Lucene search
+L

4415 matches found

nuclei
nuclei
added 5 hours ago18 views

ASUSTOR ADM 3.1.0.RFQ3 - SQL Injection

ASUSTOR ADM version 3.1.0.RFQ3 is vulnerable to SQL injection via the albumid parameter in the /photo-gallery/api/album/treelists/ endpoint. An attacker can exploit this vulnerability to execute arbitrary SQL commands on the database, potentially leading to information disclosure or further...

9.8CVSS7.3AI score0.11176EPSS
Exploits7References2
nuclei
nuclei
added 5 hours ago45 views

Joomla! Percha Categories Tree 0.6 - Local File Inclusion

A directory traversal vulnerability in the Percha Fields Attach comperchafieldsattach component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-2033 info: name:...

7.5CVSS6.2AI score0.15795EPSS
Exploits1References3
nuclei
nuclei
added yesterday90 views

NocoBase - SQL Injection

NocoBase versions prior to 2.0.39 contain a SQL injection vulnerability in the @nocobase/database package. The queryParentSQL function in eager-loading-tree.ts constructs a recursive CTE query by directly concatenating user-controlled primary key values into the SQL WHERE IN clause without...

8.8CVSS6.2AI score0.01875EPSS
Exploits1References2
ossf
ossf
added 4 days ago9 views

Malicious code in babel-preset-lib-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4274de0136aa69f8b0f4eba03412c7809a1b8c2446bb3ed7f6de1333475aa4c4 index.js, the package main, runs a load-time IIFE that collects OS platform and architecture, hostname, username, private and public IP via...

6.1AI score
Exploits0References5
nvd
nvd
added 5 days ago7 views

CVE-2026-61447

PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent.executepython that executes LLM-generated Python code without AST validation, import restrictions, or sandbox enforcement. Attackers can influence LLM output through prompt injection to exfiltrate all environment...

10CVSS0.00544EPSS
Exploits0References2
ossf
ossf
added 6 days ago9 views

Malicious code in theta-sdk-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6967c021e95228b33b18be4489fea5d404720cbd21beb53dac8bf7ea4f4d54d1 [email protected] ships src/decrypt.js and src/providers/BaseProvider.js which together implement a hidden execution channel. On module load,...

6.2AI score
Exploits0References4
cve
cve
added 6 days ago8 views

CVE-2026-40009

CVE-2026-40009 describes an Authenticated user privilege escalation issue in Apache IoTDB (versions 2.0.8–before 2.0.10). The vulnerability arises from improper privilege management and access control, allowing an authenticated user to escalate to full tree-path access by renaming themselves to _...

6.5CVSS6.1AI score0.00209EPSS
Exploits0References2
attackerkb
attackerkb
added 6 days ago9 views

CVE-2026-40009

Improper Privilege Management, Improper Access Control vulnerability in Apache IoTDB. Authenticated users can escalate to full tree-path access by renaming themselves to internalauditor. This issue affects Apache IoTDB: from 2.0.8 before 2.0.10. Users are recommended to upgrade to version 2.0.10,...

6.5CVSS6.1AI score0.00209EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 6 days ago30 views

CVE-2026-40009 Apache IoTDB: Authenticated users can escalate to full tree-path access by renaming themselves to __internal_auditor

Improper Privilege Management, Improper Access Control vulnerability in Apache IoTDB. Authenticated users can escalate to full tree-path access by renaming themselves to internalauditor. This issue affects Apache IoTDB: from 2.0.8 before 2.0.10. Users are recommended to upgrade to version 2.0.10,...

0.00209EPSS
Exploits0References1
cve
cve
added 2026/07/08 7:36 a.m.13 views

CVE-2026-13129

CVE-2026-13129 affects Foxit PDF Editor/Reader (Annotation feature). The issue is a use-after-free in the handling of the PDF form field tree triggered by JavaScript during field traversal, which can leave the program with an invalid form object and lead to a crash, with potential remote code exe...

7.8CVSS6AI score0.00116EPSS
Exploits0References1Affected Software2
euvd
euvd
added 2026/07/08 7:36 a.m.9 views

EUVD-2026-42182

When the application opens a PDF file, JavaScript uses the damaged field tree to trigger field traversal, resulting in the program holding an invalid form object when accessing the field property path. Eventually, the application crashes due to reading an invalid pointer...

7.8CVSS6AI score0.00116EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/07/08 7:36 a.m.8 views

CVE-2026-13129

When the application opens a PDF file, JavaScript uses the damaged field tree to trigger field traversal, resulting in the program holding an invalid form object when accessing the field property path. Eventually, the application crashes due to reading an invalid pointer...

7.8CVSS6AI score0.00116EPSS
Exploits0References2Affected Software2
cvelist
cvelist
added 2026/07/08 7:36 a.m.38 views

CVE-2026-13129 Foxit PDF Editor/Reader Annotation Use-After-Free Remote Code Execution Vulnerability

When the application opens a PDF file, JavaScript uses the damaged field tree to trigger field traversal, resulting in the program holding an invalid form object when accessing the field property path. Eventually, the application crashes due to reading an invalid pointer...

7.8CVSS0.00116EPSS
Exploits0References1
osv
osv
added 2026/07/07 4:59 p.m.2 views

SUSE-SU-2026:22575-1 Security update for alloy

This update for alloy fixes the following issues: Update to version 1.17.0. Security issues fixed: - CVE-2026-25680: golang.org/x/net/html: parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service bsc1267185. - CVE-2026-25681: golang.org/x/net/html: parsing...

10CVSS6.8AI score0.00533EPSS
Exploits5References37
osv
osv
added 2026/07/06 3:27 p.m.7 views

BIT-PYTHON-2026-12003 CPython >3.11 Insecure Input Validation resulting in privilege escalation

To allow builds of Python to be run from an in-tree layout rather than an installed file layout, the VPATH variable is defined at build time and used to locate certain landmarks - specifically, Modules/setup.local. When this landmark is found relative to VPATH relative to the executable, Python...

5.3CVSS5.5AI score0.00136EPSS
Exploits0References9
osv
osv
added 2026/07/06 3:22 p.m.10 views

BIT-LIBPYTHON-2026-12003 CPython >3.11 Insecure Input Validation resulting in privilege escalation

To allow builds of Python to be run from an in-tree layout rather than an installed file layout, the VPATH variable is defined at build time and used to locate certain landmarks - specifically, Modules/setup.local. When this landmark is found relative to VPATH relative to the executable, Python...

5.3CVSS5.4AI score0.00136EPSS
Exploits0References9
cve
cve
added 2026/07/03 6:11 a.m.29 views

CVE-2026-10536

CVE-2026-10536 describes a use-after-free in libcurl when an application builds an HTTP/2 stream-dependency tree with CURLOPT_STREAM_DEPENDS/CURLOPT_STREAM_DEPENDS_E, then calls curl_easy_reset() and ends with curl_easy_cleanup(). During final cleanup libcurl may access/modify an internal structu...

9.8CVSS6AI score0.00891EPSS
Exploits1References3Affected Software1
nvd
nvd
added 2026/07/01 2:16 p.m.5 views

CVE-2026-53341

In the Linux kernel, the following vulnerability has been resolved: fhandle: fix UAF due to unlocked -mntns read in maydecodefh maydecodefh accesses mount::mntns without holding any locks; that means the mount can concurrently be unmounted, and the mntnamespace can concurrently be freed after an...

0.00156EPSS
Exploits0References4
osv
osv
added 2026/07/01 2:16 p.m.12 views

UBUNTU-CVE-2026-53338

In the Linux kernel, the following vulnerability has been resolved: net: airoha: Add NULL check for ofreservedmemlookup in airohaqdmainithfwdqueues ofreservedmemlookup may return NULL if the reserved memory region referenced by the "memory-region" phandle is not found in the reserved memory table...

5.7AI score0.00154EPSS
Exploits0References6
osv
osv
added 2026/07/01 1:32 p.m.3 views

CVE-2026-53338 net: airoha: Add NULL check for of_reserved_mem_lookup() in airoha_qdma_init_hfwd_queues()

In the Linux kernel, the following vulnerability has been resolved: net: airoha: Add NULL check for ofreservedmemlookup in airohaqdmainithfwdqueues ofreservedmemlookup may return NULL if the reserved memory region referenced by the "memory-region" phandle is not found in the reserved memory table...

5.8AI score0.00154EPSS
Exploits0References6
Rows per page
Query Builder