Lucene search
K

20471 matches found

Snyk
Snyk
added 2026/05/11 9:0 p.m.14 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/30 8:44 p.m.5 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation through the AuthHelper SSO setup flow in the auth helper pipeline. An attacker can link a Sentry account to a different identity by supplying an IdP assertion email that resolves to another user during provider setup...

9.8CVSS5.8AI score0.00623EPSS
Exploits0References2
Fedora
Fedora
added 2026/04/25 1:55 a.m.8 views

[SECURITY] Fedora 44 Update: qt6-qtwebchannel-6.10.3-1.fc44

The Qt WebChannel module provides a library for seamless integration of C++ and QML applications with HTML/JavaScript clients. Any QObject can be published to remote clients, where its public API becomes available...

5.4AI score
Exploits0
Fedora
Fedora
added 2026/04/25 1:55 a.m.5 views

[SECURITY] Fedora 44 Update: qt6-qtmqtt-6.10.3-1.fc44

MQTT is a machine-to-machine M2M protocol utilizing the publish-and-subscri be paradigm, and provides a channel with minimal communication overhead. The Qt MQTT module provides a standard compliant implementation of the MQTT protocol specification. It enables applications to act as telemetry...

5.4AI score
Exploits0
Cvelist
Cvelist
added 2026/04/24 12:34 a.m.29 views

CVE-2026-40099 Kirby's page creation API bypasses the changeStatus permission check via unfiltered isDraft parameter

Kirby is an open-source content management system. Kirby's user permissions control which user role is allowed to perform specific actions to content models in the CMS. These permissions are defined for each role in the user blueprint site/blueprints/users/.... It is also possible to customize th...

5.3CVSS0.00275EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/24 12:23 a.m.5 views

EUVD-2026-25369

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, Kirby's user permissions control which user role is allowed to perform specific actions to content models in the CMS. These permissions are defined for each role in the user blueprint site/blueprints/users/.... ...

7.6CVSS5.2AI score0.00334EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/22 9:38 a.m.3 views

CVE-2026-33258

By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC3 caches...

5.3CVSS5.8AI score0.00583EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/04/16 12:0 a.m.3 views

The vulnerability of the Adobe Framemaker desktop publishing system arises from the possibility of an operation going beyond the buffer boundaries in memory, allowing a hacker to execute arbitrary code.

The vulnerability of the Adobe Framemaker desktop publishing system lies in the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

7.8CVSS6.3AI score0.00154EPSS
Exploits0References2
Microsoft KB
Microsoft KB
added 2026/04/14 2:0 p.m.26 views

Description of the security update for SharePoint Server Subscription Edition: April 14, 2026 (KB5002853)

Description of the security update for SharePoint Server Subscription Edition: April 14, 2026 KB5002853 Summary Important: If you're currently running SharePoint Workflow Manager, you must install SharePoint Workflow Manager KB5002799 to your farm before you install this cumulative update. If...

6.5CVSS5.9AI score0.25082EPSS
Exploits1
Akamai Blog
Akamai Blog
added 2026/04/08 9:0 a.m.6 views

Protecting Publishing: The Real Cost of AI Bots

...

5.9AI score
Exploits0
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.7 views

PraisonAI 路径遍历漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 1.5.113 had a path traversal vulnerability. This vulnerability stemmed from a path traversal issue with the recipe registry publishing endpoint, which could allow arbitrary file...

7.1CVSS5.9AI score0.00334EPSS
Exploits1References1
OSV
OSV
added 2026/04/01 9:7 p.m.6 views

GHSA-M577-W9J8-CH7J AVideo: Video Publishing Workflow Bypass via Unauthorized overrideStatus Request Parameter

Summary AVideo's video processing pipeline accepts an overrideStatus request parameter that allows any uploader to set a video's status to any valid state, including "active" a. This bypasses the admin-controlled moderation and draft workflows. The setStatus method validates the status code again...

4.3CVSS6.1AI score0.00238EPSS
Exploits1References4
OSV
OSV
added 2026/03/31 8:55 p.m.5 views

CVE-2026-34738 AVideo: Video Publishing Workflow Bypass via Unauthorized overrideStatus Request Parameter

WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's video processing pipeline accepts an overrideStatus request parameter that allows any uploader to set a video's status to any valid state, including "active" a. This bypasses the admin-controlled moderation and dra...

4.3CVSS6AI score0.00238EPSS
Exploits1References3
CVE
CVE
added 2026/03/31 8:55 p.m.10 views

CVE-2026-34738

CVE-2026-34738 affects WWBN AVideo (

4.3CVSS5.9AI score0.00238EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/03/31 8:55 p.m.22 views

CVE-2026-34738 AVideo: Video Publishing Workflow Bypass via Unauthorized overrideStatus Request Parameter

WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's video processing pipeline accepts an overrideStatus request parameter that allows any uploader to set a video's status to any valid state, including "active" a. This bypasses the admin-controlled moderation and dra...

4.3CVSS0.00238EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/27 6:16 p.m.2 views

CVE-2026-34374

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the Liveschedule::keyExists method constructs a SQL query by interpolating a stream key directly into the query string without parameterization. This method is called as a fallback from LiveTransmition::keyExists...

9.1CVSS5.9AI score0.00344EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/26 9:15 p.m.6 views

CVE-2026-33670 SiYuan has directory traversal within its publishing service

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the /api/file/readDir interface was used to traverse and retrieve the file names of all documents under a notebook. Version 3.6.2 patches the issue...

9.8CVSS5.8AI score0.0066EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/26 9:15 p.m.23 views

CVE-2026-33670 SiYuan has directory traversal within its publishing service

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the /api/file/readDir interface was used to traverse and retrieve the file names of all documents under a notebook. Version 3.6.2 patches the issue...

9.8CVSS0.0066EPSS
Exploits1References1
OSV
OSV
added 2026/03/26 9:15 p.m.5 views

CVE-2026-33670 SiYuan has directory traversal within its publishing service

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the /api/file/readDir interface was used to traverse and retrieve the file names of all documents under a notebook. Version 3.6.2 patches the issue...

9.8CVSS6.3AI score0.0066EPSS
Exploits1References3
CVE
CVE
added 2026/03/26 9:15 p.m.22 views

CVE-2026-33670

SiYuan has a vulnerability CVE-2026-33670 where the /api/file/readDir interface allows directory traversal to enumerate filenames of all documents under a notebook. This occurs in versions prior to 3.6.2; the issue is mitigated by upgrading to 3.6.2 or later. The connected sources consistently de...

9.8CVSS5.8AI score0.0066EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder