Lucene search
K

797 matches found

Nuclei
Nuclei
added 10 hours ago175 views

Docassemble - Local File Inclusion

Docassemble is an expert system for guided interviews and document assembly. The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. The vulnerability has been patched in version 1.4.97 of the mast...

7.5CVSS6.9AI score0.69486EPSS
Exploits2References3
Nuclei
Nuclei
added 10 hours ago116 views

Versa Concerto API Path Based - Authentication Bypass

Authentication bypass in the Versa Concerto API, caused by URL decoding inconsistencies. It allowed unauthorized access to certain API endpoints by manipulating the URL path.This issue enabled attackers to bypass authentication controls and access restricted resources. id: CVE-2025-34027 info:...

10CVSS7.1AI score0.35993EPSS
Exploits0References4
CVE
CVE
added 12 hours ago11 views

CVE-2026-15525

CVE-2026-15525 affects the kLOsk adloop package up to version 0.9.0. The vulnerability is in the function _validate_urls in src/adloop/ads/write.py, where manipulating the argument final_url can trigger a server-side request forgery (SSRF). The issue can be exploited remotely and the exploit is p...

6.5CVSS6.4AI score
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/07/06 10:33 a.m.9 views

CVE-2026-58467

A flaw was found in Cockpit CMS. This vulnerability, a path traversal and local file inclusion, allows an unauthenticated attacker to read arbitrary files or execute PHP files. By manipulating the URL, an attacker can bypass security checks and access restricted directories. This could lead to...

8.2CVSS6.3AI score0.00406EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.13 views

PT-2026-55793

Name of the Vulnerable Software and Affected Versions AIAnytime Awesome-MCP-Server versions up to a884bb51bcd99e08e14fd712c749d55d9d9a13ab Description A flaw in the mcp-wiki/wiki-summary component, specifically within the mcp-wiki/src/mcp wiki/server.py file, allows for server-side request forger...

6.5CVSS6.6AI score0.00231EPSS
Exploits0References11
CVE
CVE
added 2026/06/25 4:16 p.m.14 views

CVE-2026-9800

CVE-2026-9800 affects Keycloak Policy Enforcer. The issue allows any authenticated user to bypass authorization checks (roles, scopes, UMA) by leveraging the configured access-denied page path in the request URL, either as a path segment or a query parameter. Root cause described in records as an...

8.1CVSS5.8AI score0.00301EPSS
Exploits0References7Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-12804

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was detected in lemonldap-ng up to 2.23.0. Impacted is an unknown function in the library lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm of...

5.3CVSS5.3AI score0.00264EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 1:19 p.m.10 views

CVE-2026-10839

Open redirection vulnerability in the authentication system allows an attacker to use manipulated values in the X-Forwarded-Host header to alter the URLs generated by the application. A successful exploit could redirect authenticated users to malicious sites following login procedures or...

5.1CVSS0.0042EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.12 views

CVE-2026-6618

A flaw has been found in langgenius dify up to 1.13.3. This issue affects the function parseopenaipluginjsontotoolbundle of the file api/core/tools/utils/parser.py of the component ApiBasedToolSchemaParser. Executing a manipulation of the argument url can lead to server-side request forgery. The...

6.5CVSS6.1AI score0.00206EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.10 views

CVE-2026-7158

A vulnerability has been found in dmitryglhf mcp-url-downloader up to 4b8cf2de55f6e8864a77d108e8a94a5b8e4394c6. Affected by this issue is the function validateurlsafe of the file src/mcpurldownloader/server.py. Such manipulation of the argument url leads to server-side request forgery. The attack...

7.5CVSS6.6AI score0.00294EPSS
Exploits0References1
NVD
NVD
added 2026/06/03 10:16 p.m.14 views

CVE-2026-10771

A vulnerability was found in crmeb crmebjava 1.4. Affected is the function RestTemplate.getForEntity of the file crmeb-common/src/main/java/com/zbkj/common/utils/RestTemplateUtil.java of the component base64 Qrcode Endpoint. The manipulation of the argument url results in server-side request...

7.5CVSS0.00294EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/03 9:30 p.m.7 views

CVE-2026-10771

A vulnerability was found in crmeb crmebjava 1.4. Affected is the function RestTemplate.getForEntity of the file crmeb-common/src/main/java/com/zbkj/common/utils/RestTemplateUtil.java of the component base64 Qrcode Endpoint. The manipulation of the argument url results in server-side request...

7.5CVSS6.8AI score0.00294EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/02 11:15 p.m.7 views

CVE-2026-10690

A vulnerability was identified in wonderwhy-er DesktopCommanderMCP 0.2.37. This affects the function readFileFromUrl of the file src/tools/filesystem.ts of the component readfile. Such manipulation of the argument url leads to server-side request forgery. The attack may be performed from remote...

6.5CVSS5.4AI score0.00209EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2026/06/01 7:45 p.m.25 views

CVE-2026-10287

The vulnerability affects SourceCodester SEO Meta Tag Extractor 1.0, specifically the get_headers function in /index.php. The issue arises from manipulating the url parameter, enabling server-side request forgery (SSRF) that can be initiated remotely. Exploit details have been publicly disclosed....

7.5CVSS5.6AI score0.00294EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/01 7:45 p.m.13 views

EUVD-2026-33758

A vulnerability was determined in SourceCodester SEO Meta Tag Extractor 1.0. This vulnerability affects the function getheaders of the file /index.php. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been...

7.5CVSS5.6AI score0.00294EPSS
Exploits0References6
Snyk
Snyk
added 2026/05/29 10:34 p.m.2 views

Incorrect Authorization

Overview praisonai-platform is a Platform layer for PraisonAI — workspace, auth, issues, projects Affected versions of this package are vulnerable to Incorrect Authorization via improper authorization checks in the requireworkspacemember process. An attacker can gain unauthorized access to...

9.9CVSS5.8AI score0.00043EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/28 2:15 p.m.11 views

CVE-2026-9460

A weakness has been identified in Edimax EW-7438RPn 1.31. This impacts the function formAccept of the file /goform/formAccept. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made...

9CVSS7.9AI score0.00751EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 3:16 p.m.13 views

CVE-2026-44971

GuardDog is a CLI tool to identify malicious PyPI packages. From 1.0.0 to 2.9.0, the programmatic remote project scanning path rewrites attacker-controlled repository URLs using a blind string replacement and then sends the caller's GitHub credentials with the resulting request. This allows an...

8.2CVSS0.00198EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/25 1:0 p.m.39 views

CVE-2026-9460 Edimax EW-7438RPn formAccept stack-based overflow

A weakness has been identified in Edimax EW-7438RPn 1.31. This impacts the function formAccept of the file /goform/formAccept. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made...

9CVSS0.00751EPSS
Exploits0References4
NVD
NVD
added 2026/05/25 8:16 a.m.25 views

CVE-2026-9440

A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulnerability is the function formAccept of the file /goform/formAccept of the component POST Request Handler. Such manipulation of the argument submit-url leads to command injection. It is possible to launch the attack...

6.5CVSS0.01364EPSS
Exploits0References4
Rows per page
Query Builder