Lucene search
K

77 matches found

CVE
CVE
added 4 days ago8 views

CVE-2026-58499

EverOS is affected by a path-traversal vulnerability in the POST /api/v1/memory/add ingestion endpoint prior to version 1.0.1. The per-message sender_id was not validated as a path-safe identifier, unlike app_id/project_id, and is used as owner_id to build the filesystem path for persisting extra...

8.2CVSS6.1AI score0.00356EPSS
Exploits0References3
CVE
CVE
added 2026/06/29 5:21 p.m.13 views

CVE-2026-57953

The vulnerability affects Mythic prior to version 3.4.0.60 and is due to an authorization bypass that allows authenticated spectator-role users to perform unauthorized write operations via the eventing_import_automatic_webhook endpoint registered under spectator-permitted middleware. Exploitation...

5.4CVSS5.8AI score0.00249EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/22 1:43 p.m.10 views

CVE-2026-52908

A flaw was found in the Linux kernel. This vulnerability occurs during the re-registration of a Remote Direct Memory Access RDMA memory region. If the memory's access permissions are changed from read-only to read-write, the system may fail to properly update and secure the underlying user memory...

7.8CVSS5.6AI score0.00129EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/18 11:37 p.m.41 views

CVE-2026-12045 pgAdmin 4: AI Assistant read-only transaction bypass allows unauthorised writes and remote code execution

Read-only transaction bypass in the pgAdmin 4 AI Assistant allows an attacker who can influence database content that the assistant reads to execute arbitrary SQL with the privileges of the pgAdmin user's database role. The AI Assistant's executesqlquery tool runs LLM-generated SQL inside a BEGIN...

9.4CVSS0.00482EPSS
Exploits0References2
CVE
CVE
added 2026/06/18 11:37 p.m.97 views

CVE-2026-12045

The CVE-2026-12045 affects pgAdmin 4 (from version 9.13 up to before 9.16) and concerns the AI Assistant read-only transaction bypass. A prompt-injection vulnerability allows an attacker who can influence content seen by the AI Assistant to craft LLM-generated SQL payloads that bypass the BEGIN T...

9.4CVSS7AI score0.00482EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/06/16 11:41 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization through the improper enforcement of access controls in the pull request creation and push authorization processes. An attacker can gain unauthorized write access to repositories by abusing the "Allow edits from...

8.5CVSS6.1AI score0.00291EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/16 11:41 p.m.5 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization through the improper enforcement of access controls in the pull request creation and push authorization processes. An attacker can gain unauthorized write access to repositories by abusing the "Allow edits from...

8.5CVSS6.1AI score0.00291EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/10 12:31 a.m.11 views

EUVD-2026-35844

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in an arbitrary file system write. An attacker could leverage this vulnerability to write to...

5.5CVSS5.6AI score0.00178EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/02 3:27 p.m.2 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: net: skbuff: The SKBFLSHAREDFRAG bit was not properly propagated through the frag-transfer helpers. Two frag-transfer helpers pskbcopyfclone and skbshift fail to propagate the SKBFLSHAREDFRAG bit in skbshinfo-flags when moving...

8.8CVSS6.3AI score0.00135EPSS
Exploits7References3
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.15 views

MediaTek Chipsets 安全漏洞

MediaTek Chipsets are a series of chips developed by MediaTek Corporation in China. The MediaTek Chipsets contain security vulnerabilities. These vulnerabilities stem from competitive conditions in the geniezone mechanism, which lead to unauthorized writing operations. This can result in an...

6.4CVSS5.3AI score0.00078EPSS
Exploits0References2
OSV
OSV
added 2026/05/26 12:29 p.m.6 views

SUSE-SU-2026:21851-1 Security update for docker-stable

This update for docker-stable fixes the following issues - CVE-2026-33747: github.com/moby/buildkit: malicious frontends can craft API messages that cause files to be written outside of the BuildKit state directory bsc1260967. - CVE-2026-33748: github.com/moby/buildkit: insufficient validation of...

9.8CVSS7AI score0.00498EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/19 9:35 a.m.13 views

luksmeta: Data corruption when handling LUKS1 partitions with luksmeta

A data corruption vulnerability has been identified in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker with the necessary permissions can exploit this flaw by writing a large amount of metadata to an encrypted device. The utility fails to correctly validate the...

4.4CVSS5.7AI score0.00095EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...

6.5CVSS5.8AI score0.01385EPSS
Exploits0References2
CNVD
CNVD
added 2026/04/22 12:0 a.m.8 views

Oracle VM VirtualBox Core Component Memory Corruption Vulnerability

Oracle VM VirtualBox is a desktop virtualization software developed by Oracle to run multiple operating systems on a single host. A memory corruption vulnerability exists in Oracle VM VirtualBox. The vulnerability stems from a failure of the Core component to properly handle memory operations and...

5CVSS7.9AI score0.00096EPSS
Exploits0
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.10 views

Oracle VM VirtualBox 安全漏洞

Oracle VM VirtualBox is a desktop virtualization software developed by Oracle to run multiple operating systems on a single host. A memory corruption vulnerability exists in Oracle VM VirtualBox. The vulnerability stems from a failure of the Core component to properly handle memory operations and...

5CVSS5.8AI score0.00096EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/20 7:23 p.m.6 views

CVE-2026-35402

mcp-neo4j-cypher is an MCP server for executing Cypher queries against Neo4j databases. In versions prior to 0.6.0, the readonly mode enforcement can be bypassed using APOC CALL procedures, potentially allowing unauthorized write operations or server-side request forgery. This issue is fixed in...

2.3CVSS5.7AI score0.00264EPSS
Exploits0References1
Veracode
Veracode
added 2026/04/18 5:38 a.m.9 views

Authorization Bypass

mcp-neo4j-cypher is vulnerable to Authorization Bypass. The vulnerability is due to the readonly mode enforcement being bypassable using APOC CALL procedures, where unauthorized write operations or server-side request forgery can occur and attackers can exploit this to gain unauthorized access...

2.3CVSS5.3AI score0.00264EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/04/17 9:30 p.m.6 views

EUVD-2026-23518

Neo4j Labs MCP Servers: SSRF and Data Modification via readonly Mode Bypass Through CALL Procedures...

2.3CVSS5.7AI score0.00264EPSS
Exploits0References2
NVD
NVD
added 2026/04/17 9:16 p.m.8 views

CVE-2026-35402

mcp-neo4j-cypher is an MCP server for executing Cypher queries against Neo4j databases. In versions prior to 0.6.0, the readonly mode enforcement can be bypassed using APOC CALL procedures, potentially allowing unauthorized write operations or server-side request forgery. This issue is fixed in...

2.3CVSS0.00264EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/17 8:34 p.m.28 views

CVE-2026-35402 mcp-neo4j-cypher: SSRF and Data Modification via read_only Mode Bypass Through CALL Procedures

mcp-neo4j-cypher is an MCP server for executing Cypher queries against Neo4j databases. In versions prior to 0.6.0, the readonly mode enforcement can be bypassed using APOC CALL procedures, potentially allowing unauthorized write operations or server-side request forgery. This issue is fixed in...

2.3CVSS0.00264EPSS
Exploits0References2
Rows per page
Query Builder