Lucene search
+L

17909 matches found

cvelist
cvelist
added 3 hours ago8 views

CVE-2026-45695 Kopia: Unauthenticated RCE via SSH ProxyCommand Injection when --insecure --without-password is used

Kopia is a cross-platform backup tool for Windows, macOS, and Linux with fast incremental backups, client-side end-to-end encryption, compression, and data deduplication. Prior to 0.23.0, Kopia's HTTP server started with --without-password accepts unauthenticated requests to /api/v1/repo/exists a...

9.8CVSS0.00109EPSS
Exploits0References4
nuclei
nuclei
added 9 hours ago74 views

Imgproxy < 3.14.0 - Cross-site Scripting (XSS)

Cross-site Scripting XSS - Reflected in GitHub repository imgproxy/imgproxy prior to 3.14.0. id: CVE-2023-1496 info: name: Imgproxy 3.14.0 - Cross-site Scripting XSS author: pdteam severity: medium description: Cross-site Scripting XSS - Reflected in GitHub repository imgproxy/imgproxy prior to...

6.5CVSS6.5AI score0.01585EPSS
Exploits1References2
nuclei
nuclei
added 9 hours ago73 views

ArgoCD Project API Token Repository Credentials Exposure

Argo CD API tokens with project-level permissions are able to retrieve sensitive repository credentials usernames, passwords through the project details API endpoint, even when the token only has standard application management permissions and no explicit access to secrets. This vulnerability...

9.9CVSS7.1AI score0.04518EPSS
Exploits1References3
nuclei
nuclei
added 9 hours ago51 views

phpMyFAQ < 3.2.0 - Cross-site Scripting

Cross-site Scripting XSS Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2. id: CVE-2023-5863 info: name: phpMyFAQ ' - 'phpMyFAQ' condition: and - type: word part: header words: - "tex...

7.4CVSS6.7AI score0.01105EPSS
Exploits1References2
nuclei
nuclei
added 9 hours ago32 views

Froxlor < 0.10.38.2. - HTML Injection

HTML Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2. id: CVE-2022-3869 info: name: Froxlor TEST" matchers-condition: and matchers: - type: word part: body words: - 'The message to ""TEST" failed' - type: word part: header words: - "text/html" - type: status status: - 200 d...

6.5CVSS6.6AI score0.01265EPSS
Exploits1References2
nuclei
nuclei
added 9 hours ago26 views

FOSSBilling < 0.5.3 - Cross-Site Scripting

Cross-site Scripting XSS - Reflected in GitHub repository fossbilling/fossbilling prior to 0.5.4. id: CVE-2023-3521 info: name: FOSSBilling &datefrom='" HTTP/1.1 Host: Hostname matchers-condition: and matchers: - type: word part: body words:...

6.1CVSS6.2AI score0.00919EPSS
Exploits1References2
nuclei
nuclei
added 9 hours ago75 views

Mosparo < 1.0.2 - Open Redirect

Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2. id: CVE-2023-5375 info: name: Mosparo 1.0.2 - Open Redirect author: shankaracharya severity: medium description: | Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2. impact: | Unauthenticated attackers can exploit...

6.1CVSS6.1AI score0.33629EPSS
Exploits1References4
nuclei
nuclei
added 9 hours ago124 views

Structurizr on-premises - Cross Site Scripting

Cross-site Scripting XSS - Reflected in GitHub repository structurizr/onpremises prior to 3194. id: CVE-2023-5556 info: name: Structurizr on-premises - Cross Site Scripting author: shankaracharya severity: medium description: | Cross-site Scripting XSS - Reflected in GitHub repository...

6.1CVSS6.2AI score0.01222EPSS
Exploits1References3
nuclei
nuclei
added 9 hours ago92 views

Hestiacp <= 1.7.7 - Cross-Site Scripting

Cross-site Scripting XSS - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8. id: CVE-2023-3479 info: name: Hestiacp = 1.7.7 - Cross-Site Scripting author: edoardottt severity: medium description: | Cross-site Scripting XSS - Reflected in GitHub repository hestiacp/hestiacp prior to...

6.1CVSS6.1AI score0.01293EPSS
Exploits1References3
thn
thn
added yesterday5 views

Cursor Flaw Lets Malicious Cloned Repositories Trigger Windows Code Execution

Open a repository in Cursor on Windows and, if a file named git.exe is sitting in the project root, Cursor runs it. No click, no approval dialog, no warning that anything in the folder is about to execute. Whatever that binary does, it does as you, with your source, your SSH keys and your cloud...

6.5AI score
Exploits0
nvd
nvd
added 2 days ago7 views

CVE-2026-49170

Insufficient granularity of access control in Windows StateRepository API allows an authorized attacker to elevate privileges locally...

7.8CVSS0.02507EPSS
Exploits0References1
nvd
nvd
added 2 days ago3 views

CVE-2026-14646

Nexus Repository 3 did not apply its existing Server-Side Request Forgery SSRF protections to HTTP redirect targets returned by proxy repository upstream servers. Any user with read access to a proxy repository backed by an attacker-controlled or compromised upstream server — including an anonymo...

4.9CVSS0.00265EPSS
Exploits0References2
nvd
nvd
added 2 days ago4 views

CVE-2026-14645

Nexus Repository 3 does not validate the destination of the "Webhook: Global" capability's configured URL before making an outbound HTTP request, allowing a user holding the Capability Administration permission to cause the server to send requests to internal network locations Server-Side Request...

5.1CVSS0.00397EPSS
Exploits0References2
cvelist
cvelist
added 2 days ago24 views

CVE-2026-14646 Nexus Repository 3 - Server-Side Request Forgery (SSRF) via HTTP Redirect

Nexus Repository 3 did not apply its existing Server-Side Request Forgery SSRF protections to HTTP redirect targets returned by proxy repository upstream servers. Any user with read access to a proxy repository backed by an attacker-controlled or compromised upstream server — including an anonymo...

4.9CVSS0.00265EPSS
Exploits0References2
cve
cve
added 2 days ago9 views

CVE-2026-14645

CVE-2026-14645 : Nexus Repository 3 is vulnerable to Server-Side Request Forgery (SSRF) via the Webhook: Global capability. The product does not validate the destination URL of the configured Webhook: Global before making an outbound HTTP request, enabling a user with the Capability Administratio...

5.1CVSS6.1AI score0.00397EPSS
Exploits0References2
cvelist
cvelist
added 2 days ago31 views

CVE-2026-14645 Nexus Repository 3 - Server-Side Request Forgery (SSRF) via Webhook: Global Capability

Nexus Repository 3 does not validate the destination of the "Webhook: Global" capability's configured URL before making an outbound HTTP request, allowing a user holding the Capability Administration permission to cause the server to send requests to internal network locations Server-Side Request...

5.1CVSS0.00397EPSS
Exploits0References2
nvd
nvd
added 2 days ago5 views

CVE-2026-7494

Nexus Repository 3 is vulnerable to Server-Side Request Forgery SSRF via the SSL Certificate Retrieval endpoint. A user holding the nexus:ssl-truststore:read permission could cause the server to initiate outbound connections to internal or otherwise restricted network hosts. This issue affects...

5.3CVSS0.00146EPSS
Exploits0References2
nvd
nvd
added 2 days ago4 views

CVE-2026-14504

An authorization bypass in Nexus Repository 3's component upload API allowed a user with only read/browse privileges on a Swift, Terraform, or Conda hosted repository to upload arbitrary artifacts, bypassing the intended write-permission check...

8.2CVSS0.00264EPSS
Exploits0References2
nvd
nvd
added 2 days ago5 views

CVE-2026-11403

A vulnerability in Sonatype Nexus Repository Manager's format-specific API key generation may allow a remote attacker to gain unauthorized access to repository operations as a targeted user. A format-specific API key realm NuGet API Key, Docker Bearer Token, or npm Bearer Token must be enabled an...

8.7CVSS0.00349EPSS
Exploits0References2
cvelist
cvelist
added 2 days ago27 views

CVE-2026-14504 Nexus Repository 3 - Authorization Bypass in Component Upload API

An authorization bypass in Nexus Repository 3's component upload API allowed a user with only read/browse privileges on a Swift, Terraform, or Conda hosted repository to upload arbitrary artifacts, bypassing the intended write-permission check...

8.2CVSS0.00264EPSS
Exploits0References2
Rows per page
Query Builder