Lucene search
K

22 matches found

The Hacker News
The Hacker News
added 2026/06/10 3:0 p.m.17 views

Langflow Vulnerability CVE-2026-5027 Exploited for Unauthenticated RCE

A high-severity security flaw in Langflow, an open-source low-code platform to build artificial intelligence AI applications, has come under active exploitation in the wild, according to findings from VulnCheck. The vulnerability in question is CVE-2026-5027 CVSS score: 8.8, a case of path...

8.8CVSS6.1AI score0.02104EPSS
Exploits4
Vulnrichment
Vulnrichment
added 2026/05/08 2:50 p.m.10 views

CVE-2026-41576 Ajax30/BraveCMS-2.0: Stored HTML Injection in Contact Email via nl2br() and Unescaped Blade Template

Brave CMS is an open-source CMS. Prior to commit 6c56603, the contact form is publicly accessible no authentication required. User-supplied message text is passed through PHP's nl2br function, which converts newlines to tags but does not escape HTML. The resulting string is then passed to a Blade...

7.1CVSS5.9AI score0.00271EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/30 4:59 p.m.3 views

CVE-2025-68926 RustFS has a gRPC Hardcoded Token Authentication Bypass

RustFS is a distributed object storage system built in Rust. In versions prior to 1.0.0-alpha.78, RustFS implements gRPC authentication using a hardcoded static token "rustfs rpc" that is publicly exposed in the source code repository, hardcoded on both client and server sides, non-configurable...

9.8CVSS6.7AI score0.2903EPSS
Exploits3References1
Tenable Nessus
Tenable Nessus
added 2025/11/24 12:0 a.m.5 views

Liferay Portal GraphQL Schema Detected

This is an informational plugin to inform the user that the scanner has detected that the target Liferay instance publicly exposes its GraphQL schema. No source data...

6.9AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/23 12:0 a.m.6 views

PT-2025-43552

Name of the Vulnerable Software and Affected Versions Frontier Airlines website affected versions not specified Description The Frontier Airlines website has a publicly available endpoint that allows validation of whether an email address is associated with an account. An unauthenticated, remote...

6.9CVSS6.5AI score0.00303EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2025/10/20 12:27 p.m.30 views

⚡ Weekly Recap: F5 Breached, Linux Rootkits, Pixnapping Attack, EtherHiding & More

It's easy to think your defenses are solid — until you realize attackers have been inside them the whole time. The latest incidents show that long-term, silent breaches are becoming the norm. The best defense now isn't just patching fast, but watching smarter and staying alert for what you don't...

10CVSS7.8AI score0.66258EPSS
Exploits15
Wallarm Lab
Wallarm Lab
added 2025/06/26 7:6 a.m.7 views

Beyond Traditional Threats: The Rise of AI-Driven API Vulnerabilities

AI has had dramatic impacts on almost every facet of every industry. API security is no exception. Up until recently, defending APIs meant guarding against well-understood threats. But as AI proliferates, automated adversaries, AI-crafted exploits, and business logic abuse have complicated matter...

8.1AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2025/01/09 12:0 a.m.24 views

CVE-2024-53704

An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication. Recent assessments: remmons-r7 at January 28, 2025 3:26pm UTC reported: On January 7, 2025, SonicWall announced an authentication bypass affecting SonicOS, the...

9.8CVSS9.7AI score0.95132EPSS
In wildExploits0References3
OSV
OSV
added 2024/09/26 5:11 p.m.8 views

CVE-2024-47169 Agnai vulnerable to Remote Code Execution via JS Upload using Directory Traversal

Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to upload arbitrary files to attacker-chosen locations on the server, including JavaScript, enabling the execution of commands within those...

8.8CVSS7.3AI score0.00785EPSS
Exploits0References3
NVD
NVD
added 2024/07/23 7:15 p.m.38 views

CVE-2024-41668

The cBioPortal for Cancer Genomics provides visualization, analysis, and download of large-scale cancer genomics data sets. When running a publicly exposed proxy endpoint without authentication, cBioPortal could allow someone to perform a Server Side Request Forgery SSRF attack. Logged in users...

8.3CVSS0.0058EPSS
Exploits0References5
NVD
NVD
added 2024/05/01 6:15 p.m.16 views

CVE-2024-30176

In Logpoint before 7.4.0, an attacker can enumerate a valid list of usernames by using publicly exposed URLs of shared widgets...

5.3CVSS6.5AI score0.0038EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/01 12:0 a.m.17 views

CVE-2024-30176

In Logpoint before 7.4.0, an attacker can enumerate a valid list of usernames by using publicly exposed URLs of shared widgets...

6.8AI score0.0038EPSS
Exploits0References2
CVE
CVE
added 2024/05/01 12:0 a.m.58 views

CVE-2024-30176

CVE-2024-30176 affects Logpoint versions prior to 7.4.0. The issue allows an attacker to enumerate a valid list of usernames by using publicly exposed URLs of shared widgets, representing an information disclosure vulnerability. The root cause is exposure of widget URLs that enable username enume...

5.3CVSS6.8AI score0.0038EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/11/02 12:0 a.m.6 views

PT-2023-20645 · Unknown · Imageconverter Service

Name of the Vulnerable Software and Affected Versions: imageconverter service affected versions not specified Description: The issue allows requests to cache an image and return its metadata to be abused, including SQL queries that would be executed unchecked. Exploiting this requires at least...

8.8CVSS8.7AI score0.00371EPSS
Exploits0References9
OSV
OSV
added 2023/10/30 10:49 p.m.23 views

CVE-2023-45672 Frigate unsafe deserialization in `load_config_with_no_duplicates` of `frigate/util/builtin.py`

Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, an unsafe deserialization vulnerability was identified in the endpoints used to save configurations for Frigate. This can lead to unauthenticated remote code execution. This can be performed through the UI at /confi...

7.5CVSS7.8AI score0.01387EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2023/10/16 6:5 p.m.13 views

CVE-2023-40180 Denial of service vulnerability in silverstripe-graphql via recursive queries

silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack DDOS attack against a website. This mostly affects websites with publicly exposed graphql schemas. If your...

7.5CVSS7.6AI score0.00901EPSS
Exploits0References5
Cvelist
Cvelist
added 2023/10/16 6:5 p.m.47 views

CVE-2023-40180 Denial of service vulnerability in silverstripe-graphql via recursive queries

silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack DDOS attack against a website. This mostly affects websites with publicly exposed graphql schemas. If your...

7.5CVSS7.8AI score0.00901EPSS
Exploits0References5
Wiz blog
Wiz blog
added 2022/12/21 6:7 p.m.88 views

Automatically discover and secure your APIs with Wiz Dynamic Scanner

Wiz enhances its Dynamic Scanner to detect publicly exposed, unauthenticated APIs...

7.1AI score
Exploits0
NVD
NVD
added 2020/10/14 7:15 p.m.16 views

CVE-2020-15253

Versions of Grocy = 2.7.1 are vulnerable to Cross-Site Scripting via the Create Shopping List module, that is rendered upon deleting that Shopping List. The issue was also found in users, batteries, chores, equipment, locations, quantity units, shopping locations, tasks, taskcategories, product...

7.3CVSS0.01232EPSS
Exploits1References5
The Hacker News
The Hacker News
added 2020/01/20 2:24 p.m.5 views

Citrix Releases Patches for Critical ADC Vulnerability Under Active Attack

Citrix has finally started rolling out security patches for a critical vulnerability in ADC and Gateway software that attackers started exploiting in the wild earlier this month after the company announced the existence of the issue without releasing any permanent fix. I wish I could say, "better...

9.8CVSS7.9AI score0.99999EPSS
Exploits48
Rows per page
Query Builder