Lucene search
K

3402 matches found

Nuclei
Nuclei
added 18 hours ago6 views

vLLM 0.8.3 - 0.14.0 - Information Disclosure

vLLM 0.8.3 to - 0.14.1 contains an information disclosure caused by leaking a heap address in error messages from the multimodal endpoint when processing invalid images, letting remote attackers reduce ASLR entropy, exploit requires sending invalid images. id: CVE-2026-22778 info: name: vLLM 0.8....

9.8CVSS6.8AI score0.03816EPSS
Exploits0References3
Nuclei
Nuclei
added 18 hours ago22 views

LiteLLM - Arbitrary File Read

LiteLLM 1.83.0 contains a broken access control vulnerability caused by lack of admin role enforcement on /config/update endpoint, letting authenticated users modify configurations, execute code, read files, and take over accounts. id: CVE-2026-35029 info: name: LiteLLM - Arbitrary File Read...

8.8CVSS5.8AI score0.26409EPSS
Exploits2References3
Nuclei
Nuclei
added 18 hours ago34 views

WP-Optimize WordPress plugin < 3.2.13 - Cross-Site Scripting

The WP-Optimize WordPress plugin before 3.2.13 and SrbTransLatin WordPress plugin before 2.4.1 are vulnerable to cross-site scripting due to a third-party library that improperly handles HTML character escaping. id: CVE-2023-1119 info: name: WP-Optimize WordPress plugin 3.2.13 - Cross-Site...

6.1CVSS6.6AI score0.01099EPSS
Exploits2References2
EUVD
EUVD
added yesterday4 views

EUVD-2026-40285

Improper Input Validation vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. An attacker that has access to publish or modify entries in LDAP that match the configured searchBase and searchFilter can instantiate denied transports inside the broker JVM. This can be used...

7.5CVSS5.7AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-50750

Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Following the fix for CVE-2026-49270 an unauthenticated attacker can now cause broker OOM by sending an repeated BrokerInfo commands without sending a ConnectionInfo, until the broke...

5.8AI score
Exploits0References2Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 1:48 p.m.4 views

Security Bulletin: Vulnerability in node-tar affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in node-tar has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability have been addressed. Refer to details for additional information. Vulnerabilit...

9.3CVSS5.9AI score0.00445EPSS
Exploits1Affected Software2
NVD
NVD
added 2026/06/22 8:16 a.m.12 views

CVE-2025-66336

Apache Doris MCP Server contains a SQL injection vulnerability in a metadata query path. A user-controlled database name is directly interpolated into a SQL query, and the query is executed without passing the caller's authorization context. This may allow an authenticated attacker, or an anonymo...

8.1CVSS0.00375EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/22 7:38 a.m.10 views

EUVD-2026-38219

Apache NiFi 1.12.0 through 2.9.0 are missing authorization when replacing Process Groups that include extension components with specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required, but framework authorization did not...

7.5CVSS5.9AI score0.00393EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 7:36 a.m.10 views

EUVD-2026-38217

Improper escaping of database table names in the CaptureChangeMySQL Processor included with Apache NiFi 1.2.0 through 2.9.0 allows for injecting SQL commands using crafted naming. Manual quoted boundaries added in Apache NiFi 1.8.0 narrowed the scope of potential injection options, but did not...

5.2CVSS5.9AI score0.00385EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.10 views

PT-2026-51284

Name of the Vulnerable Software and Affected Versions Apache NiFi versions 1.12.0 through 2.9.0 Description Authorization is missing when replacing Process Groups that include extension components with specific Required Permissions based on the Restricted annotation. The Restricted annotation...

7.5CVSS5.9AI score0.00393EPSS
Exploits0References10
CVE
CVE
added 2026/06/19 1:7 p.m.19 views

CVE-2026-39999

CVE-2026-39999 is an authentication bypass in Apache APISIX caused by misconfigurations in the jwt-auth plugin. Affected versions are 2.2 through 3.16.0; the issue allows bypassing authentication via spoofed tokens. The entry is resolved by upgrading to v3.17.0, which fixes the vulnerability. Rel...

9.1CVSS5.9AI score0.00386EPSS
Exploits0References2Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Apache2

A regression in Apache HTTP Server 2.4.60 ignores some uses of the legacy content-type-based configuration for handlers. Configurations like “AddType” and similar settings, under certain circumstances where files are requested indirectly, can lead to exposure of local content in the source code...

6.2CVSS6.3AI score0.00889EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15, and Linux 6.1

A “use-after-free” vulnerability in the Linux kernel’s ipv4:igmp component can be exploited to achieve local privilege escalation. A race condition can also be exploited, causing a timer to be mistakenly registered on a RCU read-locked object that is then freed by another thread. We recommend...

7.8CVSS6.5AI score0.00371EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in libcommons-fileupload-java, tomcat9

The allocation of resources for multipart headers with insufficient limits enabled created a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: versions from 1.0 before 1.6, and from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to version 1...

7.5CVSS6.9AI score0.63258EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.16 views

PT-2026-50895

Name of the Vulnerable Software and Affected Versions Apache APISIX versions 3.8.0 through 3.16.0 Description Improper Validation of Integrity Check Value in the jwe-decrypt plugin under default configuration allows for authentication bypass. Recommendations Upgrade to version 3.17.0...

9.1CVSS5.9AI score0.00224EPSS
Exploits0References6
Snyk
Snyk
added 2026/06/18 8:36 p.m.4 views

User Impersonation

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to User Impersonation via the allowFrom process. An attacker can gain unauthorized access to agent privileges intended for another Discord identity by exploiting mutable display name metadat...

8.6CVSS5.9AI score0.00267EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/18 1:56 p.m.5 views

Incorrect Authorization

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

9.8CVSS6.1AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.7 views

Debian dsa-6349 : atril - security update

The remote Debian 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6349 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6349-1 [email protected] https://www.debian.org/security/...

8.4CVSS5.8AI score0.00529EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/17 6:20 p.m.8 views

Improper Certificate Validation

Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Improper Certificate Validation in the ProxyAgent when configured with a SOCKS5 proxy URI, which causes the requestTls option to be silently dropped. An attacker can...

7.4CVSS6.4AI score0.00375EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/15 8:7 p.m.8 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via MultipartWriter.append or Payload.headers when attacker-controlled input is included in multipart or payload headers. An attacker can inject additional headers or alter the contents of a request by supplying...

7.5CVSS5.3AI score0.00301EPSS
Exploits0References3
Rows per page
Query Builder