Lucene search
K

4984 matches found

NVD
NVD
added 12 hours ago4 views

CVE-2026-49876

Authenticated SSRF in Gravitino JobManager allows server-side HTTP requests to internal network and cloud metadata endpoints via unvalidated job template URIs. A vulnerability in Apache Gravitino. This issue affects Apache Gravitino: from 1.0.0 through 1.2.1. Users are recommended to upgrade to...

6.5CVSS
Exploits0References2
Nuclei
Nuclei
added 18 hours ago193 views

Mongo-Express - Remote Code Execution

Mongo-Express before 1.0.0 is susceptible to remote code execution because it uses safer-eval to validate user supplied javascript. Unfortunately safer-eval sandboxing capabilities are easily bypassed leading to remote code execution in the context of the node server. id: CVE-2020-24391 info: nam...

9.8CVSS7.4AI score0.74519EPSS
Exploits0References5
Nuclei
Nuclei
added 18 hours ago13 views

XWiki Platform - Cross-Site Scripting

XWiki Platform versions = 4.2-milestone-3 and = 16.5.0-rc-1 and = 17.0.0-rc-1 and = 4.2-milestone-3 and = 16.5.0-rc-1 and = 17.0.0-rc-1 and 17.3.0-rc-1 are vulnerable to reflected XSS in two templates. The vulnerability allows an attacker to execute malicious JavaScript code in the context of the...

6.5CVSS7.2AI score0.00634EPSS
Exploits1References3
Nuclei
Nuclei
added 18 hours ago41 views

Sensei LMS < 4.24.2 - Email Template Leak

The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates. id: CVE-2024-7786 info: name: Sensei LMS 4.24.2 - Email Template Leak author: s4e-io severity: high description: | The Sensei LMS WordPress...

7.5CVSS6.1AI score0.01635EPSS
Exploits1References3
Nuclei
Nuclei
added 18 hours ago15 views

Premium Addons for Elementor - Unauthenticated Information Disclosure

Premium Addons for Elementor plugin for WordPress version 4.11.53 and below contains an unauthenticated information disclosure vulnerability.The vulnerability exists due to a missing authorization check in the gettemplatecontent AJAX handler, allowing unauthenticated attackers to retrieve private...

5.3CVSS6.1AI score0.00715EPSS
Exploits0References4
CVE
CVE
added 2 days ago11 views

CVE-2026-60088

CVE-2026-60088 affects PraisonAI prior to 4.6.78. The issue is a path traversal flaw in custom command templates, where file paths are not validated, allowing an attacker to read files outside the workspace (e.g., @../outside_secret.txt or absolute paths) and exfiltrate process-readable files int...

6.8CVSS6.1AI score0.00147EPSS
Exploits0References3
Cvelist
Cvelist
added 2 days ago37 views

CVE-2026-60088 PraisonAI before 4.6.78 Path Traversal via Custom Commands

PraisonAI before 4.6.78 fails to validate file path references in custom command templates, allowing attackers to read files outside the workspace. Attackers can include path traversal sequences like @../outsidesecret.txt or absolute paths in project command files to exfiltrate process-readable...

6.8CVSS0.00147EPSS
Exploits0References3
EUVD
EUVD
added 2 days ago8 views

EUVD-2026-43174

PraisonAI before 4.6.78 fails to validate file path references in custom command templates, allowing attackers to read files outside the workspace. Attackers can include path traversal sequences like @../outsidesecret.txt or absolute paths in project command files to exfiltrate process-readable...

6.8CVSS6.1AI score0.00147EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 3 days ago7 views

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: dotnet8.0: aspnetcore-runtime-8.0-8.0.28-1.1.hum1 aarch64, x8664 aspnetcore-runtime-dbg-8.0-8.0.28-1.1.hum1 aarch64, x8664 aspnetcore-targeting-pack-8.0-8.0.28-1.1.hum1 aarch64, x8664...

8.7CVSS6.1AI score0.00409EPSS
Exploits2References8
ATTACKERKB
ATTACKERKB
added 4 days ago7 views

CVE-2026-47828

During bosh create-env and bosh delete-env, the CLI uploads compiled CPI packages and rendered job templates to the new VM's DAV blobstore over HTTPS without verifying the server certificate, even though a CA certificate for that endpoint is available in the installation manifest. A network...

8.9CVSS7.1AI score0.00088EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42514

During bosh create-env and bosh delete-env, the CLI uploads compiled CPI packages and rendered job templates to the new VM's DAV blobstore over HTTPS without verifying the server certificate, even though a CA certificate for that endpoint is available in the installation manifest. A network...

8.9CVSS7.1AI score0.00088EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 5 days ago7 views

Important: Red Hat Security Advisory: Red Hat Developer Hub 1.10.2 release.

Red Hat Developer Hub 1.10.2 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

10CVSS7AI score0.01186EPSS
Exploits11References39
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-56663

Name of the Vulnerable Software and Affected Versions ECA: Event - Condition - Action versions 0.0.0 through 2.1.20 ECA: Event - Condition - Action versions 3.0.0 through 3.0.12 ECA: Event - Condition - Action versions 3.1.0 through 3.1.4 Description Improperly controlled modification of...

6.1AI score0.002EPSS
Exploits0References3
NVD
NVD
added 6 days ago8 views

CVE-2026-48950

Lack of escaping leads to an XSS vulnerability in the file management view of comtemplates...

8.4CVSS0.00147EPSS
Exploits0References1
CVE
CVE
added 6 days ago10 views

CVE-2026-48950

CVE-2026-48950 affects Joomla! Core via the file management view in com_templates. The root cause is lack of escaping, enabling an XSS vulnerability. Multiple sources (NVD, CVE lists, and Joomla security advisory) confirm an XSS in the core component with the vulnerable entry labeled for core/com...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 6 days ago6 views

CVE-2026-48950 Joomla! Core - [20260704] - XSS in com_templates

Lack of escaping leads to an XSS vulnerability in the file management view of comtemplates...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References1
OSV
OSV
added 6 days ago4 views

PYSEC-2026-1804 Azure PromptFlow remote code execution related to Jinja templates

Improper isolation or compartmentalization in Azure PromptFlow allows an unauthorized attacker to execute code over a network...

6.5CVSS7AI score0.00492EPSS
Exploits0References7
OSV
OSV
added 6 days ago4 views

PYSEC-2026-1471 Jinja2 vulnerable to sandbox breakout through attr filter selecting format method

An oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends o...

5.4CVSS7.3AI score0.00476EPSS
Exploits0References8
OSV
OSV
added 6 days ago4 views

PYSEC-2026-1475 Jinja has a sandbox breakout through indirect reference to format method

An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on th...

7.8CVSS7.1AI score0.005EPSS
Exploits0References8
OSV
OSV
added 6 days ago4 views

PYSEC-2026-1447 Insecure Jinja2 templates rendered in Haystack Components can lead to RCE

Impact Haystack clients that let their users create and run Pipelines from scratch are vulnerable to remote code executions. Certain Components in Haystack use Jinja2 templates, if anyone can create and render that template on the client machine they run any code. Patches The problem has been fix...

7.7CVSS6.1AI score0.01171EPSS
Exploits0References10
Rows per page
Query Builder