Lucene search
K

5185 matches found

CVE
CVE
added 2026/06/12 6:42 p.m.28 views

CVE-2026-42604

The CVE concerns Actual Budget’s sync-server (local-first Personal Finance tool). Versions ≤ 26.4.0 expose the full OpenID Connect configuration, including the OAuth2 client_secret, via POST /openid/config to callers who know the bootstrap password. The endpoint lacks authentication and rate limi...

9.1CVSS5.3AI score0.004EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 6:22 p.m.11 views

EUVD-2026-36535

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.77 and 9.9.1-alpha.1, an unauthenticated attacker who knows a publicly-known Parse Application ID can submit a single HTTP request whose client SDK version field contains...

8.7CVSS5.2AI score0.00584EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.13 views

PT-2026-49003

Name of the Vulnerable Software and Affected Versions Nezha Monitoring versions 1.0.0 through 2.1.x Description The dashboard exposes two endpoints that create long-lived WebSocket streams to monitored agents: "/api/v1/terminal" which triggers the createTerminal function, and "/api/v1/file" which...

6.5CVSS5.2AI score0.00289EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.22 views

PT-2026-48963

Name of the Vulnerable Software and Affected Versions Actual Budget sync-server versions prior to 26.5.0 Description The POST /openid/config endpoint exposes the complete OpenID Connect configuration, which includes the OAuth2 client secret. This information is accessible to any user who possesse...

9.1CVSS5.2AI score0.004EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 9:35 a.m.11 views

Malicious code in rate-limits-flexible (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 809e7f8796ee45bb12d644bd48e71cbfca430e22d40b06ea0e0437097d131068 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/11 9:35 a.m.12 views

MAL-2026-5626 Malicious code in rate-limit-flexible (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 166436585b1666871717d2202a01b64cfc580432ad36d90fa05903daf050d8f7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/11 9:35 a.m.13 views

MAL-2026-5627 Malicious code in rate-limits-flexible (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f51c182413a9d071e2e2109f7477ff0fb1b05fae4e5e98a46bb53e7d8b2d693b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
Snyk
Snyk
added 2026/06/11 9:35 a.m.11 views

Malicious Package

Overview rate-limit-flexible is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 9:35 a.m.13 views

Malicious code in rate-limit-flexible (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 166436585b1666871717d2202a01b64cfc580432ad36d90fa05903daf050d8f7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
Snyk
Snyk
added 2026/06/11 9:35 a.m.12 views

Malicious Package

Overview rate-limits-flexible is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/06/10 12:0 a.m.13 views

Mind Your Key: An Empirical Study of LLM API Credential Leakage in IOS Apps

The rapid integration of large language models LLMs into mobile applications has introduced a new class of credential security risk: leaked credentials that grant unauthorized access to LLM inference services, causing financial damage to developers. Prior work on credential leakage has focused...

5.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.14 views

CVE-2026-11558

A security vulnerability has been detected in CodeAstro Payroll System 1.0. The impacted element is an unknown function of the file /homesalary.php. The manipulation of the argument rate/salaryrate leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...

6.5CVSS6.4AI score0.00209EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.13 views

CVE-2026-46440

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, the checkBasicAuth endpoint validates credentials in plaintext without rate limiting and with direct comparison. This issue has been patched in version 3.1.2...

9.1CVSS7AI score0.00251EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/09 3:41 a.m.68 views

secure-banking-app

secure-banking-app...

5.6AI score
Exploits0
NVD
NVD
added 2026/06/08 7:16 p.m.12 views

CVE-2026-11558

A security vulnerability has been detected in CodeAstro Payroll System 1.0. The impacted element is an unknown function of the file /homesalary.php. The manipulation of the argument rate/salaryrate leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...

6.5CVSS0.00209EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/08 6:30 p.m.7 views

CVE-2026-11558

A security vulnerability has been detected in CodeAstro Payroll System 1.0. The impacted element is an unknown function of the file /homesalary.php. The manipulation of the argument rate/salaryrate leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...

6.5CVSS6.4AI score0.00209EPSS
Exploits0References8Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/08 6:30 p.m.11 views

CVE-2026-11558 CodeAstro Payroll System home_salary.php sql injection

A security vulnerability has been detected in CodeAstro Payroll System 1.0. The impacted element is an unknown function of the file /homesalary.php. The manipulation of the argument rate/salaryrate leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...

6.5CVSS6.4AI score0.00209EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/08 6:30 p.m.38 views

CVE-2026-11558 CodeAstro Payroll System home_salary.php sql injection

A security vulnerability has been detected in CodeAstro Payroll System 1.0. The impacted element is an unknown function of the file /homesalary.php. The manipulation of the argument rate/salaryrate leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...

6.5CVSS0.00209EPSS
Exploits0References8
CVE
CVE
added 2026/06/08 6:30 p.m.23 views

CVE-2026-11558

CodeAstro Payroll System 1.0 contains a SQL injection vulnerability in an unknown function within /home_salary.php. The vulnerability arises from manipulation of the rate/salary_rate argument and is exploitable remotely. The exploit has been publicly disclosed and may be used. The connected sourc...

6.5CVSS5.4AI score0.00209EPSS
Exploits0References8
NVD
NVD
added 2026/06/08 4:16 p.m.16 views

CVE-2026-46440

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, the checkBasicAuth endpoint validates credentials in plaintext without rate limiting and with direct comparison. This issue has been patched in version 3.1.2...

9.1CVSS0.00251EPSS
Exploits0References2
Rows per page
Query Builder