Lucene search
K

1901235 matches found

Cvelist
Cvelist
added 42 minutes ago4 views

CVE-2026-15746 Credential disclosure in Strands Agents Tools elasticsearch_memory tool

Strands Agents is an open-source Python SDK for building and running AI agents. The strands-agents-tools package provides pre-built tools for use with the SDK, including the elasticsearchmemory tool for agent memory storage. We identified CVE-2026-15746, a server-side request forgery SSRF issue i...

6.9CVSS
Exploits0References3
CVE
CVE
added 42 minutes ago3 views

CVE-2026-15746 Credential disclosure in Strands Agents Tools elasticsearch_memory tool

Strands Agents is an open-source Python SDK for building and running AI agents. The strands-agents-tools package provides pre-built tools for use with the SDK, including the elasticsearchmemory tool for agent memory storage. We identified CVE-2026-15746, a server-side request forgery SSRF issue i...

6.9CVSS6.1AI score
Exploits0References3
Cvelist
Cvelist
added 44 minutes ago4 views

CVE-2026-12997 Gravity Forms <= 2.10.4 - Unauthenticated Arbitrary File Read via 'gform_uploaded_files' Parameter

The Gravity Forms plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.10.4 via the 'gformuploadedfiles' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain...

7.5CVSS
Exploits0References2
CVE
CVE
added 44 minutes ago5 views

CVE-2026-12997 Gravity Forms <= 2.10.4 - Unauthenticated Arbitrary File Read via 'gform_uploaded_files' Parameter

The Gravity Forms plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.10.4 via the 'gformuploadedfiles' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain...

7.5CVSS6.2AI score
Exploits0References2
OSV
OSV
added 52 minutes ago1 views

GHSA-77X8-3V3H-HRHV MantisBT: Reflected XSS in admin/install.php

MantisBT 2.28.3 and earlier contains six reflected XSS injection points in /admin/install.php. User-supplied parameters are echoed into HTML without escaping via printtestresult. No authentication is required. A Content Security Policy script-src 'self' prevents inline JavaScript execution, but t...

9.2CVSS6.1AI score
Exploits0References5
GithubExploit
GithubExploit
added 55 minutes ago6 views

CVE-Hunter

CVE Hunter Pro A Chrome extension for fast, single-lookup CVE...

6.7CVSS6.2AI score0.0024EPSS
Exploits5
NVD
NVD
added 1 hour ago4 views

CVE-2026-20296

In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.7, 10.3.2512.16, 10.2.2510.18, and 10.1.2507.24, an attacker could trick a user that holds a role with the listdeploymentserver capability into running arbitrary...

8.3CVSS
Exploits0References1
Cvelist
Cvelist
added 1 hour ago3 views

CVE-2026-49987 Repomix: Command Injection (RCE) via `--remote-branch` Argument Injection

Repomix is a tool that packs repositories into AI-friendly files. Prior to 1.14.1, src/core/git/gitCommand.ts execGitShallowClone passes the --remote-branch value directly to git fetch and git checkout without validation or --end-of-options, allowing --upload-pack or other Git option injection th...

7.5CVSS0.00066EPSS
Exploits0References3
CVE
CVE
added 1 hour ago13 views

CVE-2026-49987 Repomix: Command Injection (RCE) via `--remote-branch` Argument Injection

Repomix is a tool that packs repositories into AI-friendly files. Prior to 1.14.1, src/core/git/gitCommand.ts execGitShallowClone passes the --remote-branch value directly to git fetch and git checkout without validation or --end-of-options, allowing --upload-pack or other Git option injection th...

7.5CVSS6.2AI score0.00066EPSS
Exploits0References3
OSV
OSV
added 1 hour ago1 views

GHSA-6QVR-WJMV-V8MM Koel: Incomplete fix for CVE-2026-47260 — systemic SSRF in podcast & radio fetch paths

Summary The fix for CVE-2026-47260 v9.3.5 added an initial isSafeUrl check to several fetchers synchronizeEpisodes, getStreamableUrl, AddRadioStation, EpisodePlayable, but the redirect-target validation — the per-hop Guzzle onredirect callback added in follow-up commit be1e867 — was applied to on...

7.1CVSS6.1AI score
Exploits0References7
OSV
OSV
added 1 hour ago1 views

MAL-2026-10689 Malicious code in pylogora (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b01e8dfbdf9823541eee73bd52086cac9e0ea70246992afe74873372b5d6a293 The typosquatted package installs a Mythic/Poseidon C2 framework beacon and ensures persistence. After installation, the beacon communicates with C2 on...

6.2AI score
Exploits0References4
OSV
OSV
added 1 hour ago0 views

MAL-2026-10688 Malicious code in log-guru (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6da98c6d79df38328235bb1df969316bd484b2a02594f8656772cd9a1e48f16b The typosquatted package installs a Mythic/Poseidon C2 framework beacon and ensures persistence. After installation, the beacon communicates with C2 on...

6.2AI score
Exploits0References4
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-44737

In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.7, 10.3.2512.16, 10.2.2510.18, and 10.1.2507.24, an attacker could trick a user that holds a role with the listdeploymentserver capability into running arbitrary...

8.3CVSS6.2AI score
Exploits0References1
CVE
CVE
added 2 hours ago8 views

CVE-2026-20296

In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.7, 10.3.2512.16, 10.2.2510.18, and 10.1.2507.24, an attacker could trick a user that holds a role with the listdeploymentserver capability into running arbitrary...

8.3CVSS6.2AI score
Exploits0References1
Cvelist
Cvelist
added 2 hours ago6 views

CVE-2026-20296 SPL Command Safeguards Bypass through Cross-Site Request Forgery (CSRF) in Deployment Server in Splunk Enterprise

In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.7, 10.3.2512.16, 10.2.2510.18, and 10.1.2507.24, an attacker could trick a user that holds a role with the listdeploymentserver capability into running arbitrary...

8.3CVSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2 hours ago4 views

CVE-2026-20296 SPL Command Safeguards Bypass through Cross-Site Request Forgery (CSRF) in Deployment Server in Splunk Enterprise

In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.7, 10.3.2512.16, 10.2.2510.18, and 10.1.2507.24, an attacker could trick a user that holds a role with the listdeploymentserver capability into running arbitrary...

8.3CVSS6.2AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2 hours ago3 views

CVE-2026-20296

In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.7, 10.3.2512.16, 10.2.2510.18, and 10.1.2507.24, an attacker could trick a user that holds a role with the listdeploymentserver capability into running arbitrary...

8.3CVSS6.2AI score
Exploits0References2Affected Software2
NVD
NVD
added 2 hours ago3 views

CVE-2026-62378

RustFS Console is a web management console for the RustFS distributed file system. From 0.1.7 until 0.1.10, the RustFS Console components/object/preview-modal.tsx and components/object/pdf-viewer.tsx extension-based PDF preview path can render HTML content uploaded as .pdf, allowing stored...

9CVSS
Exploits0References3
NVD
NVD
added 2 hours ago3 views

CVE-2026-1562

Pega Platform versions 8.1.0 through 25.1.2 are affected by an Stored Cross-site scripting XSS vulnerability in a user interface component. Requires a high privileged user with a developer role...

4.6CVSS
Exploits0References1
NVD
NVD
added 2 hours ago3 views

CVE-2026-1563

Pega Platform versions 8.1.0 through 25.1.2 are affected by an Reflected Cross-site scripting XSS vulnerability in a user interface component. Requires a high privileged user with a developer role...

4.8CVSS
Exploits0References1
Rows per page
Query Builder