Lucene search
K

1913 matches found

NVD
NVD
added yesterday6 views

CVE-2026-15516

A vulnerability was detected in MacCMS Pro up to 2022.1000.3005. Impacted is the function step5 of the file application/install/controller/Index.php of the component Installation Module. The manipulation results in authorization bypass. The attack may be launched remotely. The attack requires a...

6.3CVSS0.00274EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.17 views

PT-2026-56176

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.3.0 Description The Bulk Variables API fails to pass the variable's key to the redactor. This prevents the should hide value for key function from identifying secret-suffixed key names, such as password, toke...

6.5CVSS5.9AI score0.00664EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.6 views

Debian dla-4666 : openvpn - security update

The remote Debian 12 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4666 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-4666-1 [email protected]...

7.5CVSS7AI score0.00549EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.3 views

IBM WebSphere Application Server 8.5.x < 8.5.5.31 / 9.x < 9.0.5.29 / Liberty 17.0.0.3 < 26.0.0.8 (7278576)

The version of IBM WebSphere Application Server running on the remote host is affected by multiple vulnerabilities as referenced in the 7278576 advisory. - There is no restriction on the amount of attachment headers that a message can contain when being deserialized by Apache CXF, which can lead ...

7.5CVSS6AI score0.0046EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/30 1:36 p.m.7 views

CVE-2025-53648

SQL misconfiguration in the Gravitino UI, in versions 1.0.0 and below, can allow a malicious user to read or truncate files. Users are recommended to upgrade to version 1.0.0, which fixes this issue...

5.4CVSS5.7AI score0.00348EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/30 11:16 a.m.5 views

UBUNTU-CVE-2026-49877

Improper Authorization vulnerability in Apache ActiveMQ. An authenticated low-privilege Web Console user by default can access /admin/ paths in the Web Console. The default Jetty settings incorrectly did not limit those paths to only admins. This issue affects Apache ActiveMQ: before 5.19.8, from...

8.1CVSS5.8AI score0.0051EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.8 views

Axis Communications AXIS OS Improper Validation of Syntactic Correctness of Input (CVE-2024-8160)

A researcher in the AXIS OS Bug Bounty Program has found that the VAPIX API ftptest.cgi did not have a sufficient input validation allowing for a possible command injection to transfer files to/from the Axis device. This flaw can only be exploited after authenticating with an...

3.8CVSS5.9AI score0.00614EPSS
Exploits0References2
OSV
OSV
added 2026/06/23 2:37 p.m.4 views

BIT-APISIX-2026-44087 Apache APISIX: Openid-connect plugin Identity Header Spoofing

Insufficient Verification of Data Authenticity vulnerability in Apache APISIX. The openid-connect plugin under default configuration has an attack surface that allows the attacker to spoof identity headers allowing the attacker to get unauthorized access the protected resources. This issue affect...

9.1CVSS5.8AI score0.00213EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.7 views

Carrier Corporation i-VU Cross-site Scripting (CVE-2024-5540)

CWE-79 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products in versions older than 8.0. Untrusted data is included in web pages without proper validation, allowing...

6.9CVSS5.9AI score0.00272EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 1:47 p.m.5 views

Security Bulletin: Vulnerability in Apache Tomcat affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Apache Tomcat has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

9.1CVSS6.8AI score0.00498EPSS
Exploits0Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/06/21 5:45 a.m.7 views

CVE-2026-12781

A vulnerability was identified in EaseUS Partition Master up to 14.5. The affected element is an unknown function in the library epmntdrv.sys of the component Kernel Driver. The manipulation leads to improper access controls. The attack needs to be performed locally. The exploit is publicly...

8.5CVSS6.5AI score0.00112EPSS
Exploits0References6Affected Software1
Snyk
Snyk
added 2026/06/18 2:25 p.m.5 views

Arbitrary Command Injection

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Arbitrary Command Injection via unsanitized input in the searchemails, replyemail, and archiveemail functions. An attacker can execute...

8.6CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/17 6:21 p.m.7 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in the HTTP/1.1 client when an attacker-controlled upstream server injects an unsolicited response onto an idle keep-alive...

6.3CVSS5.9AI score0.00228EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/16 11:2 p.m.12 views

n8n: Credential Exfiltration via Permission Bypass

Impact A member-level user with editor access to a shared workflow could reference credentials they do not own via specific public API endpoints. Credential ownership checks were only enforced partially leading to cross-user credential access. This issue affects instances where workflow sharing i...

9.6CVSS5.9AI score0.00315EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/16 10:40 p.m.7 views

GHSA-H3JJ-5F3V-3685 n8n: Public API Execution Retry Authorization Bypass

Impact The Public API endpoint for retrying executions authorized access using workflow:read rather than workflow:execute. An authenticated user with read-only access to a shared workflow could use the Public API to retry executions of that workflow, bypassing the intended permission boundary...

6.4CVSS5.5AI score0.00174EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/16 2:13 p.m.5 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling'), URL Redirection to Untrusted Site ('Open Redirect'), and 3 more (CVE-2026-24880, CVE-2026-25854, and 3 more)

Summary There are vulnerabilities in tomcat-embed-core-10.1.52.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-24880, CVE-2026-25854, CVE-2026-29145, CVE-2026-29146, CVE-2026-32990. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-24880 DESCRIPTIO...

9.1CVSS5.8AI score0.0504EPSS
Exploits3Affected Software1
EUVD
EUVD
added 2026/06/15 12:31 a.m.12 views

EUVD-2026-36672

A vulnerability was identified in VS Revo RevoUninstaller 2.5.x/2.6.x. The affected element is the function IOCtlHandler in the library RevoDetector.sys of the component IOCTL Handler. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is...

8.5CVSS7.4AI score0.00142EPSS
Exploits0References11
GithubExploit
GithubExploit
added 2026/06/14 3:17 p.m.103 views

Exploit for Improper Handling of Length Parameter Inconsistency in Mongodb

CVE-2025-14847-mongobleed CVE-2025-14847 mongobleed python fil...

8.7CVSS6AI score0.83007EPSS
Exploits39
CVE
CVE
added 2026/06/12 9:2 a.m.48 views

CVE-2026-50633

The CVE-2026-50633 issue is a JNDI Injection vulnerability in Apache CXF’s JCA integration module (DispatchMDBMessageListenerImpl). The vulnerability allows code execution when an attacker can manipulate the JCA deployment descriptor (ra.xml) or runtime activation parameters. Affected software is...

8.1CVSS5.4AI score0.0083EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/06/12 8:56 a.m.1 views

CVE-2026-50628 Apache CXF: OAuth2: Inverted IP Binding Check Defeats Security Control

A logic error in OAuthRequestFilter rejects legitimate requests originating from the bound IP address, while blindly allowing requests from any other IP address. Enabling this security feature inadvertently creates an inverse security check. Users are recommended to upgrade to versions 4.2.2 or...

9.8CVSS5.9AI score0.00668EPSS
Exploits0References9
Rows per page
Query Builder