Lucene search
K

32534 matches found

NVD
NVD
added yesterday6 views

CVE-2026-60062

The NGINX Agent configdirs directive allows a low-privileged attacker to gain limited read and write access to files outside of the designated secure directory. The configdirs directive required for this issue can also be configured through NGINX Instance Manager. A successful exploit may allow a...

6.4CVSS
Exploits0References1
EUVD
EUVD
added yesterday4 views

EUVD-2026-44638

PraisonAI before 4.6.78 exposes the MCP HTTP-stream transport without authentication by default: the CLI --api-key option defaults to None, and the server only enforces Authorization/Bearer checks when an API key is configured. When an operator runs 'praisonai mcp serve --transport http-stream'...

7.3CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added yesterday4 views

EUVD-2026-44598

The HCM developed by MetaGuru has a SQL Injection vulnerability. Authenticated remote attackers can inject SQL commands via specific parameters, thereby compromising the confidentiality, integrity, and availability of database data...

8.8CVSS6.2AI score0.00302EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday44 views

Jinher OA - SQL Injection

jinher jinheroa is an office automation software that facilitates workflow management and collaboration within organizations. It sits in the enterprise layer of the tech stack, is typically deployed as selfhosted, and—within the informationtechnology industry—serves the businessapps domain. id:...

9.8CVSS6.5AI score0.03559EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday13 views

HP Switch - Authentication Bypass

A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820, 1850, and 1920S Network switches. The vulnerability could be remotely exploited to allow authentication bypass. HPE has made the following software updates to resolve the vulnerability in...

9.8CVSS6.9AI score0.02641EPSS
Exploits1
Nuclei
Nuclei
added yesterday58 views

Onkyo TX-NR585 Web Interface - Directory Traversal

Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users on the network to read sensitive files via %2e%2e%2f directory traversal and local file inclusion. id: CVE-2020-12447 info: name: Onkyo TX-NR585 Web Interface - Directory Traversal author: 0xAkoko severity: high...

7.5CVSS7AI score0.14071EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday58 views

Mingsoft MCMS < 5.3.1 - Cross-Site Scripting

A vulnerability classified as problematic has been found in Mingsoft MCMS up to 5.3.1. This affects an unknown part of the file search.do of the component HTTP POST Request Handler. The manipulation of the argument style leads to cross site scripting. It is possible to initiate the attack remotel...

6.1CVSS4.4AI score0.01365EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday46 views

WAVLINK AC1200 - Information Disclosure

A vulnerability is in the 'livemfg.html' page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6-20180418, which can allow a remote attacker to access this page without any authentication. When processed, it exposes some key information of the manager of router. id: CVE-2021-44260 info: name:...

7.5CVSS7AI score0.07573EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday22 views

ComfyUI-Manager < 3.38 - Configuration Overwrite

ComfyUI-Manager 3.38 contains an insecure file storage vulnerability caused by storing files in an insufficiently protected location accessible via the web interface, letting remote attackers manipulate configuration and critical data, exploit requires web access. id: CVE-2025-67303 info: name:...

7.5CVSS7.2AI score0.01361EPSS
Exploits3References3
Nuclei
Nuclei
added yesterday18 views

Teleport - Authentication Bypass

Teleport versions prior to 17.5.2 are vulnerable to a remote authentication bypass vulnerability. This issue allows attackers to gain unauthorized access to affected systems. id: CVE-2025-49825 info: name: Teleport - Authentication Bypass author: pdteam severity: critical description: | Teleport...

9.8CVSS6.5AI score0.07754EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday17 views

Casdoor - Authorization Bypass

Casdoor up to 1.811.0 contains an authorization bypass caused by manipulation in HandleScim function in controllers/scim.go, letting remote attackers bypass authorization, exploit requires remote access. id: CVE-2025-4210 info: name: Casdoor - Authorization Bypass author: theamanrawat severity:...

7.5CVSS6.9AI score0.01813EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday13 views

Check Point IKEv1 Remote-Access VPN - Certificate Authentication Bypass

IKEv1 key exchange contains a broken authentication caused by logic flow weakness in Remote Access and Mobile Access certificate validation, letting unauthenticated remote attackers bypass user authentication and establish VPN connections without valid passwords, exploit requires use of deprecate...

9.3CVSS7.2AI score0.70099EPSS
Exploits5References3
Nuclei
Nuclei
added yesterday66 views

Flowise <= 1.8.2 Authentication Bypass

An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality. id: CVE-2024-8181 info: name: Flowise = 1.8.2 Authentication Bypass author:...

9.8CVSS6.1AI score0.42783EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday43 views

Netis Wifi Router - Information Disclosure

An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi 11AC Router NC63 3.0.0.3327 and 3.0.0.3503 and Netis Wifi 11AC Router NC21 3.0.0.3800, 3.0.0.3500 and 3.0.0.3329 and Netis Wifi Router MW5360 1.0.1.3442 and 1.0.1.3031 allows a...

2.7CVSS6.6AI score0.06356EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday15 views

PraisonAI - Authentication Bypass

PraisonAI 2.5.6 to 4.6.34 contains a broken authentication caused by disabled default authentication in legacy Flask API server, letting remote attackers access /agents and trigger workflows without token, exploit requires network access to API server. id: CVE-2026-44338 info: name: PraisonAI -...

7.3CVSS7.1AI score0.26799EPSS
Exploits3References2
Nuclei
Nuclei
added yesterday34 views

Issabel PBX 4.0.0-6 - Directory Listing

An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory id: CVE-2023-37599 info: name: Issabel PBX 4.0.0-6 - Directory Listing author: ritikchaddha severity: high description: | An issue in issabel-pbx v.4.0.0-6 allows a remote attacker...

7.5CVSS7AI score0.03632EPSS
Exploits1References2
NVD
NVD
added 2 days ago7 views

CVE-2026-15752

A vulnerability was found in zhinianboke xianyu-auto-reply up to dcb445ad97816ad65299a7580ee0c8c8f929da84. Affected is an unknown function of the file /api/v1/users/ of the component Backend User Endpoint. Performing a manipulation results in missing authorization. The attack may be initiated...

7.5CVSS0.00297EPSS
Exploits0References7
CVE
CVE
added 2 days ago76 views

CVE-2026-15409

Summary: CVE-2026-15409 is a Server-Side Request Forgery (SSRF) affecting SonicWall SMA1000 Appliances (Work Place interface). A remote unauthenticated attacker could force the appliance to make requests to unintended locations. The vulnerability is rated CVSS v3.1: 10.0 (CRITICAL) with network a...

10CVSS7AI score0.01404EPSS
In wildExploits3References2Affected Software1
NVD
NVD
added 2 days ago4 views

CVE-2026-58531

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows SMB allows an authorized attacker to elevate privileges over a network...

7.5CVSS0.00503EPSS
Exploits0References1
CVE
CVE
added 2 days ago5 views

CVE-2026-62657

CVE-2026-62657 concerns a certificate validation flaw in NETGEAR XR1000 Gaming Router and certain Nighthawk models. The issue could allow an unauthenticated attacker to remotely access and take control of the device due to weaknesses in certificate validation. The sources identify affected device...

7.6CVSS6.1AI score0.001EPSS
Exploits0References5
Rows per page
Query Builder