Lucene search
K

28944 matches found

CVE
CVE
added 2026/07/03 9:0 p.m.18 views

CVE-2026-14611

DeepMyst Mysti (up to 0.4.0) is affected by a vulnerability in MemoryManager.ts initProjectMemory where manipulating workspacePath can cause resource exposure. The issue is exploitable remotely and is fixed by upgrading to version 0.4.0; the patch is identified as 6d709229b5199f6769fb3cf763e5122d...

5.3CVSS5.5AI score0.00253EPSS
Exploits0References8
EUVD
EUVD
added 2026/07/02 7:49 p.m.15 views

EUVD-2026-33280

Mautic has Stored Cross-Site Scripting XSS in Project Option Selector...

5.4CVSS5.8AI score0.00133EPSS
Exploits0References2
CVE
CVE
added 2026/07/02 7:42 p.m.13 views

CVE-2026-59097

Taiga (software) prior to version 6.10.2 contains a missing authorization vulnerability that lets unauthenticated remote attackers create default due-date records in any project by abusing unprotected POST endpoints on the user-story, task, and issue due-date API viewsets. An arbitrary project id...

6.9CVSS6AI score0.00344EPSS
Exploits0References5
Circl
Circl
added 2026/07/02 6:35 p.m.11 views

CVE-2026-50180

creationtimestamp| type| source ---|---|--- 2026-07-02 18:35:07+00:00| published-proof-of-concept| https://github.com/langroid/langroid/security/advisories/GHSA-pmch-g965-grmr 2026-07-10 02:52:17+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqb5e3hzmq2l...

8.7CVSS5.9AI score0.00686EPSS
Exploits0References2
NVD
NVD
added 2026/07/02 1:17 p.m.9 views

CVE-2026-58653

PraisonAI before 0.1.7 fails to validate that projectid in issue create and update request bodies belongs to the URL workspace. An attacker can create issues referencing projects from other workspaces, causing cross-tenant data pollution in project statistics aggregation without workspace...

5.3CVSS0.00158EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 12:34 p.m.9 views

CVE-2026-58653

PraisonAI before 0.1.7 fails to validate that projectid in issue create and update request bodies belongs to the URL workspace. An attacker can create issues referencing projects from other workspaces, causing cross-tenant data pollution in project statistics aggregation without workspace...

5.3CVSS5.8AI score0.00158EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/02 12:34 p.m.38 views

CVE-2026-58653 PraisonAI - Authorization Bypass via Unvalidated project_id in Issue Create/Update

PraisonAI before 0.1.7 fails to validate that projectid in issue create and update request bodies belongs to the URL workspace. An attacker can create issues referencing projects from other workspaces, causing cross-tenant data pollution in project statistics aggregation without workspace...

5.3CVSS0.00158EPSS
Exploits0References2
CVE
CVE
added 2026/07/02 12:34 p.m.15 views

CVE-2026-58653

CVE-2026-58653 affects PraisonAI prior to 0.1.7, where issue creation/update does not validate that project_id matches the URL workspace. This allows an attacker to reference projects from other workspaces, causing cross-tenant data pollution in project statistics aggregation without workspace co...

5.3CVSS5.8AI score0.00158EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/02 12:31 a.m.9 views

EUVD-2026-41160

Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

6.2AI score0.00319EPSS
Exploits0References3
Circl
Circl
added 2026/07/01 10:35 p.m.7 views

CVE-2026-50151

creationtimestamp| type| source ---|---|--- 2026-07-01 22:35:11+00:00| published-proof-of-concept| https://github.com/oras-project/oras-go/security/advisories/GHSA-jxpm-75mh-9fp7...

5.8AI score
Exploits0References1
Circl
Circl
added 2026/07/01 10:35 p.m.7 views

CVE-2026-50163

creationtimestamp| type| source ---|---|--- 2026-07-01 22:35:07+00:00| published-proof-of-concept| https://github.com/oras-project/oras-go/security/advisories/GHSA-fxhp-mv3v-67qp...

5.8AI score
Exploits0References1
EUVD
EUVD
added 2026/07/01 8:57 p.m.9 views

EUVD-2026-40130

Rancher has Privilege Escalation from Project Owner to Host...

9.4CVSS5.8AI score0.00319EPSS
Exploits0References4
OSV
OSV
added 2026/07/01 8:57 p.m.5 views

GHSA-VX8H-4PRV-G744 Rancher has Privilege Escalation from Project Owner to Host

Impact A vulnerability has been identified in Rancher Manager that allows users assigned the Project Owner role to modify Pod Security Admission PSA labels on namespaces within their projects. Under the default role configuration, an attacker with the following access pattern can exploit this...

9.4CVSS5.8AI score0.00319EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/07/01 8:57 p.m.7 views

Rancher has Privilege Escalation from Project Owner to Host

Impact A vulnerability has been identified in Rancher Manager that allows users assigned the Project Owner role to modify Pod Security Admission PSA labels on namespaces within their projects. Under the default role configuration, an attacker with the following access pattern can exploit this...

9.4CVSS5.8AI score0.00319EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/07/01 6:41 p.m.4 views

Unsafe Dependency Resolution

Overview neuro-cortex-memory is a Scientifically-grounded memory system based on computational neuroscience research Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the CLAUDEPROJECTDIR environment variable, which is treated as a trusted source directory witho...

8.5CVSS6.2AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/07/01 3:59 p.m.11 views

6 security settings every GitHub maintainer should enable this week

At GitHub Security Lab, we spend a lot of our week talking to maintainers. Some find the settings page dense and the docs sprawl. Most maintainers we talk to weren't hired to be security engineers. While this is true, ignoring a project's security settings completely will lead into leaving a lot ...

5.9AI score
Exploits0
OSV
OSV
added 2026/07/01 9:49 a.m.9 views

ROOT-APP-GOBINARY-CVE-2026-39831 CVE-2026-39831 in rootio-golang.org/x/crypto - Patched by Root

Root has patched CVE-2026-39831 in the rootio-golang.org/x/crypto package for Root:Go. Multiple fixed versions available...

9.1CVSS5.8AI score0.00373EPSS
Exploits0
NVD
NVD
added 2026/07/01 5:16 a.m.8 views

CVE-2026-12090

The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to generic SQL Injection via the 'wppmprojfilter' parameter in all versions up to, and including, 5.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficie...

6.5CVSS0.00319EPSS
Exploits0References9
EUVD
EUVD
added 2026/07/01 3:43 a.m.8 views

EUVD-2026-40898

The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to generic SQL Injection via the 'wppmprojfilter' parameter in all versions up to, and including, 5.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficie...

6.5CVSS5.9AI score0.00319EPSS
Exploits0References9
Nuclei
Nuclei
added 2026/07/01 3:36 a.m.496 views

GLPI <=10.0.2 - Remote Command Execution

GLPI through 10.0.2 is susceptible to remote command execution injection in /vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module. id: CVE-2022-35914 info: name: GLPI =10.0.2 - Remote Command Execution author: For3stCo1d,allendemoura severity: critical description: | GLPI through 10.0...

9.8CVSS7.8AI score0.99628EPSS
Exploits13References7
Rows per page
Query Builder