Lucene search
K

13222 matches found

Nuclei
Nuclei
added 11 hours ago67 views

Mlflow < 2.11.0 - Path Traversal

A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '' character can be used to insert a path into the fragment, effectively...

7.5CVSS7AI score0.43284EPSS
Exploits1References2
Nuclei
Nuclei
added 11 hours ago10 views

Hitachi Pentaho Business Analytics Server - Bypass Authorization

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented. id: CVE-2022-43939 info: name: Hitachi Pentaho Business Analytics Server - Bypass Authorization author: daffainf...

9.8CVSS7.1AI score0.9767EPSS
Exploits7References3
EUVD
EUVD
added 18 hours ago4 views

EUVD-2026-43537

OpenClaw before 2026.6.6 contains a policy bypass vulnerability in browser CDP discovery that accepts blocked WebSocket URLs. Attackers with lower-trust access can reach network destinations that should have been blocked by OpenClaw policy when the affected feature is enabled...

8.5CVSS6.1AI score
Exploits0References3
EUVD
EUVD
added 18 hours ago5 views

EUVD-2026-43587

SAP NetWeaver Application Server Java allows an unauthenticated attacker to inject malicious JavaScript through crafted URLs. When a victim accesses such a URL, the script executes in the user's browser, allowing the attacker to access sensitive session information and modify non-sensitive data...

8.2CVSS6.1AI score
Exploits0References2
NVD
NVD
added yesterday4 views

CVE-2026-62197

OpenClaw before 2026.6.6 contains a policy bypass vulnerability in browser CDP discovery that accepts blocked WebSocket URLs. Attackers with lower-trust access can reach network destinations that should have been blocked by OpenClaw policy when the affected feature is enabled...

8.5CVSS
Exploits0References2
Cvelist
Cvelist
added yesterday26 views

CVE-2026-62197 OpenClaw < 2026.6.6 Policy Bypass via CDP Discovery

OpenClaw before 2026.6.6 contains a policy bypass vulnerability in browser CDP discovery that accepts blocked WebSocket URLs. Attackers with lower-trust access can reach network destinations that should have been blocked by OpenClaw policy when the affected feature is enabled...

8.5CVSS
Exploits0References2
CVE
CVE
added yesterday8 views

CVE-2026-62197

CVE-2026-62197: OpenClaw before 2026.6.6 has a policy bypass in browser CDP discovery that accepts blocked WebSocket URLs. Attackers with lower-trust access can reach network destinations that the OpenClaw policy should block when the affected feature is enabled. Affected product/version: OpenCla...

8.5CVSS6.1AI score
Exploits0References2Affected Software1
CVE
CVE
added yesterday10 views

CVE-2026-62242

CVE-2026-62242 affects Spring Boot Admin Server prior to 4.1.2. The vulnerability is a server-side request forgery in the unauthenticated instance registration flow, where attacker-controlled healthUrl and managementUrl are not validated against private IP ranges or metadata endpoints. This allow...

8.6CVSS6.2AI score
Exploits0References5
Circl
Circl
added yesterday7 views

CVE-2026-49970

creationtimestamp| type| source ---|---|--- 2026-07-13 18:52:28+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqkefsdmh627 2026-07-13 19:40:38+00:00| seen| https://bsky.app/profile/malwareobserver.bsky.social/post/3mqkh3wqres2s 2026-07-13 20:01:37+00:00| seen|...

8.8CVSS6.1AI score
Exploits0References3
Circl
Circl
added yesterday4 views

CVE-2026-15574

creationtimestamp| type| source ---|---|--- 2026-07-13 09:50:32+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqjg4qea2f2i 2026-07-13 09:50:39+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqjg4wv44l2k 2026-07-14 01:10:43+00:00| seen|...

7.5CVSS6.1AI score0.00259EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday279 views

ChatGPT个人专用版 - Server Side Request Forgery

A Server-Side Request Forgery SSRF in pictureproxy.php of ChatGPT commit f9f4bbc allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the urlparameter. id: CVE-2024-27564 info: name: ChatGPT个人专用版 - Server Side Request Forgery author: DhiyaneshDK...

6.5CVSS7AI score0.40637EPSS
Exploits2References2
Circl
Circl
added yesterday5 views

CVE-2026-9492

creationtimestamp| type| source ---|---|--- 2026-07-13 04:30:25+00:00| seen| https://infosec.exchange/users/offseq/statuses/116910786151566204 2026-07-13 04:30:27+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mqiuaepo5j2r 2026-07-13 05:00:25+00:00| seen|...

8.5CVSS6.1AI score0.00109EPSS
Exploits0References8
NVD
NVD
added yesterday8 views

CVE-2026-15525

A vulnerability was detected in kLOsk adloop up to 0.9.0. This vulnerability affects the function validateurls of the file src/adloop/ads/write.py. Performing a manipulation of the argument finalurl results in server-side request forgery. The attack may be initiated remotely. The exploit is now...

6.5CVSS0.00214EPSS
Exploits0References8
EUVD
EUVD
added yesterday9 views

EUVD-2026-43267

A vulnerability was detected in kLOsk adloop up to 0.9.0. This vulnerability affects the function validateurls of the file src/adloop/ads/write.py. Performing a manipulation of the argument finalurl results in server-side request forgery. The attack may be initiated remotely. The exploit is now...

6.5CVSS6.4AI score0.00214EPSS
Exploits0References8
CVE
CVE
added yesterday13 views

CVE-2026-15525

CVE-2026-15525 affects the kLOsk adloop package up to version 0.9.0. The vulnerability is in the function _validate_urls in src/adloop/ads/write.py, where manipulating the argument final_url can trigger a server-side request forgery (SSRF). The issue can be exploited remotely and the exploit is p...

6.5CVSS6.4AI score0.00214EPSS
Exploits0References8
Circl
Circl
added 3 days ago10 views

CVE-2026-15096

creationtimestamp| type| source ---|---|--- 2026-07-11 05:27:40+00:00| seen| https://bsky.app/profile/qiancx.bsky.social/post/3mqdwiu3p3x2m 2026-07-11 05:27:40+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdwiu4qbf2d 2026-07-14 00:12:06+00:00| seen|...

6.4CVSS6.1AI score0.00193EPSS
Exploits0References4
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-43138

The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.14.0 via the generatedocumentshortcode due to missing validation on a user controlled key. This makes it possible for authenticated...

4.3CVSS6.1AI score0.00223EPSS
Exploits0References8
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43135

The SurfLink - Ultimate Link Manager plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the ajaximport410 function in all versions up to 2.6.0. This is due to a missing capability check currentusercan and missing nonce verification...

4.3CVSS6.1AI score0.00213EPSS
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago11 views

Malicious code in auth-next-gen (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe0926f0a2c1f47072efaac014be38bb00c8e9f31f59badf188b1ed74dd5c2ce On require of auth-next-gen, index.js loads lib/writer.js, which at module top level performs an axios GET against a base64-obfuscated URL...

6.5AI score
Exploits0References4
Circl
Circl
added 4 days ago8 views

CVE-2026-54000

creationtimestamp| type| source ---|---|--- 2026-07-10 22:30:07+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqd767pejc2x 2026-07-10 23:32:21+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdcnj33hu22...

7CVSS6.1AI score0.00108EPSS
Exploits0References2
Rows per page
Query Builder