Lucene search
+L

2818 matches found

nuclei
nuclei
added yesterday32 views

Export WP Page to Static HTML <= 4.3.4 - Cookie Exposure

Export WP Page to Static HTML & PDF WordPress plugin = 4.3.4 contains a sensitive information exposure caused by publicly exposed cookies.txt files with authentication cookies, letting unauthenticated attackers access sensitive authentication data, exploit requires site administrator to trigger...

9.8CVSS6AI score0.01954EPSS
Exploits0References2
nuclei
nuclei
added yesterday15 views

PraisonAI - Authentication Bypass

PraisonAI 2.5.6 to 4.6.34 contains a broken authentication caused by disabled default authentication in legacy Flask API server, letting remote attackers access /agents and trigger workflows without token, exploit requires network access to API server. id: CVE-2026-44338 info: name: PraisonAI -...

7.3CVSS7.1AI score0.26799EPSS
Exploits3References2
nvd
nvd
added 2 days ago3 views

CVE-2026-56353

n8n contains an authentication bypass in the Chat Trigger node when configured with n8n User Auth a non-default configuration. In affected releases — before 1.123.22, the 2.0.0 through 2.9.2 line, and 2.10.0 — the authentication check on the Chat Trigger webhook endpoint can be circumvented,...

6.3CVSS0.00243EPSS
Exploits0References2
euvd
euvd
added 2 days ago4 views

EUVD-2026-44626

n8n contains an authentication bypass in the Chat Trigger node when configured with n8n User Auth a non-default configuration. In affected releases — before 1.123.22, the 2.0.0 through 2.9.2 line, and 2.10.0 — the authentication check on the Chat Trigger webhook endpoint can be circumvented,...

6.3CVSS6.1AI score0.00243EPSS
Exploits0References2
cve
cve
added 2 days ago6 views

CVE-2026-56353

The CVE-2026-56353 issue affects n8n’s Chat Trigger node configured with n8n User Auth. Affected releases permit bypassing the authentication check on the Chat Trigger webhook endpoint, enabling access without valid credentials. Vulnerable versions include prior to 1.123.22, the 2.0.0–2.9.2 line,...

6.3CVSS6.1AI score0.00243EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2 days ago36 views

CVE-2026-56353 n8n - Authentication Bypass in Chat Trigger Node

n8n contains an authentication bypass in the Chat Trigger node when configured with n8n User Auth a non-default configuration. In affected releases — before 1.123.22, the 2.0.0 through 2.9.2 line, and 2.10.0 — the authentication check on the Chat Trigger webhook endpoint can be circumvented,...

6.3CVSS0.00243EPSS
Exploits0References2
euvd
euvd
added 2 days ago5 views

EUVD-2025-210468

A reachable assertion vulnerability exists in the Matter SDK connectedhomeip 1.3 thru 1.4, specifically within the Level Control cluster's server tick logic emberAfLevelControlClusterServerTickCallback. When a MoveToLevel command is executed and followed by a conflicting write to the OperationMod...

7.5CVSS6AI score0.00393EPSS
Exploits0References3
nvd
nvd
added 3 days ago5 views

CVE-2025-56361

A reachable assertion vulnerability exists in the Matter SDK connectedhomeip 1.3 thru 1.4, specifically within the Level Control cluster's server tick logic emberAfLevelControlClusterServerTickCallback. When a MoveToLevel command is executed and followed by a conflicting write to the OperationMod...

7.5CVSS0.00393EPSS
Exploits0References2
cve
cve
added 3 days ago9 views

CVE-2026-47475

Summary of CVE-2026-47475 (NVIDIA TensorRT-LLM) : A vulnerability in the OpenAI-compatible inference API could allow an attacker to trigger a reachable assertion in the sampler thread, potentially causing a denial of service. The issue is scoped to NVIDIA TensorRT-LLM, with local attack vector an...

6.2CVSS6.1AI score0.0012EPSS
Exploits0References2
cve
cve
added 3 days ago7 views

CVE-2025-56361

Summary: A reachable assertion vulnerability exists in the Matter SDK (connectedhomeip) 1.3–1.4 within the Level Control cluster server tick logic (emberAfLevelControlClusterServerTickCallback). If a MoveToLevel command is followed by a conflicting write to the OperationMode attribute in the Pump...

7.5CVSS6AI score0.00393EPSS
Exploits0References2
cve
cve
added 4 days ago20 views

CVE-2026-60103

Blender 3.0.0–5.1.2 contains an out-of-bounds read via a crafted .blend SDNA block. The signed short member_index is used as an array index into sdna-&gt;members[] in sdna_expand_names() without bounds checking, producing an invalid pointer that is then passed to strlen(), causing a SIGSEGV or un...

6.8CVSS6.1AI score0.00117EPSS
Exploits0References3
nvd
nvd
added last week9 views

CVE-2026-56335

Capgo before 12.128.2 contains an authorization bypass vulnerability where write-scoped API keys can directly mutate protected channel configuration fields through PostgREST by exploiting a null authentication check in the immutability trigger. Attackers with write API keys can modify sensitive...

7.1CVSS0.00295EPSS
Exploits0References2
osv
osv
added last week4 views

CVE-2026-56335 Capgo - Channel Configuration Mutation via Write-Scoped API Keys

Capgo before 12.128.2 contains an authorization bypass vulnerability where write-scoped API keys can directly mutate protected channel configuration fields through PostgREST by exploiting a null authentication check in the immutability trigger. Attackers with write API keys can modify sensitive...

7.1CVSS6.1AI score0.00295EPSS
Exploits0References4
euvd
euvd
added last week10 views

EUVD-2026-42886

Capgo before 12.128.2 contains an authorization bypass vulnerability where write-scoped API keys can directly mutate protected channel configuration fields through PostgREST by exploiting a null authentication check in the immutability trigger. Attackers with write API keys can modify sensitive...

7.1CVSS6.1AI score0.00295EPSS
Exploits0References2
cvelist
cvelist
added last week27 views

CVE-2026-56335 Capgo - Channel Configuration Mutation via Write-Scoped API Keys

Capgo before 12.128.2 contains an authorization bypass vulnerability where write-scoped API keys can directly mutate protected channel configuration fields through PostgREST by exploiting a null authentication check in the immutability trigger. Attackers with write API keys can modify sensitive...

7.1CVSS0.00295EPSS
Exploits0References2
nvd
nvd
added 2026/07/09 10:17 p.m.12 views

CVE-2026-57022

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on MX with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. When an affected device initiates a TCP...

8.2CVSS0.00405EPSS
Exploits0References1
cvelist
cvelist
added 2026/07/09 6:0 a.m.35 views

CVE-2026-12270 Everest Forms < 3.5.0 - Unauthenticated Missing Authorization via Site Assistant REST Endpoints

The Everest Forms WordPress plugin before 3.5.0 does not correctly restrict access to several REST API endpoints belonging to its onboarding assistant: the capability check is only applied when an attacker-controllable request header holds a specific value, so it can be bypassed by omitting or...

0.00179EPSS
Exploits0References1
euvd
euvd
added 2026/07/09 6:0 a.m.6 views

EUVD-2026-42511

The Everest Forms WordPress plugin before 3.5.0 does not correctly restrict access to several REST API endpoints belonging to its onboarding assistant: the capability check is only applied when an attacker-controllable request header holds a specific value, so it can be bypassed by omitting or...

6.5CVSS5.9AI score0.00179EPSS
Exploits0References1
cve
cve
added 2026/07/09 6:0 a.m.9 views

CVE-2026-12270

The CVE concerns Everest Forms for WordPress prior to version 3.5.0. The vulnerability arises because access controls on several onboarding-assistant REST API endpoints are bypassable: the capability check only runs when a specific attacker‑controlled request header has a value, allowing unauthen...

6.5CVSS5.9AI score0.00179EPSS
Exploits0References1
osv
osv
added 2026/07/09 12:0 a.m.3 views

MAL-2026-10074 Malicious code in testis-pack (npm)

The npm package testis-pack presents itself as a small binary packing/checksum utility pack/unpack/checksum/inspect but embeds an obfuscated dropper. It declares a preinstall: node index.js hook. The strings for the C2 host, path and dropped-binary name are not present in plaintext — they are...

6.5AI score
Exploits0References3
Rows per page
Query Builder