Lucene search
+L

29163 matches found

Nuclei
Nuclei
added 2 days ago132 views

GLPI plugin Barcode < 2.6.1 - Path Traversal Vulnerability.

Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability. id: CVE-2021-43778 info: name: GLPI plugin Barcode 2.6.1 - Path Traversal Vulnerability. author:...

9.1CVSS7.3AI score0.52658EPSS
Exploits2References5
Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-53535 Activepieces: Arbitrary file write in git-sync via path traversal and symlinks

Activepieces is an open source AI workflow automation platform. Prior to 0.82.0, the git-sync feature clones a user-configured Git repository into a temporary directory on the server and then writes flow, table, and connection state into it before pushing back, and two separate weaknesses allowed...

5.9CVSS0.00574EPSS
Exploits0References4
CVE
CVE
added 3 days ago12 views

CVE-2026-53535

Activepieces prior to 0.82.0 is affected by an arbitrary file write in the git-sync workflow. The issue occurs because git-sync clones a configured repository into a temporary server directory with Git’s symbolic-link handling enabled, allowing symlinks to redirect writes. Additionally, on-disk i...

5.9CVSS6.3AI score0.00574EPSS
Exploits0References4
NVD
NVD
added 3 days ago8 views

CVE-2026-44968

dbt-mcp is a Model Context Protocol server for interacting with dbt. Prior to 1.17.1, rundbtcommand in src/dbtmcp/dbtcli/tools.py appended unsanitized nodeselection and resourcetype values to the dbt subprocess argument list, allowing an MCP client to inject dbt global flags such as --profiles-di...

6.3CVSS0.00137EPSS
Exploits0References4
Cvelist
Cvelist
added 3 days ago38 views

CVE-2026-44968 dbt-mcp: Argument Injection in dbt CLI Tool Wrappers via node_selection and resource_type Parameters

dbt-mcp is a Model Context Protocol server for interacting with dbt. Prior to 1.17.1, rundbtcommand in src/dbtmcp/dbtcli/tools.py appended unsanitized nodeselection and resourcetype values to the dbt subprocess argument list, allowing an MCP client to inject dbt global flags such as --profiles-di...

6.3CVSS0.00137EPSS
Exploits0References4
NVD
NVD
added 3 days ago6 views

CVE-2026-3031

Image::EPEG versions through 0.15 for Perl embeds an unsupported version of the Epeg library. Image::EPEG includes Epeg 0.9.0 that was last updated in 2004. Epeg is a fast JPEG thumbnail library that was once part of the Englightenment Project...

9.8CVSS0.00402EPSS
Exploits0References3
CVE
CVE
added 3 days ago12 views

CVE-2026-45795

The Janssen Project's Jans-auth-server had a JWE request object signature verification bypass prior to version 2.0.0: unsigned JWE were accepted because JwtAuthorizationRequest skipped inner signature validation when jwe.getSignedJWTPayload() was null, and AuthzRequestService.processRequestObject...

5.3CVSS6.1AI score0.00159EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 3 days ago5 views

CVE-2026-45795

The Janssen Project is an open-source identity and access management IAM platform. Prior to 2.0.0, jans-auth-server accepts unsigned JWE request objects because JwtAuthorizationRequest skips inner signature validation when jwe.getSignedJWTPayload returns null, and...

5.3CVSS6.1AI score0.00159EPSS
Exploits0References5Affected Software1
OSV
OSV
added 3 days ago6 views

CVE-2026-45795 Janssen Project: JWE Request Object Signature Verification Bypass in jans-auth-server

The Janssen Project is an open-source identity and access management IAM platform. Prior to 2.0.0, jans-auth-server accepts unsigned JWE request objects because JwtAuthorizationRequest skips inner signature validation when jwe.getSignedJWTPayload returns null, and...

5.3CVSS6.1AI score0.00159EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 3 days ago10 views

Important: Red Hat Security Advisory: hplip security update

An update for hplip is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

9.8CVSS6.1AI score0.01333EPSS
Exploits0References2
Nuclei
Nuclei
added 3 days ago389 views

Monitorr 1.7.6m - Unauthenticated Remote Code Execution

Monitorr 1.7.6m is susceptible to a remote code execution vulnerability. Improper input validation and lack of authorization leads to arbitrary file uploads in the web application. An unauthorized attacker with web access to could upload and execute a specially crafted file, leading to remote cod...

9.8CVSS7.5AI score0.85785EPSS
Exploits8References5
Nuclei
Nuclei
added 3 days ago122 views

GitLab 16.0.0 - Path Traversal

An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups id: CVE-2023-2825 info: name:...

10CVSS7AI score0.71641EPSS
Exploits5References5
Nuclei
Nuclei
added 3 days ago79 views

Ruby Dragonfly <1.4.0 - Remote Code Execution

Ruby Dragonfly before 1.4.0 contains an argument injection vulnerability that allows remote attackers to read and write to arbitrary files via a crafted URL when the verifyurl option is disabled. This may lead to code execution. The problem occurs because the generate and process features mishand...

9.8CVSS7.2AI score0.72249EPSS
Exploits4References5
OSV
OSV
added 3 days ago3 views

MINI-PPG9-PRJ8-HWC2

Bulletin has no description...

9.1CVSS6.1AI score0.00487EPSS
Exploits0
OSV
OSV
added 3 days ago2 views

ROOT-APP-NPM-NSWG-ECO-516 NSWG-ECO-516 in @rootio/lodash - Patched by Root

Root has patched NSWG-ECO-516 in the @rootio/lodash package for Root:npm. Multiple fixed versions available...

6.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 3 days ago12 views

Linux Distros Unpatched Vulnerability : CVE-2026-51105

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer Overflow vulnerability in aMULE-Project aMule v.2.3.3 allows a remote attacker to cause a denial of service via the OPSERVERMESSAGE Handler. CVE-2026-511...

7.5CVSS5.4AI score0.00318EPSS
Exploits0References3
OSV
OSV
added 3 days ago6 views

MAL-2026-10762 Malicious code in @edgecommons/edgecommons (npm)

The @edgecommons/edgecommons package was published to the npm registry by user 'ada8877' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name uses an '@edgecommons' scope that mimics the internal/private package naming convention of a...

5.6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago10 views

Malicious code in syft-acp-core (npm)

The syft-acp-core package was published to the npm registry by user 'ada8877' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the 'syft-acp' internal/private package naming convention an ACP component library of a target...

5.5AI score
Exploits0References2
NVD
NVD
added 4 days ago6 views

CVE-2026-58660

Kanboard through 1.2.52, fixed in commit 564cc30, BoardAjaxController save method used by the kanban board drag-and-drop endpoint validates the caller's role on the attacker-supplied projectid but never verifies that the supplied taskid actually belongs to that project. Because task identifiers a...

8.1CVSS0.00355EPSS
Exploits0References4
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-44752

Kanboard through 1.2.52, fixed in commit 564cc30, BoardAjaxController save method used by the kanban board drag-and-drop endpoint validates the caller's role on the attacker-supplied projectid but never verifies that the supplied taskid actually belongs to that project. Because task identifiers a...

8.1CVSS6.1AI score0.00355EPSS
Exploits0References4
Rows per page
Query Builder