Lucene search
K

277 matches found

NVD
NVD
added 4 days ago8 views

CVE-2026-57942

LibreTranslate through 1.9.7, fixed in commit 397fd22, contains an IP spoofing vulnerability in the getremoteaddress function that allows unauthenticated attackers to spoof client IP addresses by injecting arbitrary values into the X-Forwarded-For header without trusted proxy validation. Attacker...

6.9CVSS0.00192EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 4 days ago5 views

CVE-2026-57942 LibreTranslate - IP Spoofing via X-Forwarded-For Header

LibreTranslate through 1.9.7, fixed in commit 397fd22, contains an IP spoofing vulnerability in the getremoteaddress function that allows unauthenticated attackers to spoof client IP addresses by injecting arbitrary values into the X-Forwarded-For header without trusted proxy validation. Attacker...

6.9CVSS5.9AI score0.00192EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 4 days ago7 views

CVE-2026-54233

A flaw was found in vLLM, an inference and serving engine for large language models LLMs. A remote attacker could exploit a vulnerability in the /v1/audio/transcriptions endpoint. By uploading a specially crafted compressed audio file, such as an OPUS file, the attacker could cause the system to...

6.5CVSS5.8AI score0.00243EPSS
Exploits0References5
EUVD
EUVD
added last week10 views

EUVD-2026-36601

Nezha Monitoring: Unbounded WebSocket Streams — Resource Exhaustion DoS...

6.5CVSS5.8AI score0.00289EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/22 9:4 p.m.19 views

CVE-2026-56255 Capgo - Denial of Service via Unlimited Demo App Creation

Capgo before 12.128.2 contains a denial of service vulnerability in the POST /app/demo endpoint that allows authenticated users with org write permissions to create unlimited demo applications without rate limiting or quota enforcement. Attackers can repeatedly invoke this endpoint to generate...

5.3CVSS0.00272EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/22 9:4 p.m.6 views

EUVD-2026-38365

Capgo before 12.128.2 contains a denial of service vulnerability in the POST /app/demo endpoint that allows authenticated users with org write permissions to create unlimited demo applications without rate limiting or quota enforcement. Attackers can repeatedly invoke this endpoint to generate...

5.3CVSS5.9AI score0.00272EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 10:16 p.m.20 views

CVE-2026-53522

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.2.0, the Nezha dashboard exposes two endpoints that create long-lived WebSocket streams to monitored agents: POST /api/v1/terminal → createTerminal...

6.5CVSS0.00289EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.11 views

PT-2026-49003

Name of the Vulnerable Software and Affected Versions Nezha Monitoring versions 1.0.0 through 2.1.x Description The dashboard exposes two endpoints that create long-lived WebSocket streams to monitored agents: "/api/v1/terminal" which triggers the createTerminal function, and "/api/v1/file" which...

6.5CVSS5.2AI score0.00289EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/11 9:35 a.m.8 views

Malicious Package

Overview rate-limits-flexible is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 9:35 a.m.9 views

Malicious code in rate-limits-flexible (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f51c182413a9d071e2e2109f7477ff0fb1b05fae4e5e98a46bb53e7d8b2d693b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/11 9:35 a.m.10 views

MAL-2026-5627 Malicious code in rate-limits-flexible (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f51c182413a9d071e2e2109f7477ff0fb1b05fae4e5e98a46bb53e7d8b2d693b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.9 views

Flowise 安全漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Versions of Flowise prior to 3.1.2 contained a security vulnerability. This vulnerability stemmed from the checkBasicAuth endpoint, which validated credentials in plaintext without rate limits,...

9.1CVSS7.2AI score0.00251EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/30 12:0 a.m.8 views

Yamcs security vulnerabilities

Yamcs is an open-source software framework developed by Yamcs. It is used for commanding and controlling spacecraft, satellites, payloads, ground stations, and ground equipment. YAMCS has a security vulnerability that stems from the lack of rate limits...

5.8AI score0.00052EPSS
Exploits2References1
OSV
OSV
added 2026/05/20 7:7 p.m.9 views

GO-2026-5008 MCP Registry: OCI validator skips ownership check on upstream rate limits in github.com/modelcontextprotocol/registry

MCP Registry: OCI validator skips ownership check on upstream rate limits in github.com/modelcontextprotocol/registry...

3.5CVSS5.8AI score0.00206EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/20 7:7 p.m.9 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the OCI validator process when upstream rate limits are encountered. An attacker can bypass intended ownership restrictions by exploiting the lack of proper checks during rate-limited conditions. Remediation...

5.1CVSS5.8AI score0.00206EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.9 views

PT-2026-42384

MCP Registry: OCI validator skips ownership check on upstream rate limits in github.com/modelcontextprotocol/registry...

3.5CVSS5.8AI score0.00206EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/19 3:39 p.m.11 views

MCP Registry: OCI validator skips ownership check on upstream rate limits

OCI ownership validation fails open on upstream rate limits, allowing attacker to claim arbitrary public OCI images under their own namespace Severity: Low re-scored post-triage; see Maintainer triage note below Affected: modelcontextprotocol/registry main branch at commit fe0cb3b current HEAD as...

3.5CVSS6AI score0.00206EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2026/05/19 12:16 p.m.15 views

CVE-2026-43491

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the maximum server registration per node Current code does no bound checking on the number of servers added per node. A malicious client can flood NEWSERVER messages and exhaust memory. Fix this issue by...

5.8AI score0.00144EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/05/18 12:0 a.m.14 views

Debian dla-4589 : libnginx-mod-http-auth-pam - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4589 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4589-1 [email protected]...

9.2CVSS9.5AI score0.61469EPSS
Exploits40References24
Debian
Debian
added 2026/05/16 5:30 p.m.14 views

[SECURITY] [DSA 6278-1] nginx security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6278-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 16, 2026 https://www.debian.org/security/faq -...

9.2CVSS6.1AI score0.61469EPSS
Exploits40
Rows per page
Query Builder