Lucene search
K

1075 matches found

Cvelist
Cvelist
added 2026/06/11 6:19 p.m.30 views

CVE-2026-45178 Idira Secrets Manager Self-Hosted: Improper Access Control in Internal Cluster Endpoints

Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit improper access control within internal cluster endpoints. A remote, authenticated attacker possessing standard node-level credentials could leverage these endpoints to potentially retrieve unauthorized secrets or cause a denial ...

8.4CVSS0.00361EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.14 views

PT-2026-48704

Name of the Vulnerable Software and Affected Versions Idira Secrets Manager Self-Hosted versions 13.8.0 and earlier Description Improper access control exists within internal cluster endpoints. A remote, authenticated attacker with standard node-level credentials can exploit these endpoints to...

8.4CVSS5.9AI score0.00361EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/09 6:30 p.m.10 views

EUVD-2026-35449

Mem0 versions through 0.2.8, fixed in commit ae7f406, contain a missing authorization vulnerability in the self-hosted server component where the POST /configure endpoint modifies global LLM provider and embedder configuration but only verifies authentication via JWT or X-API-Key without validati...

8.6CVSS5.5AI score0.0029EPSS
Exploits0References6
NVD
NVD
added 2026/06/09 4:16 p.m.18 views

CVE-2026-49948

Mem0 versions through 0.2.8, fixed in commit ae7f406, contain a missing authorization vulnerability in the self-hosted server component where the POST /configure endpoint modifies global LLM provider and embedder configuration but only verifies authentication via JWT or X-API-Key without validati...

8.6CVSS0.0029EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/09 3:41 p.m.33 views

CVE-2026-28301 SolarWinds Observability Self-Hosted Open Redirect Vulnerability

A vulnerability in which an attacker can provide a crafted external URL that may redirect a user to an unintended website...

4.8CVSS0.0021EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 3:41 p.m.12 views

CVE-2026-28301 SolarWinds Observability Self-Hosted Open Redirect Vulnerability

A vulnerability in which an attacker can provide a crafted external URL that may redirect a user to an unintended website...

4.8CVSS5.5AI score0.0021EPSS
Exploits0References3
CVE
CVE
added 2026/06/09 3:41 p.m.39 views

CVE-2026-28301

Technical specifics (affected products, versions, root cause, exploitability, mitigations) are not provided in the connected documents. Monitor for updates.

4.8CVSS5.5AI score0.0021EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/06/09 4:29 a.m.66 views

wisp

Wisp — the open-source Ghost alternative, built in Elixir & Ph...

5.7AI score
Exploits0
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.15 views

wacrm 安全漏洞

WACRM is a self-hosted CRM template based on WhatsApp, developed by Arnas Donauskas. The version WACRM 73041bf previously had a security vulnerability. This vulnerability stemmed from an authorization bypass issue in the automation engine, which could allow authentication attackers to access and...

7.1CVSS5.5AI score0.00216EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.15 views

CVE-2026-45773

Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14, Turborepo's self-hosted login and SSO browser flows did not validate a CSRF state value on the localhost callback. While the CLI was waiting for authentication, a malicious web page could send a...

6.5CVSS5.5AI score0.00124EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.10 views

CVE-2026-33467

Improper Verification of Cryptographic Signature CWE-347 in Elastic Package Registry could allow an attacker positioned to intercept network traffic, or to otherwise influence the contents served to a self-hosted registry, to substitute a tampered package without the integrity check failing close...

5.9CVSS5.4AI score0.00124EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.12 views

CVE-2026-44560

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the type: "file" non-full-context, type: "text" with collectionname, and bare collectionname/collectionnames paths in the getsourcesfromitems function perform vector store queries...

6.5CVSS5.5AI score0.00366EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:24 p.m.13 views

CVE-2026-44679

Tuist is a virtual platform team for Swift app devs. Prior to 1.180.10, the forgot password flow allows an unauthenticated attacker to repeatedly trigger password reset emails for a known account without server-side throttling. In self-hosted deployments, this can be abused to send large volumes ...

6.9CVSS5.4AI score0.00288EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.8 views

CVE-2026-41644

monetr is a budgeting application for recurring expenses. Prior to version 1.12.5, a server-side request forgery SSRF vulnerability in monetr's Lunch Flow integration allowed any authenticated user on a self-hosted instance to cause the monetr server to issue HTTP GET requests to arbitrary URLs...

8.3CVSS5.5AI score0.00331EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.10 views

CVE-2026-33712

Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the preview chat endpoint POST /api/v1/typebots/typebotId/preview/startChat allows unauthenticated users to achieve Server-Side Request Forgery SSRF by supplying a custom typebot definition with server-side code blocks. The fetch...

10CVSS5.5AI score0.00347EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.13 views

CVE-2026-46426

Budibase is an open-source low-code platform. Prior to 3.38.2, the file upload endpoint POST /api/attachments/process does not enforce active-content restrictions for authenticated users. The checks for dangerous file extensions are conditionally wrapped inside if isPublicUser or if isPublicUser ...

7.6CVSS5.4AI score0.00175EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.7 views

CVE-2026-40050

CrowdStrike has released security updates to address a critical unauthenticated path traversal vulnerability CVE-2026-40050 in LogScale. This vulnerability only requires mitigation by customers that host specific versions of LogScale and does not affect Next-Gen SIEM customers. The vulnerability...

9.8CVSS5.8AI score0.00597EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.12 views

CVE-2026-44554

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the POST /api/v1/retrieval/process/web endpoint accepts a user-supplied collectionname and an overwrite query parameter default: True. It performs no authorization check on whether t...

8.1CVSS5.5AI score0.00295EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-44578

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. From 13.4.13 to before 15.5.16 and 16.2.5, self-hosted applications using the built-in...

8.6CVSS5.9AI score0.38811EPSS
Exploits9References2
RedhatCVE
RedhatCVE
added 2026/06/02 11:53 p.m.14 views

CVE-2026-44577

A flaw was found in Next.js. When self-hosting Next.js with the default image loader, the Image Optimization API fetches local images entirely into memory without enforcing a maximum size limit. A remote attacker could exploit this by requesting large local assets from the /next/image endpoint...

7.5CVSS5.7AI score0.00705EPSS
Exploits1References4
Rows per page
Query Builder