Lucene search
K

1121 matches found

Nuclei
Nuclei
added 2 days ago39 views

Langflow < 1.9.0 - Remote Code Execution

Langflow versions prior to 1.9.0 are vulnerable to unauthenticated remote code execution RCE via the buildpublictmp endpoint. Attackers can submit a manipulated flow JSON containing Python code that is executed during the build process without proper sandboxing. id: CVE-2026-33017 info: name:...

9.8CVSS7.5AI score0.98191EPSS
Exploits20References3
CVE
CVE
added 3 days ago8 views

CVE-2026-59796

CVE-2026-59796 affects JetBrains TeamCity prior to 2026.1.2. The issue arises from improper permission checks that could allow pipeline modification. Documented impact is pipeline modification with high impact on confidentiality and integrity (per CVSS 3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). N...

8.1CVSS6.1AI score0.00248EPSS
Exploits0References1
Wolfi
Wolfi
added 4 days ago5 views

GHSA-FF52-PH69-CF7X vulnerabilities

Vulnerabilities for packages: local-static-provisioner, skaffold, minio-object-browser, doppler-kubernetes-operator, stakater-reloader, aws-flb-firehose, kserve, mcp-grafana, nri-consul, git-lfs, kubernetes-csi-external-resizer, mods, kubewatch, azuredisk-csi, caddy, grype, syft,...

6.1AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:19 p.m.6 views

CVE-2026-26307

Gitea versions before 1.25.5 do not enforce a timeout on git grep searches, allowing expensive searches to consume server resources...

6AI score0.00466EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.4 views

Mozilla Thunderbird < 140.12.1

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 140.12.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-64 advisory. - An attacker who can send HTML chat messages via Matrix or XMPP can inject arbitrary styled content,...

6.5CVSS6.2AI score0.00203EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/23 12:12 p.m.31 views

CVE-2025-71341 picklescan - Remote Code Execution via Undetected profile.Profile.runctx

picklescan before 0.0.29 fails to detect the profile.Profile.runctx function when analyzing pickle files, allowing attackers to embed undetected malicious code. Remote attackers can craft malicious pickle files using profile.Profile.runctx in the reduce method to achieve remote code execution whe...

8.1CVSS0.00466EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-49460

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes...

5.1CVSS5.8AI score0.00117EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.5 views

Vertiv Liebert SiteScan Cross-site Scripting (CVE-2024-5540)

CWE-79 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products in versions older than 8.0. Untrusted data is included in web pages without proper validation, allowing...

6.9CVSS5.9AI score0.00272EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.10 views

Automated Logic WebCTRL Cross-site Scripting (CVE-2024-5540)

CWE-79 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products in versions older than 8.0. Untrusted data is included in web pages without proper validation, allowing...

6.9CVSS5.9AI score0.00272EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 2:17 p.m.12 views

CVE-2026-39559

Unauthenticated Local File Inclusion in Uppercase 1.2.2 versions...

8.1CVSS0.00338EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.11 views

CVE-2026-27410

Unauthenticated Deserialization of untrusted data in Slimstat Analytics 5.4.0 versions...

6.5CVSS0.00252EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 8:55 a.m.18 views

CVE-2026-41280

CVE-2026-41280 affects Apache DolphinScheduler prior to 3.4.2. The issue is an Incorrect Authorization vulnerability where users with system login privileges can delete task definitions in unauthorized projects due to insufficient access controls. The documented impact is deletion of task definit...

4.9CVSS5AI score0.00437EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/16 8:57 p.m.15 views

CVE-2026-39446

The CVE-2026-39446 entry describes an unauthenticated PHP Object Injection in WordPress Kapee theme versions prior to 1.7.0. The root cause is a PHP object injection flaw in the Kapee theme’s code path, enabling an attacker with network access and no user interaction to trigger impact. Impact is ...

8.1CVSS5.3AI score0.00308EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 8:56 p.m.15 views

CVE-2025-69105

Technical details (affected versions beyond Modernee

8.1CVSS5.1AI score0.00435EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/16 2:8 p.m.6 views

NPM: hono: AWS Lambda adapter merges multiple `Set-Cookie` headers into one value, dropping cookies on ALB single-header and Lattice

NPM: hono: AWS Lambda adapter merges multiple Set-Cookie headers into one value, dropping cookies on ALB single-header and Lattice vulnerability discovered by ? in WordPress Npm hono versions 4.12.25...

5.3CVSS5.8AI score0.00186EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/15 10:27 p.m.30 views

CVE-2026-48723

BrowserStack Cypress CLI prior to 1.36.4 is vulnerable to OS command injection via the cypress_config_file parameter in readCypressConfigUtil.js (loadJsFile()), which builds a shell command by interpolating cypress_config_filepath into a template literal and runs it with child_process.execSync()....

7.8CVSS5.5AI score0.00533EPSS
Exploits0References2
CBLMariner
CBLMariner
added 2026/06/13 6:21 p.m.10 views

CVE-2026-42013 affecting package gnutls for versions less than 3.8.13-1

CVE-2026-42013 affecting package gnutls for versions less than 3.8.13-1. An upgraded version of the package is available that resolves this issue...

8.2CVSS5.2AI score0.00423EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/06/13 6:21 p.m.8 views

CVE-2026-11822 affecting package sqlite for versions less than 3.44.0-4

CVE-2026-11822 affecting package sqlite for versions less than 3.44.0-4. A patched version of the package is available...

8.5CVSS5.2AI score0.00175EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/06/13 6:21 p.m.8 views

CVE-2026-10879 affecting package perl-DBI for versions less than 1.643-4

CVE-2026-10879 affecting package perl-DBI for versions less than 1.643-4. A patched version of the package is available...

9.8CVSS5.2AI score0.00413EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/06/13 6:21 p.m.8 views

CVE-2026-5222 affecting package rust for versions less than 1.75.0-30

CVE-2026-5222 affecting package rust for versions less than 1.75.0-30. A patched version of the package is available...

6.5CVSS5.2AI score0.00328EPSS
Exploits0
Rows per page
Query Builder