Lucene search
K

7703 matches found

Cvelist
Cvelist
added 15 hours ago9 views

CVE-2026-15574 Vllm-orchestrator-gateway: vllm-orchestrator-gateway: authorization header and full chat payloads logged at hard-coded debug default

A flaw was found in the vllm-orchestrator-gateway component. The system's production binary logs all incoming authorization headers and full chat payloads, which may contain personally identifiable information PII and secrets, to persistent logs. This sensitive data, including bearer tokens and...

7.5CVSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 17 hours ago4 views

Malicious code in backup1-gg (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eb035cd86ea0fd9311ad7b6f509a5f6ff9916838194db2a06eed0576d91bb655 The npm package [email protected] ships multiple heavily obfuscated JavaScript bundles under assets/ AccountPage, DarkVeil, GamesPage, PlusBlockedNote...

6.1AI score
Exploits0References2
NVD
NVD
added 19 hours ago7 views

CVE-2026-15552

Enterprise Cloud Database developed by Ragic has a Stored Cross-Site Scripting vulnerability, allowing unauthenticated remote attackers to inject persistent JavaScript code executed in users' browsers upon page load...

6.1CVSS
Exploits0References2
NVD
NVD
added 3 days ago6 views

CVE-2026-57215

RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, RabbitMQ allows foreign bindings to amq.rabbitmq.reply-to destinations because volatile direct-reply-to queues can be accepted at bind and route time but are missing from Khepri-backed deletion checks,...

8.8CVSS0.00245EPSS
Exploits1References6
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago6 views

Malicious code in proxy-check-i (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2da390c130eb840eb129a5d43faf0a64a0f0f602070243613aa0e2f8ea8f6d04 The package advertises itself as a wrapper for a 'qsshd executable' but the bundled Go binary is a reverse-SSH daemon that grants a remote operator...

6.3AI score
Exploits0References3
NVD
NVD
added 4 days ago7 views

CVE-2026-54799

A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V26.20, SICORE Base system All versions V26.20.0. The affected application contains a vulnerability in its firmware update mechanism's signature validation process. This could allow an attacker to install...

8.4CVSS0.00127EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42594

A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V26.20, SICORE Base system All versions V26.20.0. The affected application contains a vulnerability in its firmware update mechanism's signature validation process. This could allow an attacker to install...

8.4CVSS6.3AI score0.00127EPSS
Exploits0References1
CVE
CVE
added 4 days ago12 views

CVE-2026-54799

The CVE-2026-54799 entry describes a vulnerability in the firmware update signature validation for CPCI85 Central Processing/Communication (all versions < V26.20) and SICORE Base system (all versions

8.4CVSS6.3AI score0.00127EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago5 views

CVE-2026-59879

Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, Listset, ListsetSize, ListsetIn, ListupdateIn, and the functional set, setIn, and updateIn mishandle an index or size in the range 2 30 to 2 31 in setListBounds in src/List.js, causing an empty List to ente...

8.7CVSS6AI score0.0037EPSS
Exploits1References6Affected Software1
OSV
OSV
added 5 days ago5 views

BIT-PYTHON-2026-5713 Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target

The "profiling.sampling" module Python 3.15+ and "asyncio introspection capabilities" 3.14+, "python -m asyncio ps" and "python -m asyncio pstree" features could be used to read and write addresses in a privileged process if that process connected to a malicious or "infected" Python process via t...

5.3CVSS5.7AI score0.00132EPSS
Exploits0References7
OSV
OSV
added 5 days ago14 views

BIT-LIBPYTHON-2026-5713 Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target

The "profiling.sampling" module Python 3.15+ and "asyncio introspection capabilities" 3.14+, "python -m asyncio ps" and "python -m asyncio pstree" features could be used to read and write addresses in a privileged process if that process connected to a malicious or "infected" Python process via t...

5.3CVSS5.7AI score0.00132EPSS
Exploits0References7
NVD
NVD
added 6 days ago10 views

CVE-2026-23698

Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the admin module import feature that allows administrator-level attackers to upload arbitrary PHP files by submitting a crafted zip archive through the ModuleManager import function, which extracts contents...

8.6CVSS0.00867EPSS
Exploits2References3
NVD
NVD
added 6 days ago13 views

CVE-2026-34168

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the LocalPersistentVolume.name field is interpolated directly into docker volume shell commands without shell argument escaping, allowing an authenticated user to set a...

8.8CVSS0.00403EPSS
Exploits0References3
Cvelist
Cvelist
added 6 days ago29 views

CVE-2026-42143 Coolify: OS Command Injection via Persistent Volume Names - Root RCE on Managed Servers

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, user-controlled persistent volume names are interpolated into shell commands executed on managed servers without escaping or validation, allowing an authenticated member to...

8.8CVSS0.00435EPSS
Exploits0References3
CVE
CVE
added 6 days ago11 views

CVE-2026-34168

CVE-2026-34168 affects Coolify prior to 4.0.0-beta.471. The vulnerability arises from the LocalPersistentVolume.name field being interpolated directly into docker volume commands without shell-escaping, enabling an authenticated user to inject and execute commands on managed servers when the reso...

8.8CVSS6AI score0.00403EPSS
Exploits0References3
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-34168 Coolify: Command injection via unsanitized persistent storage name in docker volume commands

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the LocalPersistentVolume.name field is interpolated directly into docker volume shell commands without shell argument escaping, allowing an authenticated user to set a...

8.8CVSS0.00403EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-34168

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the LocalPersistentVolume.name field is interpolated directly into docker volume shell commands without shell argument escaping, allowing an authenticated user to set a...

8.8CVSS6AI score0.00403EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 6 days ago14 views

EUVD-2026-41986

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the LocalPersistentVolume.name field is interpolated directly into docker volume shell commands without shell argument escaping, allowing an authenticated user to set a...

8.8CVSS6AI score0.00403EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-56136

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.471 Description Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. An authenticated user can execute commands on managed servers when a resource is deleted...

8.8CVSS6AI score0.00403EPSS
Exploits0References7
NVD
NVD
added 2026/07/06 9:16 p.m.6 views

CVE-2025-59615

Memory Corruption when invoking device input/output control operations for mapping and unmapping persistent memory buffers due to improper synchronization...

7.8CVSS0.00064EPSS
Exploits0References1
Rows per page
Query Builder