Lucene search
K

893 matches found

EUVD
EUVD
added 5 days ago12 views

EUVD-2026-37516

Backpropagate: backprop ui --auth and backprop ui --share do not enforce authentication...

9.3CVSS5.8AI score0.00324EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added last week5 views

CVE-2026-11998 AngularJS XSS via SCE resource URL sanitization bypass

A flaw in AngularJS' Strict Contextual Escaping SCE logic allows bypassing certain SCE policies for resource URLs and can lead to arbitrary JavaScript execution within the context of the victim's browser session. SCE's purpose is to ensure that only trusted or safe values are used in certain...

7.6CVSS6.1AI score0.00338EPSS
Exploits0References2
EUVD
EUVD
added last week6 views

EUVD-2026-39080

A flaw in AngularJS' Strict Contextual Escaping SCE logic allows bypassing certain SCE policies for resource URLs and can lead to arbitrary JavaScript execution within the context of the victim's browser session. SCE's purpose is to ensure that only trusted or safe values are used in certain...

7.6CVSS6.1AI score0.00338EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 5:33 a.m.12 views

CVE-2026-9172

WordPress plugin Devs Accounting – Simple Accounting and Invoicing Solution (versions up to 1.2.0) is vulnerable to unauthorized modification/deletion of data due to a missing capability check in delete_single_account(), with the REST route devs-accounting/v1/delete-account/(?P\d+) registered wit...

5.3CVSS6AI score0.00227EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-52086

Name of the Vulnerable Software and Affected Versions AngularJS versions 1.2.0-rc.3 and later Description A flaw in the Strict Contextual Escaping SCE logic allows the bypass of policies for resource URLs, which can lead to arbitrary JavaScript execution in the victim's browser session. SCE is...

7.6CVSS6AI score0.00338EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/06/23 4:39 p.m.5 views

WordPress Devs Accounting – Simple Accounting and Invoicing Solution plugin <= 1.2.0 - Missing Authorization to Unauthenticated Account Deletion vulnerability

Missing Authorization to Unauthenticated Account Deletion vulnerability discovered by jamaal in WordPress Plugin Devs Accounting – Simple Accounting and Invoicing Solution versions = 1.2.0...

5.3CVSS5.8AI score0.00227EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/23 4:39 p.m.4 views

WordPress Devs Accounting – Simple Accounting and Invoicing Solution plugin <= 1.2.0 - Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability

Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability discovered by jamaal in WordPress Plugin Devs Accounting – Simple Accounting and Invoicing Solution versions = 1.2.0...

5.3CVSS5.8AI score0.00348EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/17 1:20 p.m.7 views

CVE-2026-48797

Backpropagate is a Python library for fine-tuning large language models on a single GPU. In versions 1.1.0 and 1.1.1, the optional Reflex web UI exposes a training control plane without authentication: dataset upload, model load, training start/stop, multi-run orchestration, GGUF export, and...

9.3CVSS0.00324EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.13 views

PT-2026-50132

Name of the Vulnerable Software and Affected Versions Backpropagate versions 1.1.0 through 1.1.1 Description The optional Reflex web UI exposes a training control plane without authentication, despite CLI flags --auth and --share suggesting that security controls are active. The Reflex backend...

9.3CVSS6AI score0.00324EPSS
Exploits0References8
CVE
CVE
added 2026/06/15 8:18 p.m.6 views

CVE-2026-39519

CVE-2026-39519 affects the WordPress plugin GeekyBot (versions &lt;= 1.2.0). The vulnerability is an unauthenticated SQL Injection in GeekyBot

9.3CVSS5.7AI score0.00283EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 7:0 p.m.6 views

Security Bulletin: upload filename directly from the multipart Content-Disposition header without sanitization

Summary Langflow OSS 1.2.0 - 1.8.4 are affected by a critical arbitrary file write vulnerability in the files endpoint due to improper handling of uploaded filenames. The application extracts the filename directly from the multipart Content-Disposition header without sanitization and uses unsafe...

6.5CVSS5.5AI score0.00275EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.9 views

CVE-2026-44716

Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. From version 0.0.90 to before version 1.2.0, a path traversal vulnerability exists in Pipecat's development runner src/pipecat/runner/run.py. When the runner is started with the --folder...

7.5CVSS5.4AI score0.00423EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/10 6:37 a.m.11 views

EUVD-2026-35991

NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in applications as stub resolver over UDP, lacks matching the query destination address and port with the response source address and port. Furthermore not the query ID, neither the question of the query is matched with that of t...

8.2CVSS5.4AI score0.00147EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 12:16 a.m.14 views

CVE-2026-44716

Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. From version 0.0.90 to before version 1.2.0, a path traversal vulnerability exists in Pipecat's development runner src/pipecat/runner/run.py. When the runner is started with the --folder...

7.5CVSS0.00423EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/06/09 11:7 p.m.35 views

CVE-2026-44716 Pipecat: Path Traversal in Pipecat Runner `/files` Endpoint — Arbitrary File Read via `%2F`-Encoded Separator

Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. From version 0.0.90 to before version 1.2.0, a path traversal vulnerability exists in Pipecat's development runner src/pipecat/runner/run.py. When the runner is started with the --folder...

7.5CVSS0.00423EPSS
Exploits1References4
EUVD
EUVD
added 2026/06/09 11:7 p.m.13 views

EUVD-2026-35875

Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. From version 0.0.90 to before version 1.2.0, a path traversal vulnerability exists in Pipecat's development runner src/pipecat/runner/run.py. When the runner is started with the --folder...

7.5CVSS5.4AI score0.00423EPSS
Exploits1References4
NVD
NVD
added 2026/06/06 4:17 a.m.10 views

CVE-2026-8978

The OptinCraft – Drag & Drop Optins & Popup Builder for WordPress plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

4.9CVSS0.00259EPSS
Exploits0References5
CVE
CVE
added 2026/06/06 2:28 a.m.18 views

CVE-2026-8978

The CVE covers OptinCraft

4.9CVSS5.7AI score0.00259EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.8 views

CVE-2026-34233

CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, multiple admin controllers expose DataTable endpoints without authorization checks, allowing any authenticated user to access sensitive administrative data that should be restricted to administrators onl...

6.5CVSS5.5AI score0.0028EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.9 views

CVE-2026-34241

CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting XSS vulnerability in the ticket reply notification system. Unsanitized reply content $newmessage is stored directly in database notification payloads and later rendered...

8.7CVSS5.7AI score0.00349EPSS
Exploits0References1
Rows per page
Query Builder