Lucene search
K

440 matches found

Nuclei
Nuclei
added 3 hours ago48 views

Rukovoditel <= 3.2.1 - Cross Site Scripting

A stored cross-site scripting XSS vulnerability in the Users Alerts feature /index.php?module=usersalerts/usersalerts of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Add". id:...

5.4CVSS6.2AI score0.00929EPSS
Exploits1References3
Snyk
Snyk
added last week4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to the default configuration of REVERSEPROXYTRUSTEDPROXIES allowing all sources. An attacker can gain unauthorized access by sending spoofed reverse-proxy authentication headers such as X-WEBAUTH-USER...

9.8CVSS7.4AI score0.00783EPSS
Exploits4References2
Snyk
Snyk
added last week4 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the fork synchronization process. An attacker can access private repository data by continuing to synchronize a fork after the parent repository's visibility changes from public to private. Remediation Upgrade...

7.5CVSS7.2AI score0.00482EPSS
Exploits0References2
Snyk
Snyk
added last week4 views

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection via the PatternParser process. An attacker can access sensitive files or interact with internal systems by submitting crafted XML data that triggers external entity resolution. Details XXE Injection is ...

9.8CVSS6AI score0.00328EPSS
Exploits0References2
Snyk
Snyk
added last week6 views

Authentication Bypass by Primary Weakness

Overview Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness in the STARTTLS process. An attacker can compromise the security of the TLS connection by exploiting a scenario where a new transfer reuses an existing live connection despite a mismatch in TLS...

9.1CVSS6AI score0.0052EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/02 8:17 p.m.6 views

Missing Authorization

Overview 9router is a 9Router CLI - Start and manage 9Router server Affected versions of this package are vulnerable to Missing Authorization via the POST /api/tunnel/tailscale-install route handler, which accepts a JSON body containing a sudoPassword field and pipes it, along with the contents o...

9.8CVSS6.2AI score0.01372EPSS
Exploits0References3
Snyk
Snyk
added 2026/07/01 6:18 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview github.com/elastic/fleet-server/internal/pkg/api is a control server to manage a fleet of elastic-agents. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the upload endpoint. An attacker can exhaust system memory by submitting...

7.5CVSS6AI score0.00312EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 9:17 p.m.3 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the ENABLEREVERSEPROXYAUTHENTICATION process. An attacker can impersonate any user or trigger automatic account creation by forging the configured authentication header in client requests. This is only exploitable...

8.7CVSS6AI score0.00864EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 1:17 p.m.4 views

Security Bulletin: Vulnerability in Ruby affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Ruby has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerability...

9.1CVSS6.3AI score0.00838EPSS
Exploits0Affected Software2
Snyk
Snyk
added 2026/06/22 4:15 a.m.5 views

Use of Hard-coded Credentials

Overview com.linecorp.centraldogma:centraldogma-server is a service configuration repository based on Git, ZooKeeper and HTTP/2 centraldogma-server. Affected versions of this package are vulnerable to Use of Hard-coded Credentials in the ZooKeeperReplicationConfig.secret when the replication.secr...

9.6CVSS6.2AI score0.00145EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/19 7:35 p.m.7 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the propagation of unvalidated LABEL values from image configuration to container labels. An attacker can execute arbitrary commands on the host by...

9.4CVSS6.2AI score0.00203EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/19 7:35 p.m.6 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the propagation of unvalidated LABEL values from image configuration to container labels. An attacker can execute arbitrary commands on the host by...

9.4CVSS6.2AI score0.00203EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/19 7:35 p.m.6 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the propagation of unvalidated LABEL values from image configuration to container labels. An attacker can execute arbitrary commands on the host by...

9.4CVSS6.2AI score0.00203EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/19 7:35 p.m.7 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the CRI checkpoint import. An attacker can cause arbitrary code execution by crafting a checkpoint image that forces the system to pull a malicious image and assign it an arbitrary local...

9.9CVSS6.5AI score0.00354EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/18 3:4 p.m.3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the backend logic for the pages picker process. An attacker can confirm the existence of arbitrary pages and retrieve the value of the title field by providing the full path to an existing page as an...

5.3CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/18 2:27 p.m.7 views

Improper Authentication

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

8.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/17 6:43 p.m.5 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the createuploadfile function. An attacker can exhaust server disk space and obtain sensitive file system information by uploading arbitrary files without authentication and receiving...

9.3CVSS6AI score0.00332EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/17 5:55 p.m.6 views

Information Exposure

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Information Exposure via the MCP Streamable HTTP process when custom headers are configured and the MCP endpoint responds with a cross-origin redirect. An attacker can obtain sensitive...

7.1CVSS5.8AI score0.00223EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/17 2:10 p.m.3 views

Origin Validation Error

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Origin Validation Error through the postMessage process. An attacker can execute unauthorized actions and trigger backend API calls under the victim's authenticated session by sending crafted cross-origin...

7.1CVSS5.9AI score0.00162EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/17 12:0 a.m.6 views

Path Equivalence

Overview Affected versions of this package are vulnerable to Path Equivalence in the pathWithoutMatrixParams of AbstractPathMatchingHttpSecurityPolicy via specially crafted HTTP requests containing encoded semicolons, slashes, or backslashes in the request path. An attacker can gain unauthorized...

8.7CVSS5.9AI score0.00451EPSS
Exploits1References2
Rows per page
Query Builder