Lucene search
+L

1780 matches found

nuclei
nuclei
added yesterday32 views

XiongMai uc-httpd 1.0.0 - Buffer Overflow

Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and attack vectors, a different vulnerability than CVE-2017-16725. id: CVE-2018-10088 info: name: XiongMai uc-httpd 1.0.0 - Buffer Overflow author: 0xAkoko severity: critical description: | Buffer overflow in XiongMai uc-httpd 1.0....

10CVSS7.1AI score0.40386EPSS
Exploits8References4
cve
cve
added last week9 views

CVE-2026-40005

CVE-2026-40005 is a path traversal vulnerability in Apache IoTDB. The issue arises from improper limitation of a pathname to a restricted directory, allowing an attacker to write arbitrary files anywhere the IoTDB process has write permissions via an unsafe API. Affected versions are IoTDB 1.0.0 ...

9.1CVSS6.2AI score0.00349EPSS
Exploits0References2
nvd
nvd
added 2026/07/07 6:16 a.m.12 views

CVE-2026-57867

MicroRealEstate allows adversaries to bypass authentication due to a lack of token state management. This would permit adversaries targeting MicroRealEstate deployments to brute-force One-Time Passwords OTP to log in as any user. This issue affects MicroRealEstate: through 1.0.0-alpha3...

8.8CVSS0.00342EPSS
Exploits0References2
nvd
nvd
added 2026/07/07 6:16 a.m.10 views

CVE-2026-57870

Broken object-level access control on the Template API in MicroRealEstate allows attackers to retrieve document templates used by other organizations without authorization. This issue affects MicroRealEstate: through 1.0.0-alpha3...

5.3CVSS0.00215EPSS
Exploits0References2
cve
cve
added 2026/07/07 5:34 a.m.15 views

CVE-2026-57871

CVE-2026-57871 describes a relative path traversal vulnerability in MicroRealEstate’s file upload functionality that could potentially overwrite system files. Affected software: MicroRealEstate up to version 1.0.0-alpha3 . Root cause: relative path traversal in the file upload process. Impact: po...

7.1CVSS6AI score0.00361EPSS
Exploits0References2
euvd
euvd
added 2026/07/07 5:34 a.m.17 views

EUVD-2026-42008

Relative path traversal vulnerability in MicroRealEstate file upload functionality allows attackers to potentially overwrite system files. This issue affects MicroRealEstate: through 1.0.0-alpha3...

7.1CVSS6AI score0.00361EPSS
Exploits0References2
cvelist
cvelist
added 2026/07/07 5:24 a.m.30 views

CVE-2026-57869

Broken object-level access controls and the use of a deterministic pattern during random ID generation in MicroRealEstate allows attackers to access documents uploaded by landlords or tenants without authorization. This issue affects MicroRealEstate: through 1.0.0-alpha3...

7.1CVSS0.00215EPSS
Exploits0References2
euvd
euvd
added 2026/07/07 5:18 a.m.6 views

EUVD-2026-42004

MicroRealEstate is affected by broken object-level access controls in PDF generator functionality. This issue affects MicroRealEstate: through 1.0.0-alpha3...

7.1CVSS5.9AI score0.00215EPSS
Exploits0References2
euvd
euvd
added 2026/07/07 5:11 a.m.7 views

EUVD-2026-42003

MicroRealEstate allows adversaries to bypass authentication due to a lack of token state management. This would permit adversaries targeting MicroRealEstate deployments to brute-force One-Time Passwords OTP to log in as any user. This issue affects MicroRealEstate: through 1.0.0-alpha3...

8.8CVSS6AI score0.00342EPSS
Exploits0References2
ossf
ossf
added 2026/07/05 3:29 p.m.13 views

Malicious code in wsh4-nmp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f4958e0d564fad3efe079f48b02579eb052190951bc2ce2bf3d8bc067575c36 package.json declares scripts.postinstall = 'node index.js'. On install, index.js unconditionally POSTs installer-identifying data — the absolute...

5.8AI score
Exploits0References2
ptsecurity
ptsecurity
added 2026/07/03 12:0 a.m.17 views

PT-2026-55525

Name of the Vulnerable Software and Affected Versions Kong Konnect MCP server versions prior to 1.0.0 Description An issue exists where the server fails to properly validate content returned to the Large Language Model LLM. This allows a remote attacker to perform an indirect prompt injection by...

7.4CVSS6.1AI score0.00258EPSS
Exploits0References7
nvd
nvd
added 2026/07/02 12:17 p.m.10 views

CVE-2026-57748

Contributor Local File Inclusion in Shopify = 1.0.0 versions...

7.5CVSS0.00284EPSS
Exploits0References1
nvd
nvd
added 2026/06/30 8:17 p.m.6 views

CVE-2026-7803

IBM Langflow OSS 1.0.0 through 1.10.0 could allow arbitrary code execution due to improper validation of flow nodes with missing or empty component type fields...

9.8CVSS0.00357EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/30 7:14 p.m.49 views

CVE-2026-7871 Insecure Deserialization in Redis Cache Backend

IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full application privileges, compromising all secrets, data, and system integrity...

9.8CVSS0.00386EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/30 7:11 p.m.46 views

CVE-2026-7874 Weak Cryptographic Key Derivation Exposed All Stored Credentials

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due to the use of a weak and reversible key derivation mechanism for encryption at rest...

9.1CVSS0.00164EPSS
Exploits0References1
osv
osv
added 2026/06/30 1:36 p.m.5 views

CVE-2025-53648 Apache Gravitino: SQL misconfiguration can access or truncate files

SQL misconfiguration in the Gravitino UI, in versions 1.0.0 and below, can allow a malicious user to read or truncate files. Users are recommended to upgrade to version 1.0.0, which fixes this issue...

5.4CVSS5.9AI score0.00348EPSS
Exploits0References5
fedora
fedora
added 2026/06/27 1:12 a.m.7 views

[SECURITY] Fedora 44 Update: nginx-mod-brotli-1.0.0~rc-11.fc44

NGINX module for Brotli compression...

9.2CVSS7AI score0.03552EPSS
Exploits4
nvd
nvd
added 2026/06/26 8:17 p.m.9 views

CVE-2026-55189

RustFS is a distributed object storage system built in Rust. From 1.0.0-alpha.1 until 1.0.0-beta.9, when the FTP frontend is enabled, the FTP read and probe handlers dispatch directly to the storage backend without ever calling the IAM authorization function that the FTP write/list handlers and t...

7.7CVSS0.00201EPSS
Exploits0References1
euvd
euvd
added 2026/06/26 3:32 p.m.8 views

EUVD-2025-210350

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.6, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.6 and 2.0.7, which fixes the issue...

9.1CVSS5.7AI score0.00382EPSS
Exploits0References3
ossf
ossf
added 2026/06/26 9:6 a.m.13 views

Malicious code in dtxtools (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de085e4b6d38025a5a0b959b19b1022deaa7525b427e66679b58b6892328297a package.json declares a postinstall lifecycle script that auto-executes on npm install. The hook performs a recursive filesystem search for database...

5.9AI score
Exploits0References2
Rows per page
Query Builder