Lucene search
K

164408 matches found

NVD
NVD
added 1 hour ago3 views

CVE-2026-20153

As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The...

7.5CVSS
Exploits0References1
CVE
CVE
added 2 hours ago71 views

CVE-2026-45793

CVE-2026-45793 affects Composer (PHP dependency manager). Prior to 1.10.28, 2.2.28, and 2.9.8, Composer\IO\BaseIO::loadConfiguration() validated GitHub tokens with ^[.A-Za-z0-9_]+$ and interpolated rejected tokens into an UnexpectedValueException. GitHub Actions GITHUB_TOKEN values formatted as g...

7.5CVSS6.1AI score0.00079EPSS
Exploits0References9
Cvelist
Cvelist
added 2 hours ago7 views

CVE-2026-45793 Composer: Github Actions issued GITHUB_TOKEN disclosure in GitHub Actions logs

Composer is a dependency Manager for the PHP language. Prior to 1.10.28, 2.2.28, and 2.9.8, Composer\IO\BaseIO::loadConfiguration validates GitHub OAuth tokens with the regex ^.A-Za-z0-9+$ and interpolates rejected tokens into an UnexpectedValueException; GitHub Actions GITHUBTOKEN values using t...

7.5CVSS0.00079EPSS
Exploits0References9
Cvelist
Cvelist
added 2 hours ago6 views

CVE-2026-20153 Cisco RoomOS Security Hardening Release - Input Validation Vulnerabilities

As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The...

7.5CVSS
Exploits0References1
CVE
CVE
added 2 hours ago8 views

CVE-2026-20153

Technical details (affected products/versions, root cause, impact, fixes) are not provided in the supplied documents. Monitor Cisco Security Advisory and CVE entry for updates.

7.5CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added 4 hours ago9 views

CVE-2026-47159 Vaultwarden: Authentication Flow Information Disclosure in SSO Discovery Allows Organization Enumeration and Pre-Validation Token Exposure

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's SSO discovery and pre-validation flow returned organization-related SSO metadata including organizationIdentifier values for arbitrary email addresses and allowed a valid pre-validation JWT to be obtained...

6.9CVSS0.00046EPSS
Exploits0References4
CVE
CVE
added 4 hours ago9 views

CVE-2026-47159

Vaultwarden (Rust) prior to 1.36.0 is affected by CVE-2026-47159, where the SSO discovery and pre-validation flow exposed organization-related SSO metadata, including organizationIdentifier values for arbitrary email addresses, and allowed obtaining a valid pre-validation JWT with only the discov...

6.9CVSS6.2AI score0.00046EPSS
Exploits0References4
CVE
CVE
added 6 hours ago6 views

CVE-2026-15779

Summary: CVE-2026-15779 concerns Samba’s pam_winbind when mkhomedir is enabled. pam_winbind chowns the target account’s home directory without validating that the path is not a critical system directory like “/”. On systems where / is a user home (a common default for system accounts), this can b...

6.1CVSS6.1AI score
Exploits0References5
NVD
NVD
added 6 hours ago6 views

CVE-2026-61451

The Grav API plugin grav-plugin-api before 1.0.4 does not validate the origin of the client-supplied adminbaseurl field in the POST /api/v1/auth/forgot-password endpoint. The sanitizeHttpUrl function only checks that the URL scheme is http/https and never verifies the host against the server's ow...

9.6CVSS
Exploits0References2
NVD
NVD
added 6 hours ago2 views

CVE-2026-56349

n8n before version 2.10.0 contains an input validation vulnerability in the Guardrail node that allows attackers to bypass default guardrail instructions. End users can craft malicious inputs to circumvent guardrail protections and compromise workflow integrity...

6.3CVSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 7 hours ago18 views

The vulnerability of the Directum Web Agent component of the Directum RX system, which arises due to insufficient validation of input data, allows a perpetrator to execute arbitrary code.

The vulnerability of the Directum Web Agent component of the Directum RX system exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using a specially crafted file...

8.5CVSS6.1AI score
Exploits0Affected Software1
Cvelist
Cvelist
added 7 hours ago4 views

CVE-2026-61451 Grav before 1.0.4 Password Reset Token Poisoning via admin_base_url

The Grav API plugin grav-plugin-api before 1.0.4 does not validate the origin of the client-supplied adminbaseurl field in the POST /api/v1/auth/forgot-password endpoint. The sanitizeHttpUrl function only checks that the URL scheme is http/https and never verifies the host against the server's ow...

9.6CVSS
Exploits0References2
EUVD
EUVD
added 7 hours ago4 views

EUVD-2026-44648

The Grav API plugin grav-plugin-api before 1.0.4 does not validate the origin of the client-supplied adminbaseurl field in the POST /api/v1/auth/forgot-password endpoint. The sanitizeHttpUrl function only checks that the URL scheme is http/https and never verifies the host against the server's ow...

9.6CVSS6.2AI score
Exploits0References2
EUVD
EUVD
added 7 hours ago3 views

EUVD-2026-44643

PraisonAI before 4.6.78 contains a remote code execution vulnerability in JobWorkflowExecutor.execinlinepython due to insufficient AST validation of workflow script steps. Attackers can create malicious YAML workflow files with import os statements followed by os.system calls that bypass sandbox...

7.3CVSS6.6AI score
Exploits0References2
EUVD
EUVD
added 7 hours ago3 views

EUVD-2026-44638

PraisonAI before 4.6.78 exposes the MCP HTTP-stream transport without authentication by default: the CLI --api-key option defaults to None, and the server only enforces Authorization/Bearer checks when an API key is configured. When an operator runs 'praisonai mcp serve --transport http-stream'...

7.3CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added 7 hours ago3 views

CVE-2026-56400 open-webui - Remote Code Execution via CORS Misconfiguration and Session Validation

open-webui before 0.3.14 contains a cross-origin resource sharing misconfiguration allowing arbitrary origins with alloworigins= and authenticated requests to the /api/v1/functions endpoint. Attackers can execute arbitrary code on the openwebui instance by crafting malicious cross-site requests...

9CVSS
Exploits0References2
Cvelist
Cvelist
added 7 hours ago4 views

CVE-2026-56349 n8n - Guardrail Node Bypass via Crafted Input

n8n before version 2.10.0 contains an input validation vulnerability in the Guardrail node that allows attackers to bypass default guardrail instructions. End users can craft malicious inputs to circumvent guardrail protections and compromise workflow integrity...

6.3CVSS
Exploits0References2
EUVD
EUVD
added 7 hours ago3 views

EUVD-2026-44624

n8n before version 2.10.0 contains an input validation vulnerability in the Guardrail node that allows attackers to bypass default guardrail instructions. End users can craft malicious inputs to circumvent guardrail protections and compromise workflow integrity...

6.3CVSS6.1AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 12 hours ago9 views

CVE-2026-14251

A flaw was found in the OpenShift GitOps operator. The ClusterRole reconciler does not validate resource ownership when reconciling ClusterRole objects. A namespace-scoped Argo CD instance can trigger deletion of a ClusterRole owned by a cluster-scoped Argo CD instance by crafting a name collisio...

7.7CVSS6AI score
Exploits0References3
Nuclei
Nuclei
added 14 hours ago36 views

Avid NEXIS Agent - Arbitrary File Read

Avid NEXIS E-series, F-series, PRO+, and System Director Appliance SDA+ before 2025.5.1 contain an unauthenticated arbitrary file read caused by improper validation of the filename parameter, letting unauthenticated attackers read sensitive files, exploit requires no authentication. id:...

8.7CVSS7.1AI score0.01083EPSS
Exploits0References3
Rows per page
Query Builder