Lucene search
+L

233 matches found

NVD
NVD
added 7 hours ago4 views

CVE-2026-16017

A security flaw has been discovered in mosaxiv clawlet up to 0.2.10. Impacted is the function list/remove of the file tools/toolcron.go of the component cron Chat Tool. The manipulation results in missing authorization. The attack may be performed from remote. The exploit has been released to the...

6.5CVSS
Exploits0References6
CVE
CVE
added yesterday8 views

CVE-2026-13005

The CVE concerns the MxChat – AI Chatbot & Content Generation for WordPress plugin for WordPress. Affected: all versions up to 3.2.10. Vulnerability: Stored Cross-Site Scripting via the intro_message admin setting due to insufficient input sanitization and output escaping. Privileged context: aut...

4.4CVSS6.2AI score0.00207EPSS
Exploits0References6
NVD
NVD
added 2 days ago5 views

CVE-2026-45533

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase export-center deletion can accept path traversal sequences such as ../ in the bulk delete API endpoint and pass attacker-controlled identifiers to ExportCenterManage.delete, allowing recursive deletion of...

8.3CVSS0.00313EPSS
Exploits0References3
NVD
NVD
added 2 days ago4 views

CVE-2026-45417

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase datasource connection status checks concatenate configuration.getSchema into getTablesSql and execute the resulting SQL with executeQuery in io.dataease.datasource.provider.CalciteProvidercheckStatus,...

8.7CVSS0.00227EPSS
Exploits0References3
CVE
CVE
added 2 days ago10 views

CVE-2026-45320

DataEase (open source data visualization/analysis tool) is affected by an SQL injection in dashboard variables. Prior to version 2.10.23, dashboard SQL variables (e.g., ${deptId}) are processed by SqlparserUtils.transFilter(), whose final branch returns raw user input for non-in and non-between o...

8.7CVSS6.1AI score0.00269EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/07 8:39 p.m.31 views

CVE-2026-50529 DataEase: Link Token Leakage Prior to Share Password/Ticket Validation

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the /de2api/share/proxyInfo share interface generates and returns X-DE-LINK-TOKEN before validating the share password or ticket, allowing unauthenticated attackers who know a protected share UUID to obtain a valid...

8.7CVSS0.00285EPSS
Exploits0References3
OSV
OSV
added 2026/07/07 10:17 a.m.5 views

PYSEC-2026-1029 TensorFlow vulnerable to floating point exception in `Conv2D`

Impact If Conv2D is given empty input and the filter and padding sizes are valid, the output is all-zeros. This causes division-by-zero floating point exceptions that can be used to trigger a denial of service attack. python import tensorflow as tf import numpy as np with tf.device"CPU": also can...

5.9CVSS7AI score0.00396EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/07/02 6:0 a.m.42 views

CVE-2026-11781 Adminify < 4.2.10 - Contributor+ Sensitive Information Disclosure via Global Search AJAX

The Adminify WordPress plugin before 4.2.10 does not perform per-user read-capability checks on the results returned by one of its administration search features, allowing users with a low-privilege role Contributor to disclose non-public content that WordPress would not otherwise expose to them,...

0.00189EPSS
Exploits0References1
OSV
OSV
added 2026/06/24 11:7 a.m.7 views

BIT-NIFI-2026-44913 Apache NiFi: Improper Escaping of Table Names in CaptureChangeMySQL

Improper escaping of database table names in the CaptureChangeMySQL Processor included with Apache NiFi 1.2.0 through 2.9.0 allows for injecting SQL commands using crafted naming. Manual quoted boundaries added in Apache NiFi 1.8.0 narrowed the scope of potential injection options, but did not...

7.2CVSS5.9AI score0.00385EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/22 7:37 a.m.11 views

EUVD-2026-38218

Authorization handling for component configuration verification requests in Apache NiFi 1.15.0 through 2.9.0 allows clients with read access to submit proposed configuration properties. The proposed properties override current configuration, enabling users with read access to invoke predefined...

2.3CVSS5.8AI score0.00327EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 7:36 a.m.9 views

CVE-2026-44913

Improper escaping of database table names in the CaptureChangeMySQL Processor included with Apache NiFi 1.2.0 through 2.9.0 allows for injecting SQL commands using crafted naming. Manual quoted boundaries added in Apache NiFi 1.8.0 narrowed the scope of potential injection options, but did not...

5.2CVSS5.9AI score0.00385EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/16 1:29 p.m.5 views

SUSE-SU-2026:2418-1 Security update for 389-ds

This update for 389-ds fixes the following issue Update to 2.2.10git229.1fa7ffdb4: - CVE-2026-9064: unbounded LDAP controls count in getldapmessagecontrolsext can lead to amplified CPU time and heap allocation and a denial of service bsc1265898. Changelog: Issue 7503 - CVE-2026-9064 - Add a limit...

7.5CVSS5.3AI score0.00815EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/11 12:34 p.m.64 views

CVE-2026-48998 guzzlehttp/psr7 has Host Confusion via Authority Reinterpretation

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 contain improper Host header validation when parsing raw HTTP request messages and when deriving a server request URI from server variables. An attacker can provide a malformed Host header containing U...

5.3CVSS0.00198EPSS
Exploits0References1
OSV
OSV
added 2026/06/11 12:34 p.m.2 views

CVE-2026-48998 guzzlehttp/psr7 has Host Confusion via Authority Reinterpretation

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 contain improper Host header validation when parsing raw HTTP request messages and when deriving a server request URI from server variables. An attacker can provide a malformed Host header containing U...

5.3CVSS6AI score0.00198EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 12:24 p.m.12 views

CVE-2026-7486 SQLi in Netcad's E-İmar

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Netcad Software Inc. E-İmar allows SQL Injection. This issue affects E-İmar: from 2.10.1.0 before 3.0.2...

9.8CVSS5.6AI score0.00275EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/08 5:43 p.m.16 views

Important: Red Hat Security Advisory: multicluster engine for Kubernetes v2.10.3 security update

The multicluster engine for Kubernetes 2.10 General Availability release images, which add new features and enhancements, bug fixes, and updated container images. The multicluster engine for Kubernetes v2.10 images The multicluster engine for Kubernetes provides the foundational components that a...

10CVSS6.4AI score0.01557EPSS
Exploits7References9
NVD
NVD
added 2026/06/02 4:16 p.m.66 views

CVE-2026-44367

Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, a vulnerability exists in the user registration and login mechanisms due to inconsistent handling of username case sensitivity, leading to a targeted Denial of Service DoS and complete account...

2.7CVSS0.00236EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/02 3:30 p.m.12 views

CVE-2026-45080 Klaw: Improper Access Control Allows Disclosure of Password Hash

Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, improper access control allows disclosure of password hash. This issue has been patched in version 2.10.4...

6.9CVSS5.7AI score0.00249EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/02 3:29 p.m.48 views

CVE-2026-44367 Klaw: user lockout due to case sensitivity inconsistency

Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, a vulnerability exists in the user registration and login mechanisms due to inconsistent handling of username case sensitivity, leading to a targeted Denial of Service DoS and complete account...

2.7CVSS0.00236EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/02 3:29 p.m.13 views

CVE-2026-44367

Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, a vulnerability exists in the user registration and login mechanisms due to inconsistent handling of username case sensitivity, leading to a targeted Denial of Service DoS and complete account...

2.7CVSS5.7AI score0.00236EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder