Lucene search
+L

1902 matches found

Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.20 views

PT-2026-46992

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.05.1 Description Public shared-view relation endpoints fail to verify if a caller-supplied column ID is visible in the shared view. This allows anyone with a share UUID to read links from any LTAR...

6.9CVSS5.8AI score0.00239EPSS
Exploits0References10
EUVD
EUVD
added 2026/06/03 12:30 a.m.11 views

EUVD-2026-34041

Out of bounds write and reads in openSeaChest’s --showSCSIDefects in Seagate’s openSeaChest v25.05.3 on all supported platforms allows for writing defect information out of bounds for very large defects lists via a very bad drive with lots of defects or a maliciously crafted SCSI device’s defect...

1.8CVSS5.8AI score0.00102EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/02 10:31 p.m.38 views

CVE-2026-10719 Open Seachest/Seachest NVMe show Format Descriptors Vulnerability

Out of bounds write in openSeaChest’s --showSupportedFormats in Seagate’s openSeaChest v25.05.3 on all supported platforms allows for writing 1 extra byte outside of allocated memory which sets a value to 1 via a maliciously crafted NVMe device with a bogus value in the namespace FLBAS byte...

1.8CVSS0.00102EPSS
Exploits0References2
CVE
CVE
added 2026/06/01 12:0 p.m.28 views

CVE-2026-10255

The CVE concerns SourceCodester Pharmacy Sales and Inventory System 1.0. The vulnerability resides in the function sell_statement of application/controllers/ShowForm.php, which enables manipulation leading to improper access controls. Exploitation is possible remotely and public disclosure is not...

6.9CVSS5.7AI score0.00311EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/01 12:0 p.m.38 views

CVE-2026-10255 SourceCodester Pharmacy Sales and Inventory System ShowForm.php sell_statement access control

A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this vulnerability is the function sellstatement of the file application/controllers/ShowForm.php. Such manipulation leads to improper access controls. The attack can be launched remotely. The...

6.9CVSS0.00311EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/01 10:0 a.m.8 views

CVE-2026-10247

A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. This vulnerability affects the function creategenericname of the file /ShowForm/creategenericname/main. The manipulation of the argument genericname results in cross site scripting. The attack may be launched...

5.1CVSS4.3AI score0.00199EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/01 10:0 a.m.10 views

CVE-2026-10247 SourceCodester Pharmacy Sales and Inventory System main create_generic_name cross site scripting

A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. This vulnerability affects the function creategenericname of the file /ShowForm/creategenericname/main. The manipulation of the argument genericname results in cross site scripting. The attack may be launched...

5.1CVSS4.3AI score0.00199EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/01 9:45 a.m.13 views

CVE-2026-10246 SourceCodester Pharmacy Sales and Inventory System main create_medicine_presentation cross site scripting

A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function createmedicinepresentation of the file /ShowForm/createmedicinepresentation/main. The manipulation of the argument medicinepresentation leads to cross site scripting. The attack may...

5.1CVSS4.1AI score0.00199EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/01 9:15 a.m.11 views

CVE-2026-10244 SourceCodester Pharmacy Sales and Inventory System main create_medicine_name cross site scripting

A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this vulnerability is the function createmedicinename of the file /ShowForm/createmedicinename/main. Performing a manipulation of the argument medicinename results in cross site scripting. The atta...

5.1CVSS4.3AI score0.00203EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.12 views

SourceCodester Pharmacy Sales and Inventory System 访问控制错误漏洞

SourceCodester Pharmacy Sales and Inventory System is an open-source medication sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Sales and Inventory System contains a vulnerability related to access control. This vulnerability stems fro...

6.9CVSS5.7AI score0.00311EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/05/29 10:30 p.m.31 views

PraisonAI vulnerable to unauthenticated arbitrary file read via MCP workflow.show, workflow.validate, deploy.validate

Summary The fix for GHSA-9mqq-jqxf-grvw / CVE-2026-44336 is incomplete. The original advisory description named four vulnerable handlers in mcpserver/adapters/clitools.py: "registers four file-handling tools by default, praisonai.rules.create, praisonai.rules.show, praisonai.rules.delete, and...

9.6CVSS6AI score0.00619EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/05/29 10:30 p.m.12 views

GHSA-9CR9-25Q5-8PRJ PraisonAI vulnerable to unauthenticated arbitrary file read via MCP workflow.show, workflow.validate, deploy.validate

Summary The fix for GHSA-9mqq-jqxf-grvw / CVE-2026-44336 is incomplete. The original advisory description named four vulnerable handlers in mcpserver/adapters/clitools.py: "registers four file-handling tools by default, praisonai.rules.create, praisonai.rules.show, praisonai.rules.delete, and...

8.7CVSS5.9AI score0.00075EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/05/29 8:6 a.m.9 views

mtd: spi-nor: debugfs: fix out-of-bounds read in spi_nor_params_show()

...

7.1CVSS5.4AI score0.00131EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.12 views

PT-2026-45053

Name of the Vulnerable Software and Affected Versions PraisonAI affected versions not specified Description An incomplete security fix allows unauthenticated users to read arbitrary files from the host system. The issue stems from a dispatcher in server.py that accepts unvalidated kwargs from the...

8.7CVSS6.2AI score0.00075EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.17 views

Linux Distros Unpatched Vulnerability : CVE-2026-46190

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mtd: spi-nor: debugfs: fix out-of-bounds read in spinorparamsshow Sashiko noticed an out-of-bounds read 1. In spinorparamsshow, the snorfnames array is passed t...

7.1CVSS7AI score0.00131EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/28 8:25 p.m.13 views

EUVD-2026-33023

Mantis Bug Tracker MantisBT is an open source issue tracker. Prior to 2.28.2, using showinline=1 parameter and a valid fileshowinlinetoken CSRF token on filedownload.php, an attacker can execute code by uploading a crafted XHTML attachment referencing a JavaScript attachment. This vulnerability i...

7.5CVSS6AI score0.00349EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/28 8:25 p.m.32 views

CVE-2026-44657 MantisBT: Stored XSS in File Download

Mantis Bug Tracker MantisBT is an open source issue tracker. Prior to 2.28.2, using showinline=1 parameter and a valid fileshowinlinetoken CSRF token on filedownload.php, an attacker can execute code by uploading a crafted XHTML attachment referencing a JavaScript attachment. This vulnerability i...

7.5CVSS0.00349EPSS
Exploits0References4
CVE
CVE
added 2026/05/28 8:25 p.m.21 views

CVE-2026-44657

CVE-2026-44657 – MantisBT : Before version 2.28.2, an attacker can execute code by exploiting a stored XSS vector in file_download.php. When the request uses show_inline=1 together with a valid file_show_inline CSRF token and the uploader references a crafted XHTML attachment that points to a Jav...

7.5CVSS6AI score0.00349EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/28 8:25 p.m.13 views

CVE-2026-44657 MantisBT: Stored XSS in File Download

Mantis Bug Tracker MantisBT is an open source issue tracker. Prior to 2.28.2, using showinline=1 parameter and a valid fileshowinlinetoken CSRF token on filedownload.php, an attacker can execute code by uploading a crafted XHTML attachment referencing a JavaScript attachment. This vulnerability i...

7.5CVSS6AI score0.00349EPSS
Exploits0References4
OSV
OSV
added 2026/05/28 8:25 p.m.2 views

CVE-2026-44657 MantisBT: Stored XSS in File Download

Mantis Bug Tracker MantisBT is an open source issue tracker. Prior to 2.28.2, using showinline=1 parameter and a valid fileshowinlinetoken CSRF token on filedownload.php, an attacker can execute code by uploading a crafted XHTML attachment referencing a JavaScript attachment. This vulnerability i...

7.5CVSS6.1AI score0.00349EPSS
Exploits0References6
Rows per page
Query Builder