Lucene search
K

848 matches found

EUVD
EUVD
added 2 days ago8 views

EUVD-2026-43237

A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.25.2. Affected by this issue is the function ToolsRoute.testmcpconnection of the file astrbot/dashboard/routes/tools.py of the component MCP Test Endpoint. The manipulation of the argument mcpserverconfig.url leads to...

6.5CVSS6.2AI score0.00206EPSS
Exploits0References5
CVE
CVE
added last week9 views

CVE-2026-13020

CVE-2026-13020 affects Esri Portal for ArcGIS up to version 12.1 on Windows, Linux, and Kubernetes. A weak password-recovery mechanism lets a remote, unauthenticated attacker potentially take ownership of a user account by manipulating the recovery flow. The vulnerability’s impact is described as...

9.8CVSS6AI score0.00234EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added last week7 views

EUVD-2026-42057

A Weak Password Recovery Mechanism for Forgotten Password exists in Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes. A remote, unauthorized attacker may assume ownership of a user’s account by manipulating this mechanism. ArcGIS Administrators should configure an...

8.1CVSS6AI score0.00234EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/06 8:12 a.m.30 views

CVE-2026-1433 uniFLOW Universal Login Manager (ULM) Standalone Improper Protection of Sensitive Information Leads to Information Disclosure

uniFLOW Universal Login Manager ULM Standalone contains an information disclosure vulnerability that may allow an authenticated administrator to access sensitive configuration information through the ULM Remote User Interface RUI. Exploitation requires administrative privileges and may disclose...

4.8CVSS0.00217EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/01 1:49 p.m.32 views

CVE-2026-23537 Feast: unauthenticated arbitrary file write

A vulnerability has been identified in the Feast Feature Server’s /save-document endpoint that allows an unauthenticated remote attacker to write arbitrary JSON files to the server's filesystem. Although the system attempts to restrict file locations, these protections can be bypassed, enabling a...

9.1CVSS0.00568EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/07/01 9:31 a.m.13 views

httpd: Apache HTTP Server: Denial of Service via crafted regular expressions

A flaw was found in Apache HTTP Server. This buffer underwrite vulnerability occurs when processing crafted regular expressions in the server's configuration. An attacker could potentially exploit this to cause a denial of service...

9.8CVSS5.9AI score0.00486EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/29 12:31 a.m.9 views

EUVD-2026-40012

A security vulnerability has been detected in Tenda JD12L 16.03.53.23. Impacted is the function formSetPPTPServer of the file /goform/SetPptpServerCfg. Such manipulation of the argument startIp leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclos...

9CVSS8AI score0.00476EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/25 9:12 p.m.27 views

CVE-2026-55962 TLS 1.3 post-handshake authentication: server accepts Finished without client Certificate/CertificateVerify

TLS 1.3 post-handshake authentication PHA issue where a server could accept a client's Finished message without the client having sent a Certificate and CertificateVerify. The post-handshake-auth exemption that allows an empty/absent peer certificate was only intended for the initial handshake, b...

6CVSS0.00143EPSS
Exploits0References2
CVE
CVE
added 2026/06/23 12:53 a.m.43 views

CVE-2026-11833

CVE-2026-11833 affects FAST/TOOLS (RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) from R9.01 to R10.04 and CI Server (all packages) from R1.01 to R1.04. The web server may return a response containing CI Server setting information, which could be exploited by an attacker for other attacks. The CVSS4 scor...

8.2CVSS5.7AI score0.00217EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 12:32 p.m.24 views

CVE-2025-59872

Technical details about CVE-2025-59872 are not publicly provided in the supplied documents; monitor for updates.

9.8CVSS6AI score0.00454EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/12 2:35 p.m.23 views

CVE-2026-44631

A flaw was found in Apache HTTP Server. This buffer underwrite vulnerability occurs when processing crafted regular expressions in the server's configuration. An attacker could potentially exploit this to cause a denial of service. Mitigation Only loadtrustedApache configuration; the bug triggers...

9.8CVSS5.4AI score0.00486EPSS
Exploits0References4
CVE
CVE
added 2026/06/10 10:11 p.m.27 views

CVE-2026-47734

Dulwich prior to 1.2.5 is vulnerable to an unbounded memory allocation in receive-pack when processing a crafted thin pack. A tiny push (~174 bytes) can declare a huge dest_size in the delta header, causing add_thin_pack / apply_delta to allocate hundreds of MB regardless of actual data. Impacted...

5.7CVSS5.4AI score0.00188EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/10 7:33 p.m.13 views

Claude Code Action: Malicious MCP Server Configuration in PRs Enables Remote Code Execution and Secret Exfiltration

Due to the combination of checking out PR head branches attacker-controlled, reading .mcp.json from the working directory via default setting sources, and unconditionally enabling all project MCP servers via enableAllProjectMcpServers, it was possible for an attacker who opened a PR containing a...

6.3AI score0.00069EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/05 8:12 p.m.9 views

CVE-2026-11423 Path Traversal in Altium Enterprise Server Collaboration Service Allows Privilege Escalation

A path traversal vulnerability exists in the Altium Enterprise Server Collaboration Service due to improper handling of user-supplied filenames in the MCAD and Simulation file download flows. A regular authenticated user can submit a collaboration message containing a crafted filename, which is...

9.4CVSS5.6AI score0.00321EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.12 views

CVE-2026-30617

LangChain-ChatChat 0.3.1 contains a remote code execution vulnerability in its MCP STDIO server configuration and execution handling. A remote attacker can access the publicly exposed MCP management interface and configure an MCP STDIO server with attacker-controlled commands and arguments. When...

8.6CVSS6.8AI score0.00472EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/05 7:11 p.m.35 views

CVE-2026-46397 haxcms-php Local File Inclusion via saveOutline API Location Parameter v2.0

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an Authenticated Local File Inclusion LFI vulnerability in the HAXCMS saveOutline endpoint allows a low-privileged user to read arbitrary files on the server by manipulating the location field written in...

6.5CVSS0.00289EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.11 views

CVE-2026-8856

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service in configurations where an attacker has write access to parts of the server configuration...

9.1CVSS5.5AI score0.00197EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/05 5:19 a.m.82 views

Exploit for Missing Authentication for Critical Function in Mcpjam Inspector

CVE-2026-23744-MCPJAM-RCE-exploit This Python proof-of-concept...

9.8CVSS6AI score0.43671EPSS
Exploits34
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.22 views

PT-2026-47036

Name of the Vulnerable Software and Affected Versions Altium Enterprise Server affected versions not specified Description The Vault service uses a hard-coded cryptographic key to sign file download URLs. Since this key is identical across all installations, an unauthenticated network attacker ca...

10CVSS5.5AI score0.00478EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/02 10:35 p.m.11 views

EUVD-2026-34046

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, the Model Context Protocol MCP server integration resolves $VAR placeholders against the server's process.env during Zod schema validation of user-supplied MCP server URLs. Any...

9.6CVSS5.8AI score0.0294EPSS
Exploits1References1
Rows per page
Query Builder