Lucene search
K

1491 matches found

CVE
CVE
added 2026/05/17 10:0 p.m.34 views

CVE-2026-8765

The CVE-2026-8765 entry concerns Kilo-Org kilocode up to version 7.0.47. It affects the Bun.file function in packages/opencode/src/kilocode/review/worktree-diff.ts of the File Diff API Endpoint. The underlying issue is a path traversal vulnerability caused by manipulating the File argument, allow...

6.5CVSS5.5AI score0.0058EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.18 views

PT-2026-41586

Name of the Vulnerable Software and Affected Versions Kilo-Org kilocode versions prior to 7.0.48 Description A flaw in the Environment Variable Handler component allows remote information disclosure. The issue exists within the Load function located in the packages/opencode/src/config/config.ts...

5.3CVSS5.8AI score0.00316EPSS
Exploits1References7
vulnersOsv
vulnersOsv
added 2026/05/14 1:16 p.m.10 views

ai.catboost:catboost-spark_4.0_2.13 (=1.2.10), ai.catboost:catboost-spark_4.1_2.13 (=1.2.10) +3116 more potentially affected by CVE-2026-45205 via org.apache.commons:commons-configuration2 (>=2.0 <=2.14.0)

org.apache.commons:commons-configuration2 MAVEN version =2.0, =0.31.0, =0.1.9, =0.1.9, =0.1.9, =3.30.1.1, =3.10.0.5, =3.10.0.7, =0.2.3.5, =0.1.9, =1.2.3, =1.2.3, =1.0.0-20260516144515, =1.0.0-20260516144515, =1.0.0.ee-20260528111216 and more Source cves: CVE-2026-45205 Source advisory:...

5.3CVSS5.7AI score0.00487EPSS
Exploits0
Atlassian
Atlassian
added 2026/05/11 11:29 p.m.31 views

Covert timing channel at org.bouncycastle:bcprov-jdk18on dependency in Bamboo Data Center

This High severity Information Disclosure vulnerability was introduced in versions 10.0.0, 10.1.1, 10.2.0, 11.0.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This Information Disclosure vulnerability, with a CVSS Score of 8.9 and a CVSS Vector of code...

9.9CVSS5.8AI score0.00691EPSS
Exploits0
Snyk
Snyk
added 2026/05/11 9:0 p.m.10 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS5.8AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/06 6:30 p.m.9 views

Velocidex Velociraptor has an Incorrect Authorization issue

Velociraptor versions prior to 0.76.4 contain a cross organization authorization bypass in the HTTP API. A user with only the reader role in the root organization the lowest authenticated role, holding only READRESULTS permission can issue a single authenticated HTTP GET that can read any files...

6.8CVSS5.7AI score0.00236EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 3:33 a.m.12 views

Velocidex Velociraptor has an authorization bypass vulnerability

An authorization bypass CWE-639 in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege user to retrieve the complete ACL policy roles and permissions for any user across all organizations by supplying targeted Name and Org...

7.7CVSS5.8AI score0.00255EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/05/06 3:15 a.m.14 views

CVE-2026-7573

An authorization bypass CWE-639 in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege user to retrieve the complete ACL policy roles and permissions for any user across all organizations by supplying targeted Name and Org...

7.7CVSS0.00255EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/06 2:15 a.m.9 views

CVE-2026-7573

An authorization bypass CWE-639 in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege user to retrieve the complete ACL policy roles and permissions for any user across all organizations by supplying targeted Name and Org...

5CVSS5.8AI score0.00255EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/04 12:1 a.m.4 views

Malicious Package

Overview @taxmoninor/taxmon is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/04/27 10:14 a.m.15 views

au.com.versent.jenkins.plugins:ignore-committer-strategy (>=37.v0d3157c4a_ef8 <=57.v0756db_b_f6926), be.mogo.iam:mogo-provisioning (>=1.0.1.RELEASE <=1.1.7.RELEASE) +898 more potentially affected by CVE-2026-41635 via org.apache.mina:mina-core (>=2.0.0 <=2.0.27)

org.apache.mina:mina-core MAVEN version =2.0.0, =37.v0d3157c4aef8, =1.0.1.RELEASE, =1.1.8.RELEASE, =1.1.5.RELEASE, =1.0.0.RELEASE, =1.0.0.RELEASE, =1.0.0.RELEASE, =1.0.2.RELEASE, =2.0.0, =1.0.7, =1.1.6, =1.1.0, =1.0.0, =1.1.0, =5.1.3 and more Source cves: CVE-2026-41635 Source advisory:...

9.8CVSS5.8AI score0.0064EPSS
Exploits0
NVD
NVD
added 2026/04/23 4:16 p.m.5 views

CVE-2026-40470

A critical XSS vulnerability affected hackage-server and hackage.haskell.org. HTML and JavaScript files provided in source packages or via the documentation upload facility were served as-is on the main hackage.haskell.org domain. As a consequence, when a user with latent HTTP credentials browses...

9.9CVSS0.00309EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/23 2:53 p.m.4 views

CVE-2026-40470

A critical XSS vulnerability affected hackage-server and hackage.haskell.org. HTML and JavaScript files provided in source packages or via the documentation upload facility were served as-is on the main hackage.haskell.org domain. As a consequence, when a user with latent HTTP credentials browses...

9.9CVSS5.8AI score0.00309EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/04/22 6:30 a.m.9 views

cc.chensoul.nacos:nacos-distribution (=2.5.2), cn.sparrowmini:sparrow-org-service (=0.0.1) +625 more potentially affected by CVE-2026-22746 via org.springframework.security:spring-security-core (>=5.8.0 <=5.8.2)

org.springframework.security:spring-security-core MAVEN version =5.8.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =5.12.0, =5.12.0, =1.48.0, =1.48.0, =1.48.0, =2.4.0, =2.4.0, =2.4.0, =2.6.0 and more Source cves: CVE-2026-22746 Source advisory: OSV:GHSA-VXF7-QJ7Q-83FH...

3.7CVSS5.8AI score0.00215EPSS
Exploits0
EUVD
EUVD
added 2026/04/21 3:21 p.m.4 views

EUVD-2026-23537

Auth0 Next.js SDK has Improper Proxy Cache Lookup...

5.4CVSS5.7AI score0.00214EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/21 3:21 p.m.9 views

Auth0 Next.js SDK has Improper Proxy Cache Lookup

Description In affected versions of the Next.js SDK, simultaneous requests that trigger a nonce retry may cause the proxy cache fetcher to perform improper lookups for the token request results. Which Projects are Affected? Users are affected if they meet all of the following preconditions: -...

5.4CVSS5.8AI score0.00214EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/04/21 3:21 p.m.5 views

GHSA-XQ8M-7C5P-C2R6 Auth0 Next.js SDK has Improper Proxy Cache Lookup

Description In affected versions of the Next.js SDK, simultaneous requests that trigger a nonce retry may cause the proxy cache fetcher to perform improper lookups for the token request results. Which Projects are Affected? Users are affected if they meet all of the following preconditions: -...

5.4CVSS5.8AI score0.00214EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/20 8:15 a.m.5 views

CVE-2026-6620 SonicCloudOrg sonic-server File Upload Endpoint FileTool.java upload path traversal

A vulnerability was found in SonicCloudOrg sonic-server up to 2.0.0. The affected element is the function Upload of the file FileTool.java of the component File Upload Endpoint. The manipulation of the argument Type results in path traversal. The attack may be launched remotely. The exploit has...

6.5CVSS5.3AI score0.00346EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/17 10:39 p.m.6 views

Incorrect Authorization

Overview @auth0/nextjs-auth0 is a Next.js SDK for signing in with Auth0 Affected versions of this package are vulnerable to Incorrect Authorization in the proxy cache fetcher. An attacker can gain unauthorized access to sensitive information or perform actions with insufficient authorization by...

6CVSS5.7AI score0.00214EPSS
Exploits0References2
NVD
NVD
added 2026/04/17 9:16 p.m.6 views

CVE-2026-40155

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In versions 4.12.0 through 4.17.1, simultaneous requests that trigger a nonce retry may cause the proxy cache fetcher to perform improper lookups for the token request results. Users are affected if...

5.4CVSS0.00214EPSS
Exploits0References3
Rows per page
Query Builder