Lucene search
K

10982 matches found

Vulnrichment
Vulnrichment
added 2026/07/01 2:8 p.m.7 views

CVE-2026-5138 Foreman: foreman: information disclosure via improper validation of nested request parameters

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...

4.3CVSS5.8AI score0.00231EPSS
Exploits0References4
CVE
CVE
added 2026/07/01 2:8 p.m.16 views

CVE-2026-5138

Foreman vulnerability CVE-2026-5138 involves the taxonomy_scope controller failing to validate organization and location IDs in nested request parameters. An authenticated user with host-edit permissions can trigger cross-tenant information disclosure, leaking sensitive infrastructure metadata (s...

4.3CVSS5.8AI score0.00231EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/01 2:8 p.m.5 views

CVE-2026-5138

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...

4.3CVSS5.8AI score0.00231EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/01 2:8 p.m.8 views

EUVD-2026-41004

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...

4.3CVSS5.8AI score0.00231EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2026/06/30 5:45 p.m.12 views

RustDuck Botnet Rebuilds in Rust to Hijack Routers and Servers for DDoS

A new two-stage malware family called RustDuck is hijacking home routers, IP cameras, Android boxes, and poorly secured servers, then stitching them into a network built to knock websites and online services offline. Researchers at QiAnXin's XLab have tracked it since February 2026, and say the...

6.5AI score
Exploits0
NVD
NVD
added 2026/06/30 5:16 p.m.11 views

CVE-2026-58168

DeepTutor before version 1.4.10 contains an authorization bypass vulnerability that allows low-privilege users to invoke unrestricted MCP tools due to the allowedmcptools function returning None instead of a denied result when mcptools is omitted from a user's grant in...

8.8CVSS0.00412EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/30 3:52 p.m.7 views

EUVD-2026-40375

DeepTutor before version 1.4.10 contains an authorization bypass vulnerability that allows low-privilege users to invoke unrestricted MCP tools due to the allowedmcptools function returning None instead of a denied result when mcptools is omitted from a user's grant in...

8.8CVSS5.8AI score0.00412EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/29 9:47 p.m.6 views

CVE-2026-34592

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, Coolify server and project lookups are not scoped to the current team, allowing any authenticated user to access servers and projects belonging to other teams by specifying...

7.7CVSS5.8AI score0.00201EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/29 2:58 p.m.9 views

CVE-2026-58051

A flaw in libssh2 allows a malicious SSH server to send a malformed public key response, triggering an invalid memory cleanup. This can cause the connecting client application to crash or leak information. Mitigation To mitigate this issue, ensure your applications connect only to trusted and...

8.3CVSS5.8AI score0.0028EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/29 2:41 p.m.11 views

CVE-2026-58050

A flaw in libssh2 allows a malicious SSH server to trigger a memory overflow by sending a manipulated attribute count. This can cause the connecting client to crash or allow unauthorized code execution. Mitigation To mitigate this issue,ensure your applications are running strictly on 64-bit...

8.3CVSS5.9AI score0.00333EPSS
Exploits0References6
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-452 pgAdmin 4 server mode has an authorization vulnerability affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules

Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fetched user-owned objects without filtering by the requesting user's identity. An authenticated user could access another user's...

9.9CVSS6.1AI score0.00455EPSS
Exploits0References6
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-559 Upsonic: remote code execution vulnerability in its MCP server/task creation functionality

Upsonic 0.71.6 contains a remote code execution vulnerability in its MCP server/task creation functionality. The application allows users to define MCP tasks with arbitrary command and args values. Although an allowlist exists, certain allowed commands npm, npx accept argument flags that enable...

9.8CVSS6.8AI score0.00974EPSS
Exploits0References6
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-416 MLflow Server-Side Request Forgery (SSRF)

A malicious user could use this issue to access internal HTTPs servers and in the worst case ie: aws instance it could be abused to get a remote code execution on the victim machine...

9.8CVSS7.8AI score0.01507EPSS
Exploits1References6
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-343 Glances's Browser API Exposes Reusable Downstream Credentials via `/api/4/serverslist`

Summary In Central Browser mode, the /api/4/serverslist endpoint returns raw server objects from GlancesServersList.getserverslist. Those objects are mutated in-place during background polling and can contain a uri field with embedded HTTP Basic credentials for downstream Glances servers, using t...

9.1CVSS5.8AI score0.00472EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.20 views

PT-2026-53749

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.471 Description Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Server and project lookups are not scoped to the current team, which allows any...

7.7CVSS5.8AI score0.00201EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/27 12:30 a.m.6 views

EUVD-2026-39924

The DMP-5000 file service exposes authenticated arbitrary file upload functionality. There are exposed endpoints which allows authenticated users to upload files of any type without validation. No file extension filtering or content inspection is enforced which allows executable binaries and...

8.4CVSS5.9AI score0.00459EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.14 views

PT-2026-53024

Name of the Vulnerable Software and Affected Versions regclient affected versions not specified Description Authentication credentials for a registry may be leaked to external servers. This occurs when a malicious registry server, a malicious blob store, or a registry that fails to restrict...

6.8CVSS5.9AI score
Exploits0References4
OSV
OSV
added 2026/06/25 10:34 p.m.4 views

GO-2026-5771 DNS Rebinding Protection Disabled by Default in Model Context Protocol Go SDK for Servers Running on Localhost in github.com/modelcontextprotocol/go-sdk

DNS Rebinding Protection Disabled by Default in Model Context Protocol Go SDK for Servers Running on Localhost in github.com/modelcontextprotocol/go-sdk...

8.1CVSS5.8AI score0.00455EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/25 10:15 p.m.11 views

EUVD-2026-31393

golang.org/x/crypto/ssh is vulnerable to invoking server panic during CheckHostKey/Authenticate flow...

5.3CVSS5.8AI score0.00394EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/25 8:38 p.m.6 views

EUVD-2026-39561

Two data sources DICOMWebProxy and DICOMJSON shipped in the default configuration fetch an arbitrary URL parameter without validation. A global authentication service in OHIF automatically injects the authenticated user's OIDC Bearer token into the resulting requests, sending it to the...

8.3CVSS6AI score0.00232EPSS
Exploits0References2
Rows per page
Query Builder