Lucene search
K

11039 matches found

Nuclei
Nuclei
added 8 hours ago89 views

LocalAI - Partial Local File Read

A vulnerability in the /models/apply endpoint of mudler/localai versions 2.15.0 allows for Server-Side Request Forgery SSRF and partial Local File Inclusion LFI. The endpoint supports both https-// and file-// schemes, where the latter can lead to LFI. However, the output is limited due to the...

5.8CVSS6.3AI score0.02475EPSS
Exploits1References3
Nuclei
Nuclei
added 8 hours ago19 views

Emby Server - Authentication Bypass

Emby Server is a user-installable home media server which stores and organizes a user's media files of virtually any format and makes them available for viewing at home and abroad on a broad range of client devices. This vulnerability may allow administrative access to an Emby Server system,...

9.1CVSS6.9AI score0.01713EPSS
Exploits0References2
Cvelist
Cvelist
added yesterday22 views

CVE-2026-49972 Laravel-Mediable < 7.0.0 File Upload RCE via Extension Bypass

Laravel-Mediable before 7.0.0 contains a file upload vulnerability that allows unauthenticated attackers to achieve remote code execution by uploading a file with an embedded PHP extension disguised within a double extension such as shell.php.jpg. The PATHINFOFILENAME extraction preserves the inn...

8.8CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-49972

Laravel-Mediable before 7.0.0 contains a file upload vulnerability that allows unauthenticated attackers to achieve remote code execution by uploading a file with an embedded PHP extension disguised within a double extension such as shell.php.jpg. The PATHINFOFILENAME extraction preserves the inn...

8.8CVSS6.5AI score
Exploits0References4
Nuclei
Nuclei
added yesterday137 views

Gogs <= 0.13.3 - Remote Code Execution

Gogs self-hosted Git service versions 0.13.3 and earlier contain a critical symlink bypass vulnerability that circumvents the fix for CVE-2024-55947. Authenticated users can exploit improper symbolic link handling in the PutContents API to overwrite files outside the repository by committing a...

8.8CVSS7.2AI score0.7654EPSS
Exploits19References4
The Hacker News
The Hacker News
added 4 days ago6 views

URGENT - Progress Tells ShareFile Customers to Shut Down Storage Zone Controllers Over Security Threat

Progress Software has told ShareFile customers to shut down the Windows servers running their Storage Zone Controllers, confirming to The Hacker News that it is responding to a "credible external security threat." The company has temporarily disabled access to the affected accounts, a step it say...

9.8CVSS7AI score0.95076EPSS
Exploits2
NVD
NVD
added 5 days ago9 views

CVE-2026-59720

Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, mock server creation in mock-server.service.ts does not persist the isPublic input field while schema.prisma defaults isPublic to true, causing mock servers linked to private collections to be publicly accessible without...

7.5CVSS0.00336EPSS
Exploits0References4
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-59222 Open WebUI: /api/v1/channels/{id}/members exposes full user model including sensitive credentials

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.7.0 before 0.10.0, GET /api/v1/channels//members returned full UserModelResponse objects for channel members, including settings.ui.toolServers.key and webhook configuration, allowing a normal channel...

6CVSS0.00265EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-59222

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.7.0 before 0.10.0, GET /api/v1/channels//members returned full UserModelResponse objects for channel members, including settings.ui.toolServers.key and webhook configuration, allowing a normal channel...

6CVSS5.9AI score0.00265EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42609

n8n is an open source workflow automation platform. Prior to 2.27.4 and 2.28.1, the AI Agents feature did not enforce the Allowed HTTP Request Domains restriction configured on credentials when an MCP tool was pointed at an arbitrary URL, allowing a member-level user with use-only access to a...

7.1CVSS6.1AI score0.00263EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 6 days ago3 views

golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation

A flaw was found in golang.org/x/crypto/ssh. Source-address validation can be skipped when an SSH server configuration uses an authentication callback type other than public key, allowing authorization bypass in misconfigured servers. This is a follow-on to incomplete coverage from the...

10CVSS5.9AI score0.0044EPSS
Exploits0References8
EUVD
EUVD
added 2026/07/07 6:0 a.m.7 views

EUVD-2026-42012

The uncanny-automator-pro WordPress plugin before 7.3.0.6 was distributed with malicious code after the vendor's uncanny-automator-pro WordPress plugin before 7.3.0.6 update/distribution infrastructure was compromised; the injected backdoor grants unauthenticated attackers an administrator sessio...

9.8CVSS6AI score0.00303EPSS
Exploits0References1
CVE
CVE
added 2026/07/07 3:19 a.m.17 views

CVE-2026-34048

CVE-2026-34048 concerns Coolify prior to 4.0.0-beta.471, where terminal websocket bootstrap routes failed to enforce terminal authorization, only checking authentication. This allowed a low-privileged team member to connect to terminal routes and execute commands on team servers. The issue is fix...

9.9CVSS6AI score0.00405EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/07 3:15 a.m.29 views

CVE-2026-42143 Coolify: OS Command Injection via Persistent Volume Names - Root RCE on Managed Servers

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, user-controlled persistent volume names are interpolated into shell commands executed on managed servers without escaping or validation, allowing an authenticated member to...

8.8CVSS0.00435EPSS
Exploits0References3
CVE
CVE
added 2026/07/07 3:15 a.m.13 views

CVE-2026-42143

Coolify prior to 4.0.0-beta.471 is affected by an OS Command Injection via user-controlled persistent volume names that are interpolated into shell commands on managed servers without escaping/validation. An authenticated user could inject shell metacharacters through volume operations and execut...

8.8CVSS6AI score0.00435EPSS
Exploits0References3
OSV
OSV
added 2026/07/07 3:15 a.m.4 views

CVE-2026-42143 Coolify: OS Command Injection via Persistent Volume Names - Root RCE on Managed Servers

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, user-controlled persistent volume names are interpolated into shell commands executed on managed servers without escaping or validation, allowing an authenticated member to...

8.8CVSS6AI score0.00435EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/07 2:58 a.m.6 views

CVE-2026-34058

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the Livewire component Server\Resources exposes public methods startUnmanaged, stopUnmanaged, restartUnmanaged that accept a container ID parameter directly from the browse...

8.8CVSS6.2AI score0.00352EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.9 views

PT-2026-56148

Name of the Vulnerable Software and Affected Versions uncanny-automator-pro WordPress plugin versions prior to 7.3.0.6 Description The software was distributed with malicious code following a compromise of the vendor's update and distribution infrastructure. This supply chain compromise introduce...

9.8CVSS6AI score0.00303EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.14 views

PT-2026-56020

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.471 Description An authenticated command injection exists in the GetLogs Livewire component. Users with team membership, including those with the lowest privilege role, can execute arbitrary commands as roo...

8.8CVSS6.1AI score0.01385EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2026/07/01 5:33 p.m.5 views

foreman: Foreman: Information disclosure via improper validation of nested request parameters

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...

4.3CVSS5.7AI score0.00231EPSS
Exploits0References4
Rows per page
Query Builder