Lucene search
K

1630 matches found

NVD
NVD
added yesterday9 views

CVE-2026-15330

A vulnerability was determined in zhayujie CowAgent up to 2.1.1. Impacted is the function buildimagecontent/downloadtodataurl of the file agent/tools/vision/vision.py of the component Vision Tool. Executing a manipulation of the argument image can lead to server-side request forgery. The attack c...

7.5CVSS0.00352EPSS
Exploits0References9
Nuclei
Nuclei
added yesterday36 views

Leantime < 2.4 - Authenticated SQL Injection

Leantime is an open source project management system. A 'userId' variable in app/domain/files/repositories/class.files.php is not parameterized. An authenticated attacker can send a carefully crafted POST request to /api/jsonrpc to exploit an SQL injection vulnerability. Confidentiality is impact...

6.5CVSS6.7AI score0.01872EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2 days ago5 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.12.93 security and extras update

Red Hat OpenShift Container Platform release 4.12.93 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Low...

8.7CVSS6AI score0.00656EPSS
Exploits0References2
CVE
CVE
added 4 days ago13 views

CVE-2026-48828

The CVE-2026-48828 issue affects Apache Airflow’s Bulk Variables API: the redactor was invoked without passing the variable key, so the key-based should_hide_value_for_key check (triggered by secret-suffixed keys like *_password, *_token, *_secret) could not redact JSON-typed variable values. An ...

6.5CVSS6AI score0.00664EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-42024

The Config API in Apache Airflow surfaced per-key secrets-backend overrides environment variables like AIRFLOWSECRETSBACKENDKWARGSECRETID and AIRFLOWWORKERSSECRETSBACKENDKWARGSECRETID as synthetic config options whose option names were not in sensitiveconfigvalues, so the masker did not redact...

6.5CVSS6AI score0.00664EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 5 days ago11 views

Debian dsa-6381 : ata-modules-6.12.90+deb13-armmp-di - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6381 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6381-1 [email protected] https://www.debian.org/securit...

9.8CVSS6.8AI score0.00497EPSS
Exploits5References52
Tenable Nessus
Tenable Nessus
added 6 days ago11 views

Debian dsa-6377 : libapache2-mod-php8.4 - security update

The remote Debian 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6377 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6377-1 [email protected] https://www.debian.org/security/ Moritz...

5.6CVSS6.2AI score0.00306EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/07/01 6:0 a.m.10 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.18.46 security and extras update

Red Hat OpenShift Container Platform release 4.18.46 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a security impact of...

8.7CVSS5.9AI score0.00656EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/29 8:39 p.m.5 views

CVE-2026-53404

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant that if the first condition in an OR chain matched, subsequent non-OR conditions were skipped. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

5.7AI score0.00413EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/29 12:31 a.m.10 views

EUVD-2026-40011

A weakness has been identified in Chess Play and Learn App up to 4.9.42 on Android. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.chess. This manipulation causes exposure of backup file to an unauthorized control sphere. It is feasible to perform...

2.4CVSS5.4AI score0.00133EPSS
Exploits0References7
NVD
NVD
added 2026/06/29 12:16 a.m.10 views

CVE-2026-13514

A weakness has been identified in Chess Play and Learn App up to 4.9.42 on Android. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.chess. This manipulation causes exposure of backup file to an unauthorized control sphere. It is feasible to perform...

2.4CVSS0.00133EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/25 11:0 a.m.12 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.13.68 packages and security update

Red Hat OpenShift Container Platform release 4.13.68 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a...

10CVSS6.9AI score0.01945EPSS
Exploits4References7
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.5 views

Debian dsa-6362 : gir1.2-gst-plugins-bad-1.0 - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6362 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6362-1 [email protected] https://www.debian.org/securit...

7.1CVSS6.3AI score0.0031EPSS
Exploits0References8
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in libhttp-daemon-perl

HTTP::Daemon is a simple HTTP server class written in Perl. Versions prior to 6.15 are vulnerable to a vulnerability that could potentially be exploited to gain privileged access to APIs or corrupt intermediate caches. It’s unclear how severe these risks are; most Perl-based applications are serv...

7.3CVSS6.5AI score0.02108EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in xrdp

xrdp is an open-source project that provides a graphical login to remote machines using the Microsoft Remote Desktop Protocol RDP. xrdp versions prior to 0.9.21 contain a buffer overflow in the devredirprocclientdevlistannouncereq function. There are no known workarounds for this issue. Users are...

9.8CVSS7.2AI score0.00847EPSS
Exploits0References2
Debian
Debian
added 2026/06/19 8:43 a.m.8 views

[SECURITY] [DLA 4635-1] firefox-esr security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4635-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort June 19, 2026 https://wiki.debian.org/LTS -...

9.6CVSS5.9AI score0.00476EPSS
Exploits0
OSV
OSV
added 2026/06/16 11:38 p.m.5 views

GHSA-4XPC-PV4P-PM3W LiteLLM: Authentication Bypass via Host Header Injection

Impact A Host-header parsing flaw in the LiteLLM proxy could, under specific conditions, allow unauthenticated access to protected management routes. The auth layer derived the effective route from request.url.path in litellm/proxy/auth/authutils.py::getrequestroute, which Starlette reconstructs...

9.5CVSS5.4AI score0.00559EPSS
Exploits1References3
OSV
OSV
added 2026/06/16 7:4 p.m.5 views

GHSA-83PC-3RW9-QPWJ Deno: WebSocket API sandbox bypass via missing post-DNS check

Summary When a WebSocket connection was opened, Deno checked the destination hostname against --deny-net rules but did not re-check the IP addresses that hostname resolved to. An attacker-controlled script could use a specially crafted domain name that passes the hostname check yet resolves to a...

5.2CVSS5.5AI score0.00101EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.18 views

PT-2026-50173

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.55 n8n versions prior to 2.25.7 n8n versions prior to 2.26.2 Description An open source workflow automation platform contains an issue where a member-level user with editor access to a shared workflow can reference...

9.6CVSS5.9AI score0.00315EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/15 12:31 a.m.13 views

EUVD-2026-36666

A security vulnerability has been detected in GL.iNet GL-MT3000 up to 4.4.5. Affected by this vulnerability is an unknown functionality of the file /usr/bin/oneclickupgrade of the component Online Firmware Upgrade Handler. Such manipulation leads to command injection. The attack can be launched...

9CVSS7.5AI score0.0194EPSS
Exploits0References7
Rows per page
Query Builder