Lucene search
K

5896 matches found

Cvelist
Cvelist
added 4 hours ago5 views

CVE-2026-59216 Open WebUI: Cross-user code-interpreter and tool execution via unvalidated Socket.IO event-caller session_id

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, geteventcall delivered execute:python and execute:tool Socket.IO events to a client-supplied sessionid after checking only that the session was connected, allowing authenticated users who learne...

7.7CVSS
Exploits0References4
CVE
CVE
added 4 hours ago4 views

CVE-2026-59216

Open WebUI vulnerability CVE-2026-59216 affects the self-hosted Open WebUI platform. Before version 0.10.0, get_event_call could deliver execute:python and execute:tool Socket.IO events to a client-supplied session_id after only verifying the session was connected, enabling authenticated users wh...

7.7CVSS6AI score
Exploits0References4
Nuclei
Nuclei
added 18 hours ago27 views

LolLMS < 2.2.0 - Server-Side Request Forgery

A Server-Side Request Forgery SSRF vulnerability exists in parisneo/lollms versions prior to 2.2.0. The /api/files/export-content endpoint processes Markdown image URLs by downloading them via downloadimagetotemp in backend/routers/files.py without any validation, allowing an unauthenticated...

7.5CVSS7.5AI score0.01765EPSS
Exploits1References3
Nuclei
Nuclei
added 18 hours ago76 views

Cockpit Web Console < 360 - Remote Code Execution

Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects malicious SSH...

9.8CVSS7.2AI score0.142EPSS
Exploits3References3
EUVD
EUVD
added yesterday5 views

EUVD-2026-42298

repomix contains a server-side request forgery vulnerability in the POST /api/pack endpoint that allows unauthenticated attackers to make arbitrary outbound requests. The endpoint fails to properly validate http://, https://, and file:// URLs before passing them to git clone, enabling attackers t...

9.3CVSS6.1AI score
Exploits0References4
CVE
CVE
added yesterday9 views

CVE-2026-59702

Summary: CVE-2026-59702 affects repomix. A server-side request forgery exists in POST /api/pack, where unauthenticated attackers can cause the server to fetch arbitrary URLs without proper validation. The endpoint accepts http://, https://, and file:// URLs and passes them to git clone, enabling ...

9.3CVSS6.1AI score
Exploits0References4
Cvelist
Cvelist
added yesterday30 views

CVE-2026-59702 repomix - Server-Side Request Forgery via Unvalidated Repository URLs in POST /api/pack

repomix contains a server-side request forgery vulnerability in the POST /api/pack endpoint that allows unauthenticated attackers to make arbitrary outbound requests. The endpoint fails to properly validate http://, https://, and file:// URLs before passing them to git clone, enabling attackers t...

9.3CVSS
Exploits0References4
NVD
NVD
added yesterday5 views

CVE-2026-57255

The application opens a PDF containing an abnormal color space whose attributes reference a valid but semantically malformed function. The function's output is not validated; when subsequently read, it produces an illegal pointer that accesses an out-of-bounds region, crashing the application...

6.1CVSS0.00107EPSS
Exploits0References1
EUVD
EUVD
added yesterday6 views

EUVD-2026-42198

The application opens a PDF containing an abnormal color space whose attributes reference a valid but semantically malformed function. The function's output is not validated; when subsequently read, it produces an illegal pointer that accesses an out-of-bounds region, crashing the application...

6.1CVSS6AI score0.00107EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-42011

The Frontend File Manager Plugin WordPress plugin through 23.6 does not validate a file path derived from user input before deleting the referenced file, allowing unauthenticated users to delete arbitrary files on the server such as wp-config.php when guest upload mode is enabled. Deleting...

8.7CVSS5.9AI score0.00231EPSS
Exploits1References1
NVD
NVD
added 3 days ago6 views

CVE-2026-34153

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, LocalFileVolume::saveStorageOnServer builds shell commands using unescaped fspath and parentdir values before validation, and submitFileStorage does not validate the...

8.8CVSS0.00403EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 3 days ago4 views

CVE-2026-34153

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, LocalFileVolume::saveStorageOnServer builds shell commands using unescaped fspath and parentdir values before validation, and submitFileStorage does not validate the...

8.8CVSS6.1AI score0.00403EPSS
Exploits0References4Affected Software1
OSV
OSV
added 3 days ago3 views

GHSA-V54H-CP2W-9X4G Coder's session token leaked to arbitrary hosts via `coder open app` for external workspace apps

Summary coder open app opens external workspace-app URLs without validating the scheme or host. When an external app URL contains the $SESSIONTOKEN placeholder the CLI replaces it with the user's real session token before handing the URL to the OS open handler. Note: Practical exploitation requir...

7.7CVSS6.1AI score0.00399EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-9182 Unvalidated File Upload vulnerability in ArcGIS Server.

Esri ArcGIS Server contains an unrestricted file upload vulnerability. An unauthenticated attacker could exploit this issue by uploading a crafted file to the affected endpoint. Successful exploitation could allow arbitrary file upload, potentially allowing for other attacks. This issue impacts a...

9.8CVSS0.00269EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 3 days ago9 views

CVE-2026-9182 Unvalidated File Upload vulnerability in ArcGIS Server.

ArcGIS Server contains an unrestricted file upload vulnerability. An unauthenticated attacker could exploit this issue by uploading a crafted file to the affected endpoint. Successful exploitation could allow arbitrary file upload...

9.8CVSS6.1AI score0.00269EPSS
Exploits0References1
CVE
CVE
added 3 days ago15 views

CVE-2026-9182

CVE-2026-9182 affects ArcGIS Server with an unrestricted file upload vulnerability. An unauthenticated attacker could upload a crafted file to the vulnerable endpoint, potentially enabling arbitrary file upload. The provided sources describe the vulnerability consistently but do not specify affec...

9.8CVSS6.1AI score0.00269EPSS
Exploits0References1Affected Software1
NVD
NVD
added 3 days ago9 views

CVE-2026-4249

The throttling event handling mechanism in multiple WSO2 products accepts user-supplied JSON payloads without sufficient validation of their structure and content. This allows an unauthenticated remote attacker to inject malicious JSON data that can lead to a persistent denial of service conditio...

8.6CVSS0.00339EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 days ago5 views

CVE-2026-4249

The throttling event handling mechanism in multiple WSO2 products accepts user-supplied JSON payloads without sufficient validation of their structure and content. This allows an unauthenticated remote attacker to inject malicious JSON data that can lead to a persistent denial of service conditio...

8.6CVSS6AI score0.00339EPSS
Exploits0References2Affected Software4
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-41871

The throttling event handling mechanism in multiple WSO2 products accepts user-supplied JSON payloads without sufficient validation of their structure and content. This allows an unauthenticated remote attacker to inject malicious JSON data that can lead to a persistent denial of service conditio...

8.6CVSS6AI score0.00339EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 3 days ago8 views

CVE-2026-46591 Apache Camel: Camel-Neo4j: JSON property names from the CamelNeo4jMatchProperties header are interpolated into the Cypher WHERE clause without validation, allowing Cypher injection (incomplete remediation of CVE-2025-66169)

Improper Neutralization of Special Elements in Data Query Logic vulnerability in Apache Camel Neo4J component. The camel-neo4j producer builds the Cypher WHERE clause for its match/retrieve and delete operations from the CamelNeo4jMatchProperties map. CVE-2025-66169 addressed Cypher injection...

6.1AI score0.00613EPSS
Exploits0References1
Rows per page
Query Builder