Lucene search
K

27624 matches found

Nuclei
Nuclei
added yesterday24 views

Lightdash v0.1024.6 - Server-Side Request Forgery

Server-Side Request Forgery “SSRF” in the export dashboard functionality of Lightdash version 0.1024.6 allows remote authenticated threat actors to obtain the session cookie of any user who exports a crafted dashboard. When they are exported, dashboards containing HTML elements can trigger HTTP...

7.3CVSS6.1AI score0.01786EPSS
Exploits0References2
NVD
NVD
added 3 days ago6 views

CVE-2026-61439

PraisonAI versions before 4.6.78 contain a prompt injection defense misconfiguration where the block threshold defaults to CRITICAL severity, allowing HIGH-level threats to pass through unblocked. Attackers can submit single-vector prompt injection attacks such as instruction overrides or financi...

8.7CVSS0.0026EPSS
Exploits0References2
The Hacker News
The Hacker News
added 4 days ago6 views

URGENT - Progress Tells ShareFile Customers to Shut Down Storage Zone Controllers Over Security Threat

Progress Software has told ShareFile customers to shut down the Windows servers running their Storage Zone Controllers, confirming to The Hacker News that it is responding to a "credible external security threat." The company has temporarily disabled access to the affected accounts, a step it say...

9.8CVSS7AI score0.95076EPSS
Exploits2
NVD
NVD
added 4 days ago6 views

CVE-2026-60086

PraisonAI before 4.6.78 contains a prompt injection defense bypass vulnerability where the injection defense only blocks threats classified as CRITICAL, requiring three or more detector families to match simultaneously. Attackers can craft single or double-vector prompt injections that are...

6.9CVSS0.0022EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago29 views

CVE-2026-60086 PraisonAI before 4.6.78 Prompt Injection Defense Bypass

PraisonAI before 4.6.78 contains a prompt injection defense bypass vulnerability where the injection defense only blocks threats classified as CRITICAL, requiring three or more detector families to match simultaneously. Attackers can craft single or double-vector prompt injections that are...

6.9CVSS0.0022EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42894

PraisonAI before 4.6.78 contains a prompt injection defense bypass vulnerability where the injection defense only blocks threats classified as CRITICAL, requiring three or more detector families to match simultaneously. Attackers can craft single or double-vector prompt injections that are...

6.9CVSS6.1AI score0.0022EPSS
Exploits0References2
NVD
NVD
added 6 days ago8 views

CVE-2026-35210

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 7.260326.0, an authorization bypass vulnerability in OpenCTI allows any authenticated user with KNOWLEDGEKNUPDATE permission to bypass Confidence Level validation and Object Marking...

7.1CVSS0.00269EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-35210 OpenCTI: Authorization Bypass via `synchronized-upsert` HTTP Header Injection

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 7.260326.0, an authorization bypass vulnerability in OpenCTI allows any authenticated user with KNOWLEDGEKNUPDATE permission to bypass Confidence Level validation and Object Marking...

7.1CVSS0.00269EPSS
Exploits0References4
CVE
CVE
added 6 days ago12 views

CVE-2026-35210

Summary: OpenCTI prior to version 7.260326.0 contains an authorization bypass via the synchronized-upsert: true HTTP header, exploitable by any authenticated user with KNOWLEDGE_KNUPDATE permission. This allows bypassing Confidence Level validation and Object Marking restrictions, enabling attack...

7.1CVSS5.9AI score0.00269EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 6 days ago7 views

Cisco Adaptive Security Appliance Software, Firepower Threat Defense Software, IOS Software, and IOS XE Software IKEv2 DoS (cisco-sa-multiprod-ikev2-dos-gPctUqv2)

According to its self-reported version, Cisco IOS Software is affected by a vulnerability. - A vulnerability in the Internet Key Exchange version 2 IKEv2 protocol processing of Cisco Adaptive Security Appliance ASA Software, Cisco Firepower Threat Defense FTD Software, Cisco IOS Software, and Cis...

8.6CVSS6.9AI score0.0048EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 6 days ago7 views

Cisco Adaptive Security Appliance Software, Firepower Threat Defense Software, IOS Software, and IOS XE Software IKEv2 DoS (cisco-sa-multiprod-ikev2-dos-gPctUqv2)

According to its self-reported version, Cisco IOS XE Software is affected by a vulnerability. - A vulnerability in the Internet Key Exchange version 2 IKEv2 protocol processing of Cisco Adaptive Security Appliance ASA Software, Cisco Firepower Threat Defense FTD Software, Cisco IOS Software, and...

8.6CVSS6.9AI score0.0048EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 6 days ago11 views

PT-2026-56601

Name of the Vulnerable Software and Affected Versions OpenCTI versions prior to 7.260326.0 Description An authorization bypass allows authenticated users with KNOWLEDGE KNUPDATE permission to circumvent Confidence Level validation and Object Marking restrictions. This is achieved by injecting the...

7.1CVSS6.1AI score0.00269EPSS
Exploits0References8
The Hacker News
The Hacker News
added last week25 views

Rogue Agent Flaw Could Have Let Attackers Hijack Google Dialogflow CX Chatbots

A critical flaw in Google's Dialogflow CX could have let an attacker with edit rights on one Code Block-enabled agent compromise other Code Block-enabled agents in the same Google Cloud project. From there, they could read live conversations, steal the data users shared, and make the bots send...

6.7AI score
Exploits0
Cvelist
Cvelist
added last week31 views

CVE-2026-11610 389-ds-base: 389-ds-base: heap buffer overflow in sasl_io_recv() via padded sasl unbind

A heap buffer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. After a successful SASL bind with integrity protection SSF 0, an authenticated attacker can send a specially crafted oversized LDAP UNBIND packet that is copied into a 512-byte heap receive buffer...

8.8CVSS0.00627EPSS
Exploits0References19
Circl
Circl
added 2026/07/06 9:31 p.m.8 views

GHSA-5493-9M76-2QRR

creationtimestamp| type| source ---|---|--- 2026-07-06 21:31:47+00:00| seen| https://bsky.app/profile/malwareobserver.bsky.social/post/3mpz22a66p72b...

5.9AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/07/06 2:47 p.m.5 views

nodejs: Node.js: Silent authority rebinding due to embedded-nul hostnames in TLS handling

A flaw was found in Node.js. This vulnerability in the TLS Transport Layer Security hostname handling allows embedded null characters in hostnames. This can lead to silent authority rebinding, potentially enabling an attacker to redirect network traffic to an unintended server and disclose...

9.8CVSS6.4AI score0.00405EPSS
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/03 10:43 p.m.13 views

Malicious code in haproxy-config-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f86ffde45262c5d45a24458a85116ab5ca80451ce3d3159f9d7cad6599ad145 setup.py registers install, develop, and egginfo command hooks that run a routine which XOR-0x5A-decodes a list of attacker-controlled Cloudflare...

6.2AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/03 3:11 p.m.7 views

CVE-2026-14612

Two off-by-one errors in the FreeIPA ipa-otpd daemon's OAuth2 device authorization handler can cause out-of-bounds memory access when processing an oversized response from a configured external OAuth2/OIDC Identity Provider. An attacker who controls or can man-in-the-middle the IdP endpoint may b...

4.2CVSS6AI score0.00142EPSS
Exploits0References3
Krebs on Security
Krebs on Security
added 2026/07/02 7:27 p.m.14 views

FBI Seizes NetNut Proxy Platform, Popa Botnet

The Federal Bureau of Investigation FBI said today it worked with industry partners to seize hundreds of domains associated with NetNut , a sprawling residential proxy service operated by the publicly-traded Israeli company Alarum TechnologiesNASDAQ: ALAR. The action comes roughly two weeks after...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/07/02 6:54 p.m.13 views

Google Disrupts NetNut Residential Proxy Network Spanning 2 Million Home Devices

Google has significantly degraded NetNut , one of the biggest networks that turns home devices into rented relays for other people's traffic. Working with the FBI, Lumen, and others, Google's Threat Intelligence Group GTIG said this week it had reduced the network's pool of usable devices by...

6AI score
Exploits0
Rows per page
Query Builder