5 views

EUVD-2026-41982

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, log drain secret and environment values were interpolated into shell commands without sufficient encoding, allowing an authenticated user to inject commands executed on the...

8.8CVSS6AI score0.0034EPSS
Exploits0References3
EUVD
EUVD
added last week5 views

EUVD-2026-41980

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, Sanctum API tokens did not expire, allowing a leaked token to retain access indefinitely until manually revoked. This issue is fixed in version 4.0.0-beta.474...

3.1CVSS6AI score0.00188EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added last week6 views

CVE-2026-42172

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, Sanctum API tokens did not expire, allowing a leaked token to retain access indefinitely until manually revoked. This issue is fixed in version 4.0.0-beta.474...

3.1CVSS6AI score0.00188EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/07/06 10:16 p.m.6 views

CVE-2026-42153

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, PostgreSQL healthcheck command generation used attacker-controlled database settings postgresuser and postgresdb in shell-form commands, allowing an authenticated user to...

8.8CVSS0.00359EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.10 views

CVE-2026-32885

DDEV is an open-source tool for running local web development environments for PHP and Node.js. Versions prior to 1.25.2 have unsanitized extraction in both Untar and Unzip functions in pkg/archive/archive.go. Downloads and extracts archives from remote sources without path validation. Version...

9.1CVSS5.6AI score0.00418EPSS
Exploits3References1
CVE
CVE
added 2026/06/05 7:30 p.m.32 views

CVE-2026-45779

CVE-2026-45779 affects OpenXDMoD: an unauthenticated SQL injection in Open XDMoD versions prior to 10.0.3 can lead to arbitrary SQL execution and complete compromise of the underlying database. The issue impacts all deployments

9.8CVSS6AI score0.00479EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.10 views

CVE-2026-44352

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, Broken Access Control allows reading of sketch logs from any user. This vulnerability is fixed in 1.2.3...

5.3CVSS5.5AI score0.00207EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/06/03 12:0 a.m.14 views

The Coverage Gap: Chile's Cyber Disclosure Framework Versus the USA, EU and UK

We introduce the Coverage Gap as a measurable distance between the observable public exposure of critical-infrastructure operators and their declared capability to coordinate vulnerability disclosure. We instantiate it against the 915 Chilean Operadores de Importancia Vital OIVs -- Operators of...

5.5AI score
Exploits0
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.11 views

UFO³ 安全漏洞

UFO³ is an open-source cross-device collaboration multi-agent task orchestration tool developed by Microsoft. Version UFO³ 3.0.1-4-ge2626659 contains a security vulnerability. This vulnerability stems from variable instance fields being overwritten in the shared WebSocket processor instances, whi...

6.3CVSS5.8AI score0.00276EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.14 views

GuardDog 安全漏洞

GuardDog is an open-source CLI tool developed by GuardDog, which allows for the identification of malicious PyPI packages. Versions 2.6.0 to 2.9.0 of GuardDog contain security vulnerabilities. These vulnerabilities stem from the default human-readable output, which includes filenames, file...

5CVSS5.9AI score0.00113EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.11 views

PostCSS 安全漏洞

PostCSS is an open-source style transformation tool developed by PostCSS. Versions of PostCSS 7.1.1 and earlier contained a security vulnerability. This vulnerability stemmed from improper handling of the toString function in the file/src/selectors/container.js component AST serialization, which...

5.3CVSS5.8AI score0.00325EPSS
Exploits0References4
OSV
OSV
added 2026/05/12 6:17 p.m.13 views

PYSEC-2026-29

changedetection.io is a free open source web page change detection tool. In 0.54.9 and earlier, xpathfilter switches to XML mode for XML/RSS content and creates etree.XMLParserstripcdata=False without explicitly disabling external entity resolution, external DTD loading, or network-backed entity...

7.5CVSS5.8AI score0.00266EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Syft 安全漏洞

Syft is an open-source remote data analysis tool developed by OpenMined, designed for protecting data privacy. Versions of Syft 0.9.5 and earlier contained security vulnerabilities. These vulnerabilities stemmed from inadequate validation of Python code submitted by users and insufficient sandbox...

9.8CVSS6.2AI score0.00631EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2026/05/11 3:45 p.m.18 views

Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation

Google on Monday disclosed that it identified an unknown threat actor using a zero-day exploit that it said was likely developed with an artificial intelligence AI system, marking the first time the technology has been put to use in the wild in a malicious context for vulnerability discovery and...

5.7AI score
Exploits0
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

Inkeep Agents 授权问题漏洞

Inkeep Agents is an open-source tool developed by Inkeep, designed for building AI agents that support visual drag-and-drop operations and TypeScript SDKs. Version 0.58.14 of Inkeep Agents contains a vulnerability related to authorization. This vulnerability originates from the createDevContext...

7.5CVSS7.1AI score0.00411EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.9 views

CI4MS 代码问题漏洞

CI4MS is an open-source blog page management tool developed by Ci4MS. There were code issues and vulnerabilities in versions of CI4MS from 0.26.0 to 0.31.8.0. These vulnerabilities stemmed from the auth filter disabling the check for banning/banned users...

5.3CVSS5.9AI score0.00269EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.10 views

PPTAgent 路径遍历漏洞

PPTAgent is an open-source intelligent presentation generation tool based on large models developed by ICIP-CAS. Previous versions of PPTAgent, such as 418491a, contained a path traversal vulnerability. This vulnerability stemmed from issues with the savegeneratedslides function, which could allo...

4.6CVSS5.9AI score0.00198EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.10 views

xhs-mcp 代码问题漏洞

xhs-mcp is an open-source tool developed by Algovate for automated publication and content management of REDnote. Version xhs-mcp 0.8.11 contains a code vulnerability. This vulnerability arises from the mediapaths parameter operation in the xhspublishcontent function within the...

7.5CVSS7.2AI score0.00361EPSS
Exploits0References1
CNVD
CNVD
added 2026/04/24 12:0 a.m.12 views

Flowise Information Disclosure Vulnerability

Flowise is a FlowiseAI open source tool for easily building LLM applications. Flowise suffers from an information disclosure vulnerability caused by a flaw in the /api/v1/public-chatflows/:id endpoint that can be exploited by an attacker to obtain sensitive information...

8.7CVSS5.7AI score0.00421EPSS
Exploits1
Rows per page
Query Builder