Lucene search
K

248 matches found

OSV
OSV
added 5 days ago4 views

PYSEC-2026-2006 Defining resource name as integer may give unintended access in vantage6

Impact Malicious users may try to get access to resources they are not allowed to see, by creating resources with integers as names. One example where this is a risk, is when users define which users are allowed to run algorithms on their node. This may be defined by username or user id. Now, for...

5.4CVSS6.1AI score0.00402EPSS
Exploits0References9
EUVD
EUVD
added 2026/06/29 4:15 a.m.7 views

EUVD-2026-40031

A vulnerability was detected in CherryHQ cherry-studio up to 1.9.7. This affects the function sha256 of the file src/main/services/memory/MemoryService.ts of the component CherryIN Preload API. Performing a manipulation of the argument state results in authorization bypass. The attack can be...

5CVSS5.4AI score0.00199EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/29 4:15 a.m.39 views

CVE-2026-13534 CherryHQ cherry-studio CherryIN Preload API MemoryService.ts sha256 authorization

A vulnerability was detected in CherryHQ cherry-studio up to 1.9.7. This affects the function sha256 of the file src/main/services/memory/MemoryService.ts of the component CherryIN Preload API. Performing a manipulation of the argument state results in authorization bypass. The attack can be...

5CVSS0.00199EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/18 6:46 p.m.17 views

CVE-2026-48716 nanobot: Path traversal via unsanitized WhatsApp document fileName enables arbitrary file write

nanobot is a personal AI assistant. In versions 0.1.5.post3 and prior, the WhatsApp bridge in bridge/src/whatsapp.ts constructs a filesystem path using the fileName field from an incoming WhatsApp document message without sanitization. The WhatsApp bridge downloads media attachments and writes th...

8.7CVSS0.00276EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.22 views

PT-2026-50780

Name of the Vulnerable Software and Affected Versions nanobot versions prior to 0.1.5.post4 Description The WhatsApp bridge in bridge/src/whatsapp.ts constructs a filesystem path using the fileName field from an incoming WhatsApp document message without sanitization. The bridge downloads media...

8.7CVSS6AI score0.00276EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/06/15 12:0 a.m.9 views

Arista Networks EOS Tunnel Decapsulation Improper Validation (SA0137)

On affected platforms running Arista EOS where a tunnel decapsulation configuration - such as VXLAN Virtual Extensible LAN, decap-groups, or a GRE Generic Routing Encapsulation tunnel interface - is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packets wit...

6.9CVSS6.1AI score0.00836EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/11 11:30 a.m.11 views

EUVD-2026-36236

A vulnerability was determined in TwiN gatus 5.36.0. Impacted is the function setSessionCookie of the file security/oidc.go of the component OIDC Session Cookie Handler. Executing a manipulation can lead to sensitive cookie without secure attribute. The attack can be launched remotely. This attac...

6.3CVSS4.9AI score0.00191EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/08 12:30 a.m.12 views

EUVD-2026-34995

A vulnerability was identified in JeecgBoot up to 3.9.2. Affected by this vulnerability is the function queryPageList of the file src\main\java\org\jeecg\modules\system\controller\SysUserController.java of the component User List Endpoint. The manipulation of the argument salt leads to informatio...

3.1CVSS4.9AI score0.0022EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.11 views

CVE-2026-41873

UNSUPPORTED WHEN ASSIGNED Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Pony Mail leading to admin account takeover. This issue affects all versions of the Lua implementation of Pony Mail. There is a Python implementation under development under t...

9.8CVSS5.4AI score0.00444EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/01 8:15 a.m.11 views

CVE-2026-10240

A vulnerability was identified in JeecgBoot up to 3.9.2. The impacted element is an unknown function of the file /airag/airagModel/test. The manipulation of the argument baseUrl leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit is publicly...

6.5CVSS6.3AI score0.0027EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/01 8:0 a.m.11 views

CVE-2026-10239 JeecgBoot edit WordUtil.addImage server-side request forgery

A vulnerability was determined in JeecgBoot up to 3.9.2. The affected element is the function WordUtil.addImage of the file /airag/word/edit. Executing a manipulation can lead to server-side request forgery. The attack can be executed remotely. The exploit has been publicly disclosed and may be...

6.5CVSS6.3AI score0.0027EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/01 8:0 a.m.10 views

EUVD-2026-33601

A vulnerability was determined in JeecgBoot up to 3.9.2. The affected element is the function WordUtil.addImage of the file /airag/word/edit. Executing a manipulation can lead to server-side request forgery. The attack can be executed remotely. The exploit has been publicly disclosed and may be...

6.5CVSS6.3AI score0.0027EPSS
Exploits0References6
NVD
NVD
added 2026/05/24 10:16 a.m.20 views

CVE-2026-9371

A security vulnerability has been detected in ItzCrazyKns Vane up to 1.12.1. Affected by this issue is some unknown functionality of the file route.ts of the component API. The manipulation leads to missing authentication. The attack may be initiated remotely. The attack's complexity is rated as...

6.3CVSS0.00437EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/24 9:45 a.m.25 views

CVE-2026-9371

A security vulnerability has been detected in ItzCrazyKns Vane up to 1.12.1. Affected by this issue is some unknown functionality of the file route.ts of the component API. The manipulation leads to missing authentication. The attack may be initiated remotely. The attack's complexity is rated as...

6.3CVSS5.2AI score0.00437EPSS
Exploits0References7Affected Software1
Packet Storm News
Packet Storm News
added 2026/05/21 12:0 a.m.13 views

TriSweep: A Four-Drone Swarm Framework for Electromagnetic Side-Channel Analysis

Electromagnetic EM side-channel analysis traditionally assumes a stationary, close-proximity probe - a threat model that underestimates aerial adversaries. TriSweep is a simulation framework that designs and evaluates a four-drone swarm architecture for autonomous standoff EM-SCA of embedded...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/05/12 3:31 a.m.9 views

EUVD-2026-29355

Reserved. Details will be published at disclosure...

5.8AI score0.00889EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/12 1:6 a.m.6 views

CVE-2026-45392 DOM-based XSS in Cribl Stream

DOM-based cross-site scripting XSS in Cribl Stream before 4.17.1 allows a remote attacker to execute arbitrary JavaScript in the browser of an authenticated user who is tricked into visiting a crafted URL and interacting with the page...

8.7CVSS5.9AI score0.00281EPSS
Exploits0References2
CVE
CVE
added 2026/05/09 10:15 a.m.16 views

CVE-2026-8185

The CVE primarily affects UGREEN CM933 1.1.59.4319, where an unknown function in the Administrative Interface allows missing authentication. This vulnerability requires local-network proximity (attack vector Adjacent) and exposes confidentiality, integrity, and availability at Low impact per the ...

6.3CVSS6.3AI score0.0032EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/06 10:39 p.m.8 views

MediaMTX affected by CVE-2026-27143 due to vulnerable dependency

Summary Release 1.17.1 seems affected by CVE-2026-27143. golang 1.25.9 Seems to solve the issue. Is there any new release planned? Details See https://nvd.nist.gov/vuln/detail/CVE-2026-27143...

9.8CVSS5.8AI score0.00536EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/29 1:21 p.m.5 views

JLSEC-2026-327

A vulnerability has been found in HDF5 1.14.6 and classified as critical. This vulnerability affects the function H5Tbitcopy of the component Type Conversion Logic. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclos...

7.8CVSS5.3AI score0.00324EPSS
Exploits1References4
Rows per page
Query Builder