Lucene search
K

1395892 matches found

Cvelist
Cvelist
added 1 hour ago9 views

CVE-2026-15921 nvm path traversal via a malicious mirror's LTS codename writes outside the alias directory

Node Version Manager nvm is a POSIX-compliant shell function for managing multiple node.js versions. In versions 0.32.1 through 0.40.5, nvm ls-remote and other commands that refresh remote LTS aliases, such as nvm install --lts parse the node.js mirror's index.tab and use each release's LTS...

3.1CVSS
Exploits0References2
CVE
CVE
added 1 hour ago6 views

CVE-2026-53444

Wekan (open-source Kanban, Meteor-based) prior to v9.32 had missing authorization on OIDC-related Meteor methods (e.g., setCreateOrgFromOidc, setOrgAllFieldsFromOidc, setCreateTeamFromOidc, setTeamAllFieldsFromOidc, boardRoutineOnLogin, groupRoutineOnLogin) in packages/wekan-oidc/oidc_server.js a...

7.6CVSS6.1AI score0.00022EPSS
Exploits0References3
CVE
CVE
added 1 hour ago4 views

CVE-2026-55576

The CVE-2026-55576 entry concerns MaaAssistantArknights. In the dev-v2 workflow, the string from github.event.pull_request.title was inlined into a run: shell command in .github/workflows/release-preparation.yml for PRs opened, reopened, or ready_for_review. A non-draft fork PR with a title start...

8.8CVSS6.2AI score
Exploits0References2
NVD
NVD
added 2 hours ago3 views

CVE-2026-56742

Cilium is a networking, observability, and security solution. Prior to 1.17.17, 1.18.11, and 1.19.5, Cilium clusters using Gateway API allow users with permissions to create or update namespaced HTTPRoutes to mirror HTTP traffic to any Service in any namespace, bypassing the ReferenceGrant...

5.9CVSS
Exploits0References8
RedHat Linux
RedHat Linux
added 3 hours ago3 views

Important: Red Hat Security Advisory: Red Hat Quay 3.9.24

Red Hat Quay 3.9.24 is now available with bug fixes. Quay 3.9.24...

9.6CVSS6.8AI score0.01041EPSS
Exploits5References25
CVE
CVE
added 4 hours ago15 views

CVE-2026-46421

The CVE concerns a supply-chain compromise in the SAP Cloud Application Programming Model’s cap-js/cds-dbs monorepo. On 2026-04-29, compromised versions of @cap-js/[email protected], @cap-js/[email protected], and @cap-js/[email protected] were published; these malicious packages harvested credentials (n...

9.3CVSS6.1AI score0.00025EPSS
Exploits0References4
NVD
NVD
added 4 hours ago4 views

CVE-2026-53514

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, and in 1.6.14 and later when invitation IDs can be obtained outside the invited mailbox and requireEmailVerificationOnInvitation: true is not enabled, the organization plugin's acceptInvitation,...

7.7CVSS0.00016EPSS
Exploits0References4
NVD
NVD
added 4 hours ago4 views

CVE-2026-53513

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, the @better-auth/sso plugin's POST /sso/register and POST /sso/update-provider endpoints accept attacker-controlled oidcConfig.userInfoEndpoint, tokenEndpoint, and jwksEndpoint URLs when skipDiscovery: tru...

9.6CVSS0.00025EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 5 hours ago4 views

CVE-2026-53518

Better Auth is an authentication and authorization library for TypeScript. From 1.6.0 until 1.6.11, the @better-auth/oauth-provider POST /oauth2/token endpoint for the authorizationcode grant redeems a single-use authorization code through a non-atomic find-then-delete sequence, allowing two...

7.6CVSS6.1AI score0.00029EPSS
Exploits0References4Affected Software1
NVD
NVD
added 5 hours ago3 views

CVE-2026-45804

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, Diffusers' DiffusionPipeline.frompretrained flow can bypass the trustremotecode guard because download validates modelindex.json and custom pipeline code before later loading from a cached folder that can change, allowin...

7.5CVSS0.00048EPSS
Exploits0References5
NVD
NVD
added 5 hours ago4 views

CVE-2026-20150

As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The...

8.8CVSS
Exploits0References1
NVD
NVD
added 5 hours ago5 views

CVE-2026-20156

As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The...

8.1CVSS
Exploits0References1
NVD
NVD
added 5 hours ago4 views

CVE-2026-20187

As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The...

7.5CVSS
Exploits0References1
NVD
NVD
added 5 hours ago3 views

CVE-2026-20158

As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The...

7.5CVSS
Exploits0References1
NVD
NVD
added 5 hours ago4 views

CVE-2026-20153

As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The...

7.5CVSS
Exploits0References1
NVD
NVD
added 5 hours ago4 views

CVE-2026-20157

As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The...

7.5CVSS
Exploits0References1
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-44752

Kanboard through 1.2.52, fixed in commit 564cc30, BoardAjaxController save method used by the kanban board drag-and-drop endpoint validates the caller's role on the attacker-supplied projectid but never verifies that the supplied taskid actually belongs to that project. Because task identifiers a...

8.1CVSS6.1AI score
Exploits0References4
CVE
CVE
added 5 hours ago5 views

CVE-2026-58659

Summary: CVE-2026-58659 affects PyTorch Lightning up to version 2.6.5. The vulnerability lies in the _load_state function, which can import and execute attacker-controlled module names from the checkpoint _instantiator hyperparameters, enabling remote code execution when LightningModule.load_from...

8.4CVSS6.6AI score
Exploits0References4
CVE
CVE
added 6 hours ago14 views

CVE-2025-32781

CVE-2025-32781 affects Apollo Portal prior to 2.5.0, where an authenticated user can request a release by ID (GET /envs/{env}/releases/{releaseId}) with configView.memberOnly.envs enabled and read configuration data from other applications/namespaces. Root cause: missing application/namespace per...

6.5CVSS6.1AI score
Exploits0References4
RedHat Linux
RedHat Linux
added 6 hours ago1 views

Important: Red Hat Security Advisory: multicluster engine for Kubernetes v2.6.12 security update

The multicluster engine for Kubernetes 2.6 General Availability release images, which add new features and enhancements, bug fixes, and updated container images. The multicluster engine for Kubernetes v2.6 images The multicluster engine for Kubernetes provides the foundational components that are...

9.6CVSS6.8AI score0.01041EPSS
Exploits6References13
Rows per page
Query Builder