Lucene search
+L

1929 matches found

Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-63093 Cursor for Windows 3.2.16 RCE via Malicious git.exe in Workspace

Cursor for Windows version 3.2.16 contains a binary planting vulnerability that allows remote attackers to achieve arbitrary code execution by placing a malicious git.exe file in the repository root directory. When a developer clones and opens a crafted repository, Cursor automatically resolves a...

8.8CVSS0.00429EPSS
Exploits0References3
NVD
NVD
added 3 days ago8 views

CVE-2026-12906

The RTMKit WordPress plugin before 2.0.9 does not perform a capability check in one of its AJAX actions and resolves a request-supplied post identifier directly, allowing users with at least the Contributor role to read the titles of other users' private, draft, pending, scheduled and trashed pos...

2.7CVSS0.00179EPSS
Exploits0References1
NVD
NVD
added 3 days ago13 views

CVE-2026-12434

The List category posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 0.95.0 via the sanitizestatus. This makes it possible for authenticated attackers, with contributor-level access and above, to extract titles, full content, excerpts,...

4.3CVSS0.00239EPSS
Exploits0References6
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-44856

The List category posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 0.95.0 via the sanitizestatus. This makes it possible for authenticated attackers, with contributor-level access and above, to extract titles, full content, excerpts,...

4.3CVSS6.1AI score0.00239EPSS
Exploits0References6
OSV
OSV
added 5 days ago7 views

MAL-2026-10591 Malicious code in solana-key-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68b4680547530fce361014fe8c228734a8ec33bc8c834f46285e371e8f6b9f92 On require, index.js waits 37 seconds, reads test/fixtures/keypairs.dat a 53KB base64 blob disguised as a test fixture, no test harness references it...

6.4AI score
Exploits0References4
CVE
CVE
added 2026/07/12 11:45 a.m.13 views

CVE-2026-15499

AstrBotDevs AstrBot (versions up to 4.25.2) contains a vulnerability in the function FutureTaskTool.call (astrbot/core/tools/cron_tools.py). Manipulating payload["note"] leads to improper authorization, enabling remote exploitation. Public exploit availability is reported. No remediation details ...

6.5CVSS6.3AI score0.00201EPSS
Exploits0References5
NVD
NVD
added 2026/07/09 5:17 p.m.13 views

CVE-2026-59226

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 before 0.10.0, executeautomation rehydrated automation owners without rechecking that they were still active or still had features.automations, and checkmodelaccess only enforced private-model grants...

4.3CVSS0.00303EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/09 4:6 p.m.32 views

CVE-2026-59226 Open WebUI: Scheduled automations continue after pending-user deactivation and stored model ACL revocation

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 before 0.10.0, executeautomation rehydrated automation owners without rechecking that they were still active or still had features.automations, and checkmodelaccess only enforced private-model grants...

3.1CVSS0.00303EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/09 4:6 p.m.7 views

CVE-2026-59226

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 before 0.10.0, executeautomation rehydrated automation owners without rechecking that they were still active or still had features.automations, and checkmodelaccess only enforced private-model grants...

3.1CVSS6AI score0.00303EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/07/09 4:6 p.m.8 views

CVE-2026-59226

Open WebUI vulnerability CVE-2026-59226 affects versions prior to 0.10.0 of the Open WebUI platform. The issue stems from execute_automation rehydrating automation owners without rechecking that they were still active or had features.automations, and from check_model_access only enforcing private...

4.3CVSS6AI score0.00303EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/07/09 4:6 p.m.4 views

CVE-2026-59226 Open WebUI: Scheduled automations continue after pending-user deactivation and stored model ACL revocation

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 before 0.10.0, executeautomation rehydrated automation owners without rechecking that they were still active or still had features.automations, and checkmodelaccess only enforced private-model grants...

3.1CVSS6.1AI score0.00303EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/09 12:0 a.m.8 views

PT-2026-56830

Name of the Vulnerable Software and Affected Versions Open WebUI versions 0.9.0 through 0.9.x Description The execute automation function rehydrated automation owners without verifying if they remained active or retained features.automations permissions. Additionally, the check model access...

4.3CVSS6.1AI score0.00303EPSS
Exploits0References9
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 9:53 p.m.14 views

Malicious code in theme-color-picker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7a4ba7e8664b9e1d99c4018963a4731d591653d7f2a9b879ba090e7a7f6e7bd Although the package presents itself as a 'theme color picker', package.json identifies the publisher as analysis-chart.io with repository...

5.9AI score
Exploits0References4
OSV
OSV
added 2026/06/23 9:53 p.m.8 views

MAL-2026-6357 Malicious code in theme-color-picker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7a4ba7e8664b9e1d99c4018963a4731d591653d7f2a9b879ba090e7a7f6e7bd Although the package presents itself as a 'theme color picker', package.json identifies the publisher as analysis-chart.io with repository...

5.9AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 10:18 p.m.12 views

Malicious code in package-uploader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 69b86134d9cd019c2d8ad172eed54cd4a48839d69ed2c6af52b79ef5080da765 [email protected] ships an install-hook.js that runs automatically as the npm postinstall script package.json declares "postinstall": "node...

5.8AI score
Exploits0References2
CVE
CVE
added 2026/06/16 9:38 p.m.22 views

CVE-2026-48783

CVE-2026-48783 affects Postiz prior to version 2.21.8. An unauthenticated endpoint (/public/modify-subscription) accepted a signed token and applied subscription-enforcement side effects to the organization in the token’s claims without verifying the token’s intended purpose. The endpoint could n...

4.8CVSS5.3AI score0.0017EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2026/06/16 8:14 a.m.20 views

Fake Microsoft Alerts Used to Deploy North Korean NarwhalRAT Malware

The North Korean state-sponsored hacking group known as ScarCruft aka APT37 has been observed using spear-phishing messages impersonating Microsoft Account security notifications to deliver a new malware called NarwhalRAT. "The attack email contained a message impersonating an MS account security...

5.9AI score
Exploits0
EUVD
EUVD
added 2026/06/15 1:15 a.m.13 views

EUVD-2026-36679

A vulnerability was determined in ShopXO up to 6.7.1. This vulnerability affects the function OrderClose/OrderSuccess/PayLogOrderClose/GoodsGiveIntegral of the file app/api/controller/Crontab.php of the component Scheduled Task Endpoint. Executing a manipulation can lead to authorization bypass...

7.5CVSS7.1AI score0.00292EPSS
Exploits0References5
CVE
CVE
added 2026/06/15 1:15 a.m.30 views

CVE-2026-12204

Summary : CVE-2026-12204 affects ShopXO up to version 6.7.1. The vulnerability resides in the Scheduled Task Endpoint, notably the file app/api/controller/Crontab.php, affecting functions OrderClose, OrderSuccess, PayLogOrderClose, and GoodsGiveIntegral. The issue allows remote manipulation that ...

7.5CVSS7.1AI score0.00292EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/15 1:15 a.m.46 views

CVE-2026-12204 ShopXO Scheduled Task Endpoint Crontab.php GoodsGiveIntegral authorization

A vulnerability was determined in ShopXO up to 6.7.1. This vulnerability affects the function OrderClose/OrderSuccess/PayLogOrderClose/GoodsGiveIntegral of the file app/api/controller/Crontab.php of the component Scheduled Task Endpoint. Executing a manipulation can lead to authorization bypass...

7.5CVSS0.00292EPSS
Exploits0References5
Rows per page
Query Builder