Lucene search
K

30829 matches found

EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-43310

A flaw was found in the vllm-orchestrator-gateway component. The system's production binary logs all incoming authorization headers and full chat payloads, which may contain personally identifiable information PII and secrets, to persistent logs. This sensitive data, including bearer tokens and...

7.5CVSS6AI score
Exploits0References3
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-43308

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to validate that an assigned incoming webhook user has access to the target team or channel, which allows a requester with webhook management permissions to create posts or direct messages attributed to another user via...

4.9CVSS6.1AI score
Exploits0References2
NCSC
NCSC
added 5 hours ago4 views

Vulnerabilities handled in the n8n workflow automation platform

n8n has identified several vulnerabilities in its workflow automation platform. These vulnerabilities include: - An authorization issue where authenticated users can assign workflows to folders within projects to which they do not have access, due to insufficient validation of request payloads...

8.8CVSS6.3AI score0.00314EPSS
Exploits0References9
OSSF Malicious Packages
OSSF Malicious Packages
added 5 hours ago4 views

Malicious code in jest-formatter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector af1f270f7df9ee4f9088044964921e1b085b809ddb1d696e652326c58e5c0aba The package [email protected] presents itself as a Jest test output formatter but its lib/collect.js imports childprocess and invokes execSync wit...

6.2AI score
Exploits0References1
NVD
NVD
added 5 hours ago4 views

CVE-2026-9708

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to validate that an assigned incoming webhook user has access to the target team or channel, which allows a requester with webhook management permissions to create posts or direct messages attributed to another user via...

4.9CVSS
Exploits0References1
NVD
NVD
added 5 hours ago4 views

CVE-2026-15574

A flaw was found in the vllm-orchestrator-gateway component. The system's production binary logs all incoming authorization headers and full chat payloads, which may contain personally identifiable information PII and secrets, to persistent logs. This sensitive data, including bearer tokens and...

7.5CVSS
Exploits0References2
Cvelist
Cvelist
added 7 hours ago7 views

CVE-2026-15574 Vllm-orchestrator-gateway: vllm-orchestrator-gateway: authorization header and full chat payloads logged at hard-coded debug default

A flaw was found in the vllm-orchestrator-gateway component. The system's production binary logs all incoming authorization headers and full chat payloads, which may contain personally identifiable information PII and secrets, to persistent logs. This sensitive data, including bearer tokens and...

7.5CVSS
Exploits0References2
CVE
CVE
added 7 hours ago8 views

CVE-2026-15574

The CVE-2026-15574 issue affects the vllm-orchestrator-gateway component, where the production binary logs incoming authorization headers and full chat payloads, potentially exposing PII, secrets, bearer tokens, and conversation content. This data exposure arises from a hard-coded debug/default l...

7.5CVSS6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 7 hours ago4 views

Malicious code in chai-log (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8ffc5e8b4e25d2d7787eb9f3bb9607114e5e4290f0afe2350499b78d5f95642 [email protected] presents itself as a Mocha reporter mirroring the legitimate eth-gas-reporter project matching author name, README, and badges, but th...

6.5AI score
Exploits0References1
Cvelist
Cvelist
added 7 hours ago6 views

CVE-2026-9708 Incoming webhook user attribution via unvalidated webhook owner

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to validate that an assigned incoming webhook user has access to the target team or channel, which allows a requester with webhook management permissions to create posts or direct messages attributed to another user via...

4.9CVSS
Exploits0References1
CVE
CVE
added 7 hours ago8 views

CVE-2026-9708

Mattermost vulnerable versions (11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x

4.9CVSS6.1AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 7 hours ago6 views

CVE-2026-15574

A flaw was found in the vllm-orchestrator-gateway component. The system's production binary logs all incoming authorization headers and full chat payloads, which may contain personally identifiable information PII and secrets, to persistent logs. This sensitive data, including bearer tokens and...

7.5CVSS6AI score
Exploits0References3
Nuclei
Nuclei
added 10 hours ago165 views

Dompdf < v0.6.0 - Local File Inclusion

A vulnerability in dompdf.php in dompdf before 0.6.1, when DOMPDFENABLEPHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the inputfile parameter, as demonstrated by a...

6.8CVSS7.1AI score0.39374EPSS
Exploits6References5
Nuclei
Nuclei
added 10 hours ago1416 views

Microsoft FrontPage Extensions - Information Disclosure

Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /vtibin/ virtual directory. id: CVE-2000-0114 info: name: Microsoft FrontPage Extensions - Information Disclosure author: r3naissance,matejsmycka severity...

5CVSS6.1AI score0.47595EPSS
Exploits1References3
Nuclei
Nuclei
added 10 hours ago109 views

Gradio 4.3-4.12 - Local File Read

Local file read by calling arbitrary methods of Components class between Gradio versions 4.3-4.12 id: CVE-2024-1561 info: name: Gradio 4.3-4.12 - Local File Read author: nvn1729,Diablo severity: high description: | Local file read by calling arbitrary methods of Components class between Gradio...

7.5CVSS7AI score0.09239EPSS
Exploits4References6
Nuclei
Nuclei
added 10 hours ago62 views

osTicket < v1.16.6 - Cross-Site Scripting

Cross-site Scripting XSS - Generic in GitHub repository osticket/osticket prior to v1.16.6. id: CVE-2023-1318 info: name: osTicket v1.16.6 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Cross-site Scripting XSS - Generic in GitHub repository osticket/osticket prior to...

5.4CVSS6.2AI score0.01015EPSS
Exploits1References2
Nuclei
Nuclei
added 10 hours ago110 views

Gradio Hugging Face - Local File Inclusion

Gradio LFI when auth is not enabled, affects versions 4.0 - 4.10, also works against Gradio 3.33 id: CVE-2023-51449 info: name: Gradio Hugging Face - Local File Inclusion author: nvn1729 severity: high description: | Gradio LFI when auth is not enabled, affects versions 4.0 - 4.10, also works...

7.5CVSS7AI score0.0228EPSS
Exploits0References3
Nuclei
Nuclei
added 10 hours ago100 views

Gradio < 2.5.0 - Arbitrary File Read

Files on the host computer can be accessed from the Gradio interface id: CVE-2021-43831 info: name: Gradio 2.5.0 - Arbitrary File Read author: isacaya severity: high description: | Files on the host computer can be accessed from the Gradio interface impact: | An attacker would be able to view the...

7.7CVSS7AI score0.03794EPSS
Exploits1References2
Nuclei
Nuclei
added 10 hours ago38 views

WordPress Sensei LMS <4.5.0 - Information Disclosure

WordPress Sensei LMS plugin before 4.5.0 is susceptible to information disclosure. The plugin does not have proper permissions set in a REST endpoint, which can allow an attacker to access private messages. id: CVE-2022-2034 info: name: WordPress Sensei LMS 4.5.0 - Information Disclosure author:...

5.3CVSS6.2AI score0.01868EPSS
Exploits2References5
Nuclei
Nuclei
added 10 hours ago164 views

Apache Superset - Authentication Bypass

Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRETKEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset...

9.8CVSS7.1AI score0.97405EPSS
Exploits20References5
Rows per page
Query Builder