Lucene search
+L

12708 matches found

CVE
CVE
added 3 hours ago28 views

CVE-2026-8859

Langflow OSS (versions 1.0.0–1.10.0) contains a path traversal vulnerability in the APIRequest component when the Save to File feature is enabled. Filenames parsed from HTTP Content-Disposition headers are not sanitized, allowing an attacker-controlled server to craft paths (e.g., ../) and writ...

9.9CVSS5.5AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 18 hours ago4 views

CVE-2026-14503

The pCloud WP Backup plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.3 via the wp2pclajaxprocessrequestinner. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract force generation of a...

6.5CVSS6.1AI score
Exploits0References8
Cvelist
Cvelist
added 22 hours ago4 views

CVE-2026-36669

An unauthenticated arbitrary file upload vulnerability in ckuploadhandler.php in Feng Office 3.11.13.11 allows remote attackers to upload malicious files such as .html to the web-accessible /tmp/ directory...

Exploits0References2
Cvelist
Cvelist
added yesterday33 views

CVE-2026-55629 Whistle: Path traversal

Whistle is an HTTP, HTTP2, HTTPS, and WebSocket debugging proxy. Prior to 2.10.3, lib/service/service.js handles GET /cgi-bin/temp/get by reading req.query.filename, joining it to TEMPFILESPATH only when it matches the temporary file pattern, and otherwise passing the user-supplied filename...

8.7CVSS
Exploits0References3
NVD
NVD
added 2 days ago5 views

CVE-2026-45534

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase Redshift datasource connections can load attacker-controlled rsjdbc.ini configuration from System.getProperty"java.io.tmpdir", setting...

9CVSS0.00396EPSS
Exploits0References3
Cvelist
Cvelist
added 2 days ago35 views

CVE-2026-45534 DataEase: RCE Vulnerability

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase Redshift datasource connections can load attacker-controlled rsjdbc.ini configuration from System.getProperty"java.io.tmpdir", setting...

9CVSS0.00396EPSS
Exploits0References3
OSV
OSV
added 2 days ago4 views

CVE-2026-62294 Flameshot: OCTOU symlink attack via predictable /tmp path in Flameshot "Open With"

Flameshot is powerful yet simple to use screenshot software. Prior to 14.0.0, the Open With feature wrote screenshots to a predictable temporary path and followed symlinks, creating a time-of-check to time-of-use race that allowed a local unprivileged attacker on the same machine to pre-plant a...

5.1CVSS6.1AI score0.00101EPSS
Exploits0References6
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-62294 Flameshot: OCTOU symlink attack via predictable /tmp path in Flameshot "Open With"

Flameshot is powerful yet simple to use screenshot software. Prior to 14.0.0, the Open With feature wrote screenshots to a predictable temporary path and followed symlinks, creating a time-of-check to time-of-use race that allowed a local unprivileged attacker on the same machine to pre-plant a...

5.1CVSS0.00101EPSS
Exploits0References4
CVE
CVE
added 2 days ago8 views

CVE-2026-62294

Flameshot prior to 14.0.0 is affected by a local TOCTOU race in the Open With feature. The software wrote screenshots to a predictable temporary path and followed symlinks, enabling a local unprivileged user on the same machine to pre-plant a symlink and cause Flameshot to write PNG data through ...

5.1CVSS6.1AI score0.00101EPSS
Exploits0References4
OSV
OSV
added 2 days ago3 views

DEBIAN-CVE-2026-61863

ImageMagick before 7.1.2-26 and 6.x before 6.9.13-51 contains a memory leak in the TIFF encoder that occurs when a temporary file cannot be created, resulting in a small memory leak...

7.5CVSS6.1AI score0.00102EPSS
Exploits0References1
NVD
NVD
added 2 days ago7 views

CVE-2026-61863

ImageMagick before 7.1.2-26 and 6.x before 6.9.13-51 contains a memory leak in the TIFF encoder that occurs when a temporary file cannot be created, resulting in a small memory leak...

7.5CVSS0.00102EPSS
Exploits0References2
OSV
OSV
added 2 days ago4 views

CVE-2026-61863 ImageMagick before 7.1.2-26 Memory Leak in TIFF Encoder

ImageMagick before 7.1.2-26 and 6.x before 6.9.13-51 contains a memory leak in the TIFF encoder that occurs when a temporary file cannot be created, resulting in a small memory leak...

2.1CVSS6.1AI score0.00102EPSS
Exploits0References4
CVE
CVE
added 2 days ago12 views

CVE-2026-61863

ImageMagick before 7.1.2-26 (and 6.x before 6.9.13-51) has a memory leak in the TIFF encoder that occurs when a temporary file cannot be created, potentially affecting availability by gradual memory growth. Red Hat’s advisory confirms the issue and recommends upgrading to ImageMagick 7.1.2-26 or ...

7.5CVSS6.1AI score0.00102EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2 days ago35 views

CVE-2026-61863 ImageMagick before 7.1.2-26 Memory Leak in TIFF Encoder

ImageMagick before 7.1.2-26 and 6.x before 6.9.13-51 contains a memory leak in the TIFF encoder that occurs when a temporary file cannot be created, resulting in a small memory leak...

2.9CVSS0.00102EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-44612

ImageMagick before 7.1.2-26 and 6.x before 6.9.13-51 contains a memory leak in the TIFF encoder that occurs when a temporary file cannot be created, resulting in a small memory leak...

2.9CVSS6.1AI score0.00102EPSS
Exploits0References2
CVE
CVE
added 3 days ago7 views

CVE-2026-15643

CVE-2026-15643 concerns AWS HealthLake MCP Server (awslabs.healthlake-mcp-server) prior to 0.0.14. A server-side request forgery in the pagination handling component can be exploited by a remote authenticated user to exfiltrate AWS temporary security credentials to an attacker-controlled endpoint...

9.2CVSS6.2AI score0.0022EPSS
Exploits0References2
OSV
OSV
added 3 days ago5 views

MAL-2026-10540 Malicious code in postcss-processor-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0253c4f750443ba47f0ab61347fa85a1659b847190a85757575e904966636da On require, src/index.js loads src/token-loader.js, which reads data/design-tokens.json, XOR-decodes the base64 blobs under encrypted.chunks using a...

6.1AI score
Exploits0References5
OSV
OSV
added 4 days ago4 views

MGASA-2026-0245 Updated gzip package fixes security vulnerabilities

The updated package fixes security vulnerabilities: Predictable Temporary File in GNU gzip. CVE-2026-41991 Global Buffer Overflow in GNU gzip. CVE-2026-41992...

7.5CVSS6.1AI score0.00294EPSS
Exploits0References3
NCSC
NCSC
added 4 days ago6 views

Vulnerabilities in Palo Alto Networks PAN-OS

Palo Alto Networks has identified several vulnerabilities in the PAN-OS software, particularly in PA-Series and VM-Series firewalls, as well as the Panorama management platform. These vulnerabilities affect various components of PAN-OS. - There are several XSS vulnerabilities in the User-ID...

9.9CVSS7.1AI score0.014EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/07/10 8:44 p.m.33 views

CVE-2026-55881 OpenReplay: Cross-tenant session replay disclosure via missing session ownership check in first-mob endpoint

OpenReplay is a self-hosted session replay suite. From 1.22.0 before 1.27.0, getFirstMob returned 15-second presigned S3 download URLs for a session's DOM-replay recording based solely on the session path parameter, while validateProjectAccess checked only that the project belonged to the...

7.1CVSS0.00246EPSS
Exploits0References4
Rows per page
Query Builder