Lucene search
K

15299 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 7 hours ago6 views

Malicious code in flick-test-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67f05e70375ac31032fb4fc3abf302d1c1122bf01504f810aa74d9fe59066d36 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday7 views

Malicious code in @jplopezy/connectivity-test-do-not-install (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94a8451d9e6d0f50b066cc79da664b4ec909dc1fb835c39f938b5a58dd9f8ad5 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
Nuclei
Nuclei
added yesterday16 views

BrightSign Digital Signage 8.2.26 - Server-Side Request Forgery

Unauthenticated Server-Side Request Forgery SSRF vulnerability exists in the BrightSign digital signage media player affecting the Diagnostic Web Server DWS. The application parses user supplied data in the 'url' GET parameter to construct a diagnostics request to the Download Speed Test service...

6.9CVSS6.1AI score0.0083EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday15 views

LiteLLM - Command Injection

A critical unauthenticated remote code execution vulnerability exists in LiteLLM due to improper input handling in the MCP stdio test endpoint. An attacker can send a specially crafted request to the /mcp-rest/test/connection endpoint with controlled parameters, resulting in arbitrary command...

8.8CVSS7.2AI score0.80188EPSS
Exploits4References4
NVD
NVD
added 2 days ago8 views

CVE-2026-15501

A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.25.2. Affected by this issue is the function ToolsRoute.testmcpconnection of the file astrbot/dashboard/routes/tools.py of the component MCP Test Endpoint. The manipulation of the argument mcpserverconfig.url leads to...

6.5CVSS0.00206EPSS
Exploits0References5
EUVD
EUVD
added 2 days ago8 views

EUVD-2026-43237

A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.25.2. Affected by this issue is the function ToolsRoute.testmcpconnection of the file astrbot/dashboard/routes/tools.py of the component MCP Test Endpoint. The manipulation of the argument mcpserverconfig.url leads to...

6.5CVSS6.2AI score0.00206EPSS
Exploits0References5
CVE
CVE
added 2 days ago16 views

CVE-2026-15501

CVE-2026-15501 affects AstrBot (up to version 4.25.2). The vulnerability is in the function ToolsRoute.test_mcp_connection (astrbot/dashboard/routes/tools.py, MCP Test Endpoint), where manipulating mcp_server_config.url leads to server-side request forgery (SSRF). The attack is remotely exploitab...

6.5CVSS6.2AI score0.00206EPSS
Exploits0References5
NVD
NVD
added 2 days ago7 views

CVE-2026-56252

Capgo before 12.128.2 contains a scope isolation vulnerability in the POST /webhooks/test endpoint that allows app-scoped API keys to invoke org-scoped webhook operations. Attackers with app-scoped credentials can trigger signed outbound webhook deliveries for arbitrary organization webhooks...

5.4CVSS0.00169EPSS
Exploits0References2
CVE
CVE
added 2 days ago18 views

CVE-2026-56252

Capgo before 12.128.2 is affected by a scope isolation vulnerability in the POST /webhooks/test endpoint. The issue allows app-scoped API keys to invoke organization-scoped webhook operations, enabling attackers with app-scoped credentials to trigger signed outbound webhook deliveries for arbitra...

5.4CVSS6.2AI score0.00169EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-56252 Capgo - Scope Isolation Failure in Webhook Test Endpoint

Capgo before 12.128.2 contains a scope isolation vulnerability in the POST /webhooks/test endpoint that allows app-scoped API keys to invoke org-scoped webhook operations. Attackers with app-scoped credentials can trigger signed outbound webhook deliveries for arbitrary organization webhooks...

5.4CVSS0.00169EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-43225

Capgo before 12.128.2 contains a scope isolation vulnerability in the POST /webhooks/test endpoint that allows app-scoped API keys to invoke org-scoped webhook operations. Attackers with app-scoped credentials can trigger signed outbound webhook deliveries for arbitrary organization webhooks...

5.4CVSS6.2AI score0.00169EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago35 views

CVE-2026-15481 Trendnet TEW-635BRM IPoA WAN Connection Setup rc ipoa_test command injection

A security flaw has been discovered in Trendnet TEW-635BRM up to 1.00.03. This vulnerability affects the function ipoatest of the file /sbin/rc of the component IPoA WAN Connection Setup. Performing a manipulation of the argument ipoaipaddr results in command injection. The attack is possible to ...

9CVSS0.01514EPSS
Exploits0References5
CVE
CVE
added 2 days ago13 views

CVE-2026-15481

The CVE-2026-15481 affects Trendnet TEW-635BRM firmware up to 1.00.03, specifically the IPoA WAN Connection Setup component’s /sbin/rc function ipoa_test. A manipulation of the ipoa_ipaddr argument enables remote command injection, with network access as the attack vector and no user interaction ...

9CVSS6.7AI score0.01514EPSS
Exploits0References5
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-43203

A security flaw has been discovered in Trendnet TEW-635BRM up to 1.00.03. This vulnerability affects the function ipoatest of the file /sbin/rc of the component IPoA WAN Connection Setup. Performing a manipulation of the argument ipoaipaddr results in command injection. The attack is possible to ...

9CVSS5.9AI score0.01514EPSS
Exploits0References5
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-55783 NanaZip: NULL pointer dereference in Extract() of all seven NanaZip custom archive handlers when extracting/testing the whole archive

NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's seven in-house IInArchive handlers in NanaZip.Codecs unconditionally dereference the caller-supplied Indices array inside Extract when the archive engine signals extract everything by passin...

2.4CVSS0.00112EPSS
Exploits0References3
Fedora
Fedora
added 4 days ago11 views

[SECURITY] Fedora 44 Update: kind-0.31.0-4.fc44

Kubernetes IN Docker - local clusters for testing Kubernetes...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 5 days ago5 views

CVE-2026-59819

A flaw was found in LiteLLM, a proxy server for Large Language Model LLM APIs. A privileged caller, such as a proxy administrator, with permissions to test model connections, could exploit the /health/testconnection endpoint. By supplying specific environment or OIDC OpenID Connect file reference...

4.9CVSS6AI score0.00278EPSS
Exploits0References6
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-58191 Appium: Reflected XSS / arbitrary JS in @appium/base-driver /test/guinea-pig* routes

Appium is a cross-platform automation framework for all kinds of apps, built on top of the W3C WebDriver protocol. Prior to 10.7.0, Appium's base-driver unconditionally mounts the /test/guinea-pig, /test/guinea-pig-scrollable, and /test/guinea-pig-app-banner routes, and compileLodashTemplate...

6.5CVSS0.00285EPSS
Exploits0References1
CVE
CVE
added 6 days ago9 views

CVE-2026-59819

LiteLLM (proxy for LLM APIs) prior to 1.83.10-stable has a local file read risk via the /health/test_connection endpoint. A privileged caller (e.g., proxy administrator) could supply environment/oidc/file references in litellm_params to read arbitrary local files, exposing sensitive contents. The...

4.9CVSS5.9AI score0.00278EPSS
Exploits0References3Affected Software1
NVD
NVD
added 6 days ago9 views

CVE-2026-56776

n8n before 1.123.55, 2.25.7, and 2.26.2 contains an authorization bypass in the POST /workflows/workflowId/test-runs/new endpoint, which authorizes access using the workflow:read scope instead of workflow:execute. An authenticated user with read-only access to a workflow can trigger a real...

7.4CVSS0.00161EPSS
Exploits0References2
Rows per page
Query Builder