Lucene search
+L

1772 matches found

NVD
NVD
added 2026/04/27 5:16 p.m.8 views

CVE-2026-7142

A vulnerability was determined in Wooey up to 0.13.2. The impacted element is the function addorupdatescript of the file wooey/api/scripts.py of the component API Endpoint. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has...

6.5CVSS0.00214EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/04/27 5:0 p.m.5 views

CVE-2026-7142 Wooey API Endpoint scripts.py add_or_update_script improper authorization

A vulnerability was determined in Wooey up to 0.13.2. The impacted element is the function addorupdatescript of the file wooey/api/scripts.py of the component API Endpoint. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has...

6.5CVSS6AI score0.00214EPSS
Exploits0References8
OSV
OSV
added 2026/04/27 5:16 a.m.7 views

MAL-2026-3099 Malicious code in bytedvod (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c2b90eec61e5e2a472f910011acc1e66e407b4a240e907ac74289221e1a5e83f Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.6AI score
Exploits0References1
OSV
OSV
added 2026/04/24 12:30 p.m.8 views

GHSA-F786-9C63-8XR8 Apache DolphinScheduler RPC module has a Deserialization of Untrusted Data vulnerability

Deserialization of Untrusted Data vulnerability in Apache DolphinScheduler RPC module. This issue affects Apache DolphinScheduler: Version = 3.2.0 and 3.3.1. Attackers who can access the Master or Worker nodes can compromise the system by creating a StandardRpcRequest, injecting a malicious class...

6.3CVSS5.8AI score0.00537EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/23 6:31 a.m.8 views

CVE-2026-34271

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker...

6.5CVSS7.2AI score0.00303EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.9 views

Frappe 跨站脚本漏洞

Frappe is a web development framework based on Python and Mariadb, with integrated front-end pages, developed by the Indian company Frappe. Version 16.10.10 of Frappe contains a cross-site scripting vulnerability. This vulnerability stems from special tag values stored in user tags that are not...

5.4CVSS5.8AI score0.00201EPSS
Exploits1References1
CNVD
CNVD
added 2026/04/22 12:0 a.m.18 views

Oracle VM VirtualBox Core Component Denial of Service Vulnerability (CNVD-2026-18569)

Oracle VM VirtualBox is a desktop virtualization software developed by Oracle that supports running multiple operating systems on a single host. A denial of service vulnerability exists in Oracle VM VirtualBox. The vulnerability stems from a failure of the Core component to properly handle RDP...

7.5CVSS7.7AI score0.00253EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.4 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013022)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013022 advisory. In the Linux kernel, the following vulnerability has been resolved: drm: nv04: Fix out of bounds access When Output Resource dcb-or value is assigned in...

7.8CVSS6.3AI score0.00293EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/04/15 12:0 a.m.5 views

WordPress Inquiry form to posts or pages plugin <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'inq_header' Parameter vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting via 'inqheader' Parameter vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Inquiry form to posts or pages versions = 1.0...

4.3CVSS5.8AI score0.00219EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.9 views

PT-2026-32715

CVE-2026-0209 Under certain administrative conditions, FlashArray Purity may apply snapshot retention policies earlier or later than configured. https://t.co/EJhrC81EMh...

6.9CVSS5.8AI score0.00378EPSS
Exploits0References3
CVE
CVE
added 2026/04/13 9:28 p.m.14 views

CVE-2026-22566

CVE-2026-22566 describes an improper access control vulnerability in UniFi Play components. Affected: UniFi Play PowerAmp (&lt;= 1.0.35) and UniFi Play Audio Port (

7.5CVSS5.8AI score0.00361EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/13 7:24 p.m.4 views

CVE-2026-5169

The Inquiry Form to Posts or Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Form Header' field in versions up to and including 1.0. This is due to insufficient input sanitization when saving via updateoption and lack of output escaping when displaying the stored...

4.4CVSS5.9AI score0.00254EPSS
Exploits0References1
NVD
NVD
added 2026/04/12 6:16 a.m.5 views

CVE-2026-31413

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix unsound scalar forking in maybeforkscalars for BPFOR maybeforkscalars is called for both BPFAND and BPFOR when the source operand is a constant. When dst has signed range -1, 0, it forks the verifier state: the pushed pa...

7.8CVSS0.00221EPSS
Exploits2References4
OSV
OSV
added 2026/04/12 5:36 a.m.1 views

CVE-2026-31413 bpf: Fix unsound scalar forking in maybe_fork_scalars() for BPF_OR

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix unsound scalar forking in maybeforkscalars for BPFOR maybeforkscalars is called for both BPFAND and BPFOR when the source operand is a constant. When dst has signed range -1, 0, it forks the verifier state: the pushed pa...

7.8CVSS6.5AI score0.00221EPSS
Exploits2References7
GithubExploit
GithubExploit
added 2026/04/11 7:14 p.m.129 views

Exploit for Improper Authorization in Wbce Wbce_Cms

CVE-2025-65094: WBCE CMS is Vulnerable to Privilege Escalation...

8.8CVSS5.8AI score0.00373EPSS
Exploits3
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.10 views

Apache Tomcat 输入验证错误漏洞

Apache Tomcat is a lightweight web application server developed by the Apache Foundation in the United States. It supports Servlet and JavaServer Page JSP technologies. Versions of Apache Tomcat 11.0.18 and earlier, 10.1.52 and earlier, 9.0.115 and earlier, as well as 8.5.100 and earlier, have a...

6.1CVSS6.4AI score0.00526EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.8 views

PT-2026-31547

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.2 through 18.8.8, 18.9 through 18.9.4, and 18.10 through 18.10.2 Description A flaw existed in GitLab CE/EE where an authenticated user with custom role permissions could potentially demote or remove higher-privileged...

2.7CVSS5.8AI score0.00348EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.11 views

LobeHub 安全漏洞

LobeHub is an open-source AI dialogue framework developed by LobeHub. Versions of LobeHub prior to 2.1.48 contained security vulnerabilities. These vulnerabilities stemmed from the WebAPI authentication layer, which trusted client control headers that had only been XOR-encrypted. This allowed...

7.1CVSS5.8AI score0.00126EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.10 views

PT-2026-31350

Summary The webapi authentication layer trusts a client-controlled X-lobe-chat-auth header that is only XOR-obfuscated, not signed or otherwise authenticated. Because the XOR key is hardcoded in the repository, an attacker can forge arbitrary auth payloads and bypass authentication on protected...

5CVSS6.2AI score0.00126EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/07 9:43 p.m.9 views

NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module

A flaw was found in NGINX. A remote attacker can exploit a buffer overflow vulnerability within the ngxhttpdavmodule module. This occurs when the NGINX configuration uses DAV module MOVE or COPY methods in conjunction with prefix location and alias directives. Successful exploitation may lead to...

8.8CVSS6AI score0.21621EPSS
Exploits0References5
Rows per page
Query Builder