Lucene search
+L

21 matches found

CVE
CVE
added 2026/06/12 2:17 p.m.42 views

CVE-2026-47141

CVE-2026-47141 affects vm2 NodeVM where diagnostics_channel, async_hooks, and perf_hooks observability builtins were exposed to sandboxed code before patching in vm2 3.11.4. These process‑wide modules can leak host data (e.g., HTTP headers, AsyncResource state, performance entries) into the sandb...

6.9CVSS5.2AI score0.00308EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/31 9:56 p.m.3 views

CVE-2026-34533 iccDEV: UB in CIccCalculatorFunc::ApplySequence()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger Undefined Behavior UB in CIccCalculatorFunc::ApplySequence due to invalid enum values being loaded for icChannelFuncSignature. The issue is...

6.2CVSS5.8AI score0.00156EPSS
Exploits1References3
NVD
NVD
added 2026/03/02 3:16 p.m.9 views

CVE-2024-50337

Chamilo is a learning management system. Prior to version 1.11.28, the OpenId function allows anyone to send requests to any URL on server's behalf, which results in unauthenticated blind SSRF. This issue has been patched in version 1.11.28...

5.3CVSS0.00323EPSS
Exploits1References3
OSV
OSV
added 2026/02/04 5:36 p.m.5 views

CVE-2026-21893 n8n Vulnerable to Command Injection in Community Package Installation

n8n is an open source workflow automation platform. From version 0.187.0 to before 1.120.3, a command injection vulnerability was identified in n8n’s community package installation functionality. The issue allowed authenticated users with administrative permissions to execute arbitrary system...

9.4CVSS5.8AI score0.01343EPSS
Exploits0References4
OSV
OSV
added 2026/01/26 9:28 p.m.7 views

CVE-2026-22696 dcap-qvl has Missing Verification for QE Identity

dcap-qvl implements the quote verification logic for DCAP Data Center Attestation Primitives. A vulnerability present in versions prior to 0.3.9 involves a critical gap in the cryptographic verification process within the dcap-qvl. The library fetches QE Identity collateral including qeidentity,...

9.3CVSS5.9AI score0.00208EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 8:44 a.m.13 views

CVE-2022-23542

OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. During an internal security assessment, it was discovered that OpenFGA version 0.3.0 is vulnerable to authorization bypass under certain conditions. This issue has been patched in version 0.3.1 and...

9.8CVSS6.8AI score0.0091EPSS
Exploits0References1
NVD
NVD
added 2025/10/03 11:15 p.m.12 views

CVE-2025-61685

Mastra is a Typescript framework for building AI agents and assistants. Versions 0.13.8 through 0.13.20-alpha.0 are vulnerable to a Directory Traversal attack that results in the disclosure of directory listings. The code contains a security check to prevent path traversal for reading file...

6.5CVSS0.00541EPSS
Exploits0References2
CVE
CVE
added 2025/06/23 8:48 p.m.63 views

CVE-2025-52562

Convoy CVE-2025-52562 describes an unauthenticated directory traversal vulnerability in the LocaleController affecting Convoy versions 3.9.0-rc3 through 4.4.0. Exploitation allows including and executing arbitrary PHP files on the server. The issue has been patched in version 4.4.1; a temporary w...

10CVSS9.8AI score0.01706EPSS
Exploits0References2
NVD
NVD
added 2025/06/17 9:15 p.m.9 views

CVE-2025-49843

conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travisheaders function in the conda-smithy repository creates files with permissions exceeding 0o600, allowing read and write...

6.9CVSS0.00525EPSS
Exploits0References3
NVD
NVD
added 2025/05/29 9:15 a.m.13 views

CVE-2025-27151

Redis is an open source, in-memory database that persists on disk. In versions starting from 7.0.0 to before 8.0.2, a stack-based buffer overflow exists in redis-check-aof due to the use of memcpy with strlenfilepath when copying a user-supplied file path into a fixed-size stack buffer. This allo...

9.8CVSS0.00797EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 2:12 a.m.11 views

CVE-2023-52139

Misskey is an open source, decentralized social media platform. Third-party applications may be able to access some endpoints or Websocket APIs that are incorrectly specified as kind or secure without the user's permission and perform operations such as reading or adding non-public content. As a...

9.6CVSS6.3AI score0.00549EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:31 p.m.9 views

CVE-2021-21391

CKEditor 5 provides a WYSIWYG editing solution. This CVE affects the following npm packages: ckeditor5-engine, ckeditor5-font, ckeditor5-image, ckeditor5-list, ckeditor5-markdown-gfm, ckeditor5-media-embed, ckeditor5-paste-from-office, and ckeditor5-widget. Following an internal audit, a regular...

6.5CVSS6.6AI score0.01667EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/30 6:27 p.m.50 views

CVE-2025-46331 OpenFGA Authorization Bypass

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.10 to v1.3.6 Helm chart = openfga-0.2.28, docker = v.1.8.10 are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Th...

5.8CVSS0.00327EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/04/29 8:40 p.m.16 views

CVE-2025-46549 Yeswiki Vulnerable to Unauthenticated Reflected Cross-site Scripting

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user’s session. This vulnerability...

4.3CVSS4.3AI score0.00498EPSS
Exploits1References2
NVD
NVD
added 2025/04/18 4:15 p.m.39 views

CVE-2025-31120

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, an insecure view count mechanism in the forum page allows an unauthenticated attacker to artificially increase the view count. The application relies on a client-side cookie nl-topic-t...

5.3CVSS0.00419EPSS
Exploits1References3
OSV
OSV
added 2025/03/11 8:7 p.m.9 views

GHSA-48G7-3X6R-XFHP Arbitrary Code Execution via Crafted Keras Config for Model Loading

Impact The Keras Model.loadmodel function permits arbitrary code execution, even with safemode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary Python modules and functions, along with their...

7.3CVSS7.1AI score0.02803EPSS
Exploits3References8
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.6 views

PT-2026-29081

Name of the Vulnerable Software and Affected Versions OpenSC versions prior to 0.27.0 Description OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, providing a crafted input to the fuzz pkcs15 reader harness results in an out-of-bounds heap read within the...

6.8CVSS6AI score0.00282EPSS
Exploits2References45
CVE
CVE
added 2024/11/14 3:29 p.m.93 views

CVE-2024-52505

CVE-2024-52505 affects the matrix-appservice-irc Node.js IRC bridge. The provisioning API in versions up to 3.0.2 allowed arbitrary IRC command execution by the bridge bot, as described in multiple sources. A fix exists in version 3.0.3, which patches the vulnerability. No exploitation details ar...

5.4CVSS5.7AI score0.00374EPSS
Exploits0References2
OSV
OSV
added 2024/10/28 3:15 p.m.4 views

ALPINE-CVE-2024-49761

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML...

7.5CVSS6.9AI score0.01429EPSS
Exploits0References1
OSV
OSV
added 2024/04/23 8:15 p.m.1 views

DEBIAN-CVE-2024-32661

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible NULL access and crash. Version 3.5.1 contains a patch for the issue. No known workarounds are available...

7.5CVSS6.7AI score0.01224EPSS
Exploits0References1
Rows per page
Query Builder