Lucene search
K

2685 matches found

RedhatCVE
RedhatCVE
added 2026/04/10 7:12 a.m.6 views

CVE-2026-34500

A flaw was found in Apache Tomcat where OCSP-based certificate validation may incorrectly soft-fail during CLIENTCERT authentication, even when soft-fail is disabled, under certain FFM-related execution paths. This can result in client certificates being accepted despite failed or unverifiable...

6.5CVSS5.7AI score0.00469EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/04/09 3:4 p.m.91 views

cybersentinel-agent

CyberSentinel Agent Defensive cybersecurity agent framework w...

6.1AI score
Exploits0
GithubExploit
GithubExploit
added 2026/04/07 7:26 p.m.106 views

penetration-testing-engagement

Internal Network Penetration Test Overview Conducted a ful...

6AI score
Exploits0
EUVD
EUVD
added 2026/04/06 5:20 p.m.8 views

EUVD-2026-19390

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, Tandoor Recipes allows authenticated users to inject arbitrary tags into recipe step instructions. The bleach.clean sanitizer explicitly whitelists the tag, causing the backend to...

5.4CVSS6.1AI score0.00173EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.12 views

Budibase 操作系统命令注入漏洞

Budibase is an open-source low-code platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.33.4 contained a vulnerability related to operating system command injection. This...

8.8CVSS6AI score0.00466EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/04/02 4:7 p.m.132 views

Exploit for CVE-2026-28767

CERT/CC VU653116 | CISA Advisory ICSA-26-055-03https:/...

5.9AI score0.00486EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.7 views

PT-2026-29915

Summary Rack::Static determines whether a request should be served as a static file using a simple string prefix check. When configured with URL prefixes such as "/css", it matches any request path that begins with that string, including unrelated paths such as "/css-config.env" or...

7.5CVSS5.9AI score0.00387EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/01 5:3 p.m.3 views

CVE-2026-34200

Nhost is an open source Firebase alternative with GraphQL. Prior to version 1.41.0, The Nhost CLI MCP server, when explicitly configured to listen on a network port, applies no inbound authentication and does not enforce strict CORS. This allows a malicious website visited on the same machine to...

7.7CVSS5.7AI score0.00361EPSS
Exploits1References1
NVD
NVD
added 2026/03/31 3:16 p.m.2 views

CVE-2026-34200

Nhost is an open source Firebase alternative with GraphQL. Prior to version 1.41.0, The Nhost CLI MCP server, when explicitly configured to listen on a network port, applies no inbound authentication and does not enforce strict CORS. This allows a malicious website visited on the same machine to...

7.7CVSS0.00361EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/31 1:57 p.m.2 views

CVE-2026-34200

Nhost is an open source Firebase alternative with GraphQL. Prior to version 1.41.0, The Nhost CLI MCP server, when explicitly configured to listen on a network port, applies no inbound authentication and does not enforce strict CORS. This allows a malicious website visited on the same machine to...

7.7CVSS5.7AI score0.00361EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/03/31 1:57 p.m.13 views

CVE-2026-34200

CVE-2026-34200 affects the Nhost CLI MCP server prior to v1.41.0. When explicitly configured to listen on a network port, the MCP server applies no inbound authentication and does not enforce strict CORS, allowing a malicious website on the same machine to issue cross-origin requests and use loca...

7.7CVSS5.7AI score0.00361EPSS
Exploits1References3Affected Software1
GithubExploit
GithubExploit
added 2026/03/31 9:27 a.m.118 views

poc-studio-public

Nuclei Offline GUI This is a pure offline desktop prototype,...

5.9AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/03/28 12:26 a.m.4 views

SUSE CVE-2026-32937

free5GC is an open source 5G core network. free5GC CHF prior to version 1.2.2 has an out-of-bounds slice access vulnerability in the CHF nchf-convergedcharging service. A valid authenticated request to PUT /nchf-convergedcharging/v3/recharging/:ueId?ratingGroup=... can trigger a server-side panic...

7.1CVSS5.8AI score0.00404EPSS
Exploits0References3
OSV
OSV
added 2026/03/26 6:29 p.m.2 views

GHSA-F886-M6HF-6M8V brace-expansion: Zero-step sequence causes process hang and memory exhaustion

Impact A brace pattern with a zero step value e.g., 1..2..0 causes the sequence generation loop to run indefinitely, making the process hang for seconds and allocate heaps of memory. The loop in question:...

6.5CVSS5.9AI score0.0043EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2026/03/26 3:10 p.m.4 views

CVE-2026-32828

Kargo manages and automates the promotion of software artifacts. In versions 1.4.0 through 1.6.3, 1.7.0-rc.1 through 1.7.8, 1.8.0-rc.1 through 1.8.11, and 1.9.0-rc.1 through 1.9.4, the http and http-download promotion steps allow Server-Side Request Forgery SSRF against link-local addresses, most...

5.1CVSS5.8AI score0.00328EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.6 views

CVE-2026-33475

Langflow is a tool for building and deploying AI-powered agents and workflows. An unauthenticated remote shell injection vulnerability exists in multiple GitHub Actions workflows in the Langflow repository prior to version 1.9.0. Unsanitized interpolation of GitHub context variables e.g., $...

9.1CVSS6.3AI score0.02956EPSS
Exploits1References1
OSV
OSV
added 2026/03/25 10:27 a.m.5 views

CVE-2026-23352 x86/efi: defer freeing of boot services memory

In the Linux kernel, the following vulnerability has been resolved: x86/efi: defer freeing of boot services memory efifreebootservices frees memory occupied by EFIBOOTSERVICESCODE and EFIBOOTSERVICESDATA using memblockfreelate. There are two issue with that: memblockfreelate should be used for...

5.5CVSS5.6AI score0.00125EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2026/03/25 12:24 a.m.4 views

SUSE CVE-2026-32828

Kargo manages and automates the promotion of software artifacts. In versions 1.4.0 through 1.6.3, 1.7.0-rc.1 through 1.7.8, 1.8.0-rc.1 through 1.8.11, and 1.9.0-rc.1 through 1.9.4, the http and http-download promotion steps allow Server-Side Request Forgery SSRF against link-local addresses, most...

5.1CVSS5.8AI score0.00328EPSS
Exploits0References4
Trend Micro Simply Security
Trend Micro Simply Security
added 2026/03/25 12:0 a.m.7 views

Your AI Stack Just Handed Over Your Root Keys: Inside the litellm PyPI Breach

Litellm PyPI breach explained: malicious versions steal cloud credentials, SSH keys, and Kubernetes secrets. Learn impact and urgent mitigation steps...

5.9AI score
Exploits0
Snyk
Snyk
added 2026/03/24 2:34 p.m.2 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Amendment This was deemed not a vulnerability. Overview langflow is an A Python package with a built-in web application Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via unsanitized interpolatio...

9.3CVSS6AI score0.02956EPSS
Exploits1References2
Rows per page
Query Builder