Lucene search
K

303908 matches found

GithubExploit
GithubExploit
added 14 minutes ago3 views

magento-polyshell

APSB25-94 — PolyShell: Magento 2 Unauthenticated File Upload RCE...

6.5AI score
Exploits0
The Hacker News
The Hacker News
added 43 minutes ago2 views

Firefox, Chrome, Adobe, and VMware Updates Fix Multiple Critical Security Flaws

Mozilla has released updates to address two critical flaws in Firefox for which it warned that exploit code has been published. The vulnerabilities are listed below - CVE-2026-15718 , an invalid pointer in the JavaScript: WebAssembly component CVE-2026-15719 , a site isolation in the DOM:...

9.9CVSS6.6AI score
Exploits0
GithubExploit
GithubExploit
added 46 minutes ago4 views

Exploit for Deserialization of Untrusted Data in Apache Camel

camel-pqc Key-Lifecycle Unsafe Deserialization Reproducer CVE...

8.8CVSS6.3AI score0.00485EPSS
Exploits1
GithubExploit
GithubExploit
added 1 hour ago4 views

Exploit for CVE-2026-58635

CVE-2026-58635: Windows Narrator Braille Local Privilege Escal...

7.8CVSS6.3AI score
Exploits1
NVD
NVD
added 1 hour ago4 views

CVE-2026-61440

PraisonAI Platform before 0.1.9 fails to properly authorize label and issue-label mutations, allowing workspace members to rename and recolor shared labels and add or remove labels on owner-created issues. Attackers with workspace member privileges can exploit PATCH and POST/DELETE endpoints to...

7.1CVSS
Exploits0References3
NVD
NVD
added 1 hour ago5 views

CVE-2026-61451

The Grav API plugin grav-plugin-api before 1.0.4 does not validate the origin of the client-supplied adminbaseurl field in the POST /api/v1/auth/forgot-password endpoint. The sanitizeHttpUrl function only checks that the URL scheme is http/https and never verifies the host against the server's ow...

9.6CVSS
Exploits0References2
NVD
NVD
added 1 hour ago4 views

CVE-2026-61435

PraisonAI before 4.6.78 contains an authentication bypass in the Call API agent invocation endpoints src/praisonai/praisonai/api/agentinvoke.py when PRAISONAICALLAUTH=disabled is configured. The safeguard intended to restrict the disabled-auth opt-out to localhost binding derives the bind host fr...

8.8CVSS
Exploits0References4
NVD
NVD
added 1 hour ago5 views

CVE-2026-59236

Authorization Bypass Through User-Controlled Key CWE-639 in the Excel import handlers CustomerImport, LeadImport, ProductImport in Roskus Prospero Flow CRM before 5.14.0 allows a remote, authenticated user of any role or company to create customer, lead, and product records inside another company...

6.9CVSS
Exploits0References3
NVD
NVD
added 1 hour ago4 views

CVE-2026-57996

phpMyFAQ before 4.1.5 contains a privilege escalation vulnerability in the user/add API endpoint that allows non-SuperAdmin administrators to create SuperAdmin accounts. A delegated administrator with USERADD/EDIT/DELETE permissions can call POST /admin/api/user/add with isSuperAdmin: true and...

8.8CVSS
Exploits0References2
The Hacker News
The Hacker News
added 2 hours ago5 views

SASE Has An AI Blind Spot. Inspecting Packets Is No Longer Enough.

For years, routing traffic through cloud proxies was good enough. Then work moved to the browser, AI entered the workflow, and the inspection model stopped keeping up. Enterprise workflows now live across SaaS applications, browsers, and an expanding ecosystem of generative AI tools, unsanctioned...

6.1AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2 hours ago18 views

The vulnerability of the Directum HR Pro system, which exists due to insufficient verification of input data, allows a perpetrator to disclose protected information.

The vulnerability of the Directum HR Pro system exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor to disclose protected information by sending a specially crafted POST request...

7.7CVSS5.7AI score
Exploits0Affected Software1
Cvelist
Cvelist
added 2 hours ago3 views

CVE-2026-61451 Grav before 1.0.4 Password Reset Token Poisoning via admin_base_url

The Grav API plugin grav-plugin-api before 1.0.4 does not validate the origin of the client-supplied adminbaseurl field in the POST /api/v1/auth/forgot-password endpoint. The sanitizeHttpUrl function only checks that the URL scheme is http/https and never verifies the host against the server's ow...

9.6CVSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2 hours ago3 views

CVE-2026-61451 Grav before 1.0.4 Password Reset Token Poisoning via admin_base_url

The Grav API plugin grav-plugin-api before 1.0.4 does not validate the origin of the client-supplied adminbaseurl field in the POST /api/v1/auth/forgot-password endpoint. The sanitizeHttpUrl function only checks that the URL scheme is http/https and never verifies the host against the server's ow...

9.6CVSS6.2AI score
Exploits0References2
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-44648

The Grav API plugin grav-plugin-api before 1.0.4 does not validate the origin of the client-supplied adminbaseurl field in the POST /api/v1/auth/forgot-password endpoint. The sanitizeHttpUrl function only checks that the URL scheme is http/https and never verifies the host against the server's ow...

9.6CVSS6.2AI score
Exploits0References2
CVE
CVE
added 2 hours ago3 views

CVE-2026-61451

CVE-2026-61451 affects Grav API plugin (grav-plugin-api)

9.6CVSS6.2AI score
Exploits0References2
Cvelist
Cvelist
added 2 hours ago3 views

CVE-2026-61440 PraisonAI Platform before 0.1.9 Authorization Bypass via Label Endpoints

PraisonAI Platform before 0.1.9 fails to properly authorize label and issue-label mutations, allowing workspace members to rename and recolor shared labels and add or remove labels on owner-created issues. Attackers with workspace member privileges can exploit PATCH and POST/DELETE endpoints to...

7.1CVSS
Exploits0References3
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-44644

PraisonAI Platform before 0.1.9 fails to properly authorize label and issue-label mutations, allowing workspace members to rename and recolor shared labels and add or remove labels on owner-created issues. Attackers with workspace member privileges can exploit PATCH and POST/DELETE endpoints to...

7.1CVSS6.1AI score
Exploits0References3
CVE
CVE
added 2 hours ago3 views

CVE-2026-61440

CVE-2026-61440 affects the PraisonAI Platform prior to 0.1.9. The issue is an authorization flaw in label and issue-label mutations that lets workspace members with basic privileges rename and recolor shared labels and add/remove labels on owner-created issues. The root cause is improper authoriz...

7.1CVSS6.1AI score
Exploits0References3
Cvelist
Cvelist
added 2 hours ago3 views

CVE-2026-61435 PraisonAI before 4.6.78 Authentication Bypass via Host Header Spoofing

PraisonAI before 4.6.78 contains an authentication bypass in the Call API agent invocation endpoints src/praisonai/praisonai/api/agentinvoke.py when PRAISONAICALLAUTH=disabled is configured. The safeguard intended to restrict the disabled-auth opt-out to localhost binding derives the bind host fr...

8.8CVSS
Exploits0References4
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-44641

PraisonAI before 4.6.78 contains an authentication bypass in the Call API agent invocation endpoints src/praisonai/praisonai/api/agentinvoke.py when PRAISONAICALLAUTH=disabled is configured. The safeguard intended to restrict the disabled-auth opt-out to localhost binding derives the bind host fr...

8.8CVSS6.1AI score
Exploits0References4
Rows per page
Query Builder