Lucene search
K

105509 matches found

CVE
CVE
added 2026/05/12 4:43 p.m.14 views

CVE-2026-41513

CVE-2026-41513 affects Horilla HR/CRM software (version 1.5.0) where notification endpoints trust an unvalidated next parameter, enabling open redirects to arbitrary external URLs. This can enable phishing/social-engineering redirects by turning legitimate links intomalicious destinations. Connec...

4.8CVSS5.9AI score0.00265EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/12 4:43 p.m.34 views

CVE-2026-41513 Horilla: Open Redirect via Unvalidated `next` Parameter in Notification Endpoints

Horilla is an HR and CRM software. In 1.5.0, the notification endpoints trust the unvalidated next parameter and redirect users to arbitrary external URLs. This allows an attacker to turn trusted application links into phishing or social-engineering redirects...

4.8CVSS0.00265EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 4:43 p.m.10 views

EUVD-2026-29692

Horilla is an HR and CRM software. In 1.5.0, the notification endpoints trust the unvalidated next parameter and redirect users to arbitrary external URLs. This allows an attacker to turn trusted application links into phishing or social-engineering redirects...

4.8CVSS5.9AI score0.00265EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/12 4:43 p.m.12 views

CVE-2026-41513 Horilla: Open Redirect via Unvalidated `next` Parameter in Notification Endpoints

Horilla is an HR and CRM software. In 1.5.0, the notification endpoints trust the unvalidated next parameter and redirect users to arbitrary external URLs. This allows an attacker to turn trusted application links into phishing or social-engineering redirects...

4.8CVSS5.9AI score0.00265EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 4:25 p.m.8 views

EUVD-2026-29541

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, every MCP write tool sendtokens, executecontract, instantiatecontract, uploadwasm, ibctransfer, etc. accepted 'mnemonic: string' as an explicit tool-call parameter. The BIP-39 seed was consequently embedded in th...

9.8CVSS5.8AI score0.00225EPSS
Exploits0References3
NVD
NVD
added 2026/05/12 4:16 p.m.14 views

CVE-2026-31228

The Adversarial Robustness Toolbox ART thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation function for PyTorch models uses the unsafe eval function to dynamically evaluate user-supplied strings for the LossFn and Optimizer parameters...

9.8CVSS0.0061EPSS
Exploits0References5
NVD
NVD
added 2026/05/12 4:16 p.m.8 views

CVE-2026-31218

The loadmodel function in the neuralmagictraining.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f 2024-07-21 is vulnerable to insecure deserialization CWE-502. When loading a model state dictionary from a statedict.pt file via torch.load, the function does not...

8.8CVSS0.00559EPSS
Exploits0References2
NVD
NVD
added 2026/05/12 4:16 p.m.9 views

CVE-2023-30059

An insecure direct object reference in MK-Auth 23.01K4.9 allows attackers to access and send support calls for other users via manipulation of the chamado parameter through a crafted GET request...

5.4CVSS0.00168EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/12 3:34 p.m.9 views

OpenClaude MCP OAuth Callback: State Check Bypass via error Param Leads to DoS

OAuth State Validation Bypass via error Parameter Causes Local Server DoS in MCP Auth Callback --- Description The OpenClaude MCP authentication flow starts a temporary local HTTP server to handle OAuth callbacks. To prevent CSRF attacks, the server validates a state parameter against an internal...

6.5CVSS5.9AI score0.00219EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/05/12 3:13 p.m.33 views

CVE-2026-34187 SQL Injection in Graph Container Parameter

Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via graph container parameter. This issue affects Pandora FMS: from 777 through 800...

7.6CVSS0.00274EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 3:13 p.m.8 views

CVE-2026-34187 SQL Injection in Graph Container Parameter

Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via graph container parameter. This issue affects Pandora FMS: from 777 through 800...

7.6CVSS5.9AI score0.00274EPSS
Exploits0References1
OSV
OSV
added 2026/05/12 3:8 p.m.4 views

GHSA-2G4X-FQ3J-CGQ4 Dalfox has an Unauthenticated Remote DoS via Closed-Channel Write in `ParameterAnalysis` (server mode)

Summary ParameterAnalysis in pkg/scanning/parameterAnalysis.go runs two sequential worker stages that both write to the same results channel. The channel is correctly closed after the first stage completes closeresults at line 438, but the second stage — which processes POST-body parameters dp — ...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/12 3:8 p.m.15 views

Dalfox has an Unauthenticated Remote DoS via Closed-Channel Write in `ParameterAnalysis` (server mode)

Summary ParameterAnalysis in pkg/scanning/parameterAnalysis.go runs two sequential worker stages that both write to the same results channel. The channel is correctly closed after the first stage completes closeresults at line 438, but the second stage — which processes POST-body parameters dp — ...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References4Affected Software2
EUVD
EUVD
added 2026/05/12 12:32 p.m.35 views

EUVD-2026-29436

A vulnerability has been identified in Solid Edge SE2026 All versions V226.0 Update 5. The affected applications contain a stack based overflow vulnerability while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process...

7.8CVSS6AI score0.00106EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/12 11:24 a.m.12 views

Improper Handling of Exceptional Conditions

Overview multiparty is a multipart/form-data parser which supports streaming Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions via the filename parameter parsing in multipart form-data requests. An attacker can cause the process to crash by sending a...

8.7CVSS5.8AI score0.00279EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/12 11:24 a.m.9 views

Improper Handling of Exceptional Conditions

Overview org.webjars.npm:multiparty is a multipart/form-data parser which supports streaming Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions via the filename parameter parsing in multipart form-data requests. An attacker can cause the process to cra...

8.7CVSS5.8AI score0.00279EPSS
Exploits0References2
OSV
OSV
added 2026/05/12 10:16 a.m.7 views

DEBIAN-CVE-2026-8159

[email protected] and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition filename parameter parser. A crafted multipart upload with a long header value can cause regex matching to take seconds, blocking the event loop. Impact: any...

7.5CVSS5.8AI score0.00335EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 9:31 a.m.22 views

EUVD-2026-29414

The AzonPost plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the editposhidden parameter in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

6.1CVSS6AI score0.00204EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/12 9:31 a.m.9 views

EUVD-2026-29410

The Pricing Tables for WP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6AI score0.00255EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/12 9:31 a.m.9 views

EUVD-2026-29415

The WP Google Maps Integration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the page parameter in all versions up to, and including, 1.2. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6AI score0.00211EPSS
Exploits0References6
Rows per page
Query Builder