Lucene search
+L

310 matches found

CVE
CVE
added 2 days ago26 views

CVE-2026-44174

Kirby CMS (versions prior to 4.9.1 and 5.4.1) exposes REST API search and collection queries that did not validate model attributes, allowing authenticated users to invoke arbitrary model methods (e.g., password(), root(), loginPasswordless(), delete()) via collection endpoints. This can disclose...

8.7CVSS6.2AI score0.0028EPSS
Exploits0References3
Nuclei
Nuclei
added 2 days ago17 views

KeySight RF - smsRestoreDatabaseZip UNC path to Remote Code Execution

The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip method is used to restore the HSQLDB database used in SMS. It takes the path of the zipped database file as the single parameter. An unauthenticated, remote attacker can specify an UNC path for the database file i.e., \\sms,...

9.8CVSS7AI score0.53389EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.10 views

Apache ActiveMQ < 5.19.8 / 6.x < 6.2.7 Multiple Vulnerabilities

The version of Apache ActiveMQ running on the remote host is prior to 5.19.8 or 6.x prior to 6.2.7. It is, therefore, affected by multiple vulnerabilities: - Improper Input Validation vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. A remote unauthenticated peer that...

8.1CVSS6.2AI score0.00844EPSS
Exploits0References16
OSV
OSV
added 2026/07/02 5:6 p.m.10 views

GHSA-6C4R-G249-WV3C OpenClaw: Sandboxed session spawn could expose the real workspace path to child prompts

Summary Sandboxed session spawn could expose the real workspace path to child prompts. In affected versions, a child session spawned from a sandboxed parent could forward the host workspace path into the child session prompt. This advisory is scoped to the named feature and configuration. It does...

5.3CVSS5.9AI score0.00187EPSS
Exploits0References2
NVD
NVD
added 2026/06/23 9:17 p.m.12 views

CVE-2026-47388

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a low-privilege MCP token holder with knowledge of an attachment path could read any file in shared storage, including attachments belonging to other bases and workspaces, because the MCP readAttachment tool did not...

2.3CVSS0.00209EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 4:17 p.m.42 views

CVE-2026-55450 Langflow: Unauthenticated file upload leads to DoS (space exhaustion) and information leak

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, unauthenticated users can upload any amount of data to the server without any limitations. No need for any prior knowledge, only network access to Langflow. This can lead to space exhaustion on the...

9.3CVSS0.00332EPSS
Exploits1References2
OSV
OSV
added 2026/06/23 4:17 p.m.4 views

CVE-2026-55450 Langflow: Unauthenticated file upload leads to DoS (space exhaustion) and information leak

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, unauthenticated users can upload any amount of data to the server without any limitations. No need for any prior knowledge, only network access to Langflow. This can lead to space exhaustion on the...

9.3CVSS6AI score0.00332EPSS
Exploits1References4
OSV
OSV
added 2026/06/18 5:19 p.m.5 views

GHSA-FJV8-J4P5-CR9M Daytona: Path traversal in sandbox volume id mounts arbitrary host paths into the sandbox — cross-tenant data access and host escape

Summary A sandbox volume reference volumeId, which may also be a volume name was forwarded to the runner and used to build the host bind-mount source path without confinement. A reference containing path-traversal sequences could in principle resolve the mount source outside the intended per-volu...

4.2CVSS5.4AI score0.00171EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/15 8:56 p.m.25 views

Nuxt: Dev server discloses project absolute path and persistent workspace UUID via `/.well-known/appspecific/com.chrome.devtools.json`

Summary When running nuxt dev, Nuxt registers an unauthenticated route at /.well-known/appspecific/com.chrome.devtools.json that returns the absolute filesystem path of the project root and a per-project UUID persisted to nodemodules/.cache/nuxt/chrome-workspace.json. The route is enabled by...

5.5AI score
Exploits0References4Affected Software1
NVD
NVD
added 2026/06/12 10:16 p.m.16 views

CVE-2026-53826

OpenClaw before 2026.4.26 contains an information disclosure vulnerability in sandboxed session spawning that exposes the real workspace path to child prompts. Attackers can exploit this by spawning child sessions from sandboxed parents to reveal host workspace location or related memory context ...

4.3CVSS0.00187EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 9:56 p.m.9 views

CVE-2026-53826 OpenClaw < 2026.4.26 - Information Disclosure via Sandboxed Session Spawn

OpenClaw before 2026.4.26 contains an information disclosure vulnerability in sandboxed session spawning that exposes the real workspace path to child prompts. Attackers can exploit this by spawning child sessions from sandboxed parents to reveal host workspace location or related memory context ...

4.3CVSS5.3AI score0.00187EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.10 views

CVE-2026-39339

ChurchCRM is an open-source church management system. Prior to 7.1.0, a critical authentication bypass vulnerability in ChurchCRM's API middleware ChurchCRM/Slim/Middleware/AuthMiddleware.php allows unauthenticated attackers to access all protected API endpoints by including "api/public" anywhere...

9.1CVSS5.5AI score0.01351EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.19 views

PT-2026-44832

Incorrect permission settings on a critical resource in Suprema BioStar 2 versions 2.9.3 through 2.9.11 that allow backup files to be publicly exposed when the administrator configures their path within the NGINX webroot. This vulnerability allows an attacker with network access to directly...

10CVSS5.8AI score0.00341EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/27 3:36 p.m.15 views

CVE-2026-44330

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-pfdmanagement route group without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can use a forged or arbitrary bearer token e.g. Authorization...

10CVSS5.9AI score0.00287EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/05/19 8:14 p.m.12 views

GHSA-3JMG-P96M-M328 FileBrowser Quantum: unauthenticated user share share info

Impact Some sensitive info -- such as source and path can get exposed. Patches Update to the latest version Workarounds no...

8.7CVSS5.8AI score0.00052EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.14 views

PT-2026-42046

Name of the Vulnerable Software and Affected Versions FileBrowser Quantum affected versions not specified Description An unauthenticated user can cause the exposure of sensitive information, such as source and path details. Recommendations Update to the latest version...

8.7CVSS5.9AI score0.00052EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/05/15 7:57 p.m.12 views

CVE-2026-42552

Flight is an extensible micro-framework for PHP. Prior to 3.18.1, the default error handler Engine::error writes the full exception message, exception code, and stack trace including absolute filesystem paths directly into the HTTP 500 response, with no debug gating. Production deployments leak...

7.5CVSS5.8AI score0.00335EPSS
Exploits0References1
OSV
OSV
added 2026/05/14 8:55 p.m.5 views

GHSA-X7Q7-FCHV-8H2J @ranfdev/deepobj has a Prototype Pollution vulnerability

Impact Prototype pollution is possible when property paths contain proto/constructor/prototype. The property path must not be exposed as user input...

8.2CVSS5.4AI score0.00316EPSS
Exploits0References3
OSV
OSV
added 2026/05/14 4:23 p.m.22 views

GHSA-7FW3-X4R2-G7WC Portainer has a bind-mount restriction bypass via HostConfig.Mounts

Summary Portainer offers an environment-level Disable bind mounts for non-administrators security setting that blocks regular users from binding host paths into containers they create through the Portainer-mediated Docker API. The check that enforces this setting only inspected the legacy...

8.5CVSS5.8AI score0.00206EPSS
Exploits1References6
NVD
NVD
added 2026/05/14 4:16 p.m.12 views

CVE-2026-42593

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, pdfengines/merge, pdfengines/split, libreoffice/convert, chromium/convert/url, chromium/convert/html, and chromium/convert/markdown accept stampSource=pdf + stampExpression=/path and watermarkSource=pdf +...

5.3CVSS0.00311EPSS
Exploits1References1
Rows per page
Query Builder