Lucene search
K

759 matches found

Nuclei
Nuclei
•added 14 hours ago•10 views

OpenMetaData - SpEL Injection in PUT /api/v1/policies

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. CompiledRule::validateExpression is also called from PolicyRepository.prepare. prepare is called from...

9.4CVSS7.4AI score0.12527EPSS
Exploits0References5
Cvelist
Cvelist
•added 2026/06/22 4:46 p.m.•31 views

CVE-2026-54283 Starlette: request.form() limits silently ignored for application/x-www-form-urlencoded enable DoS

Starlette is a lightweight ASGI framework/toolkit. From 0.4.1 until 1.3.1, request.form accepts maxfields and maxpartsize to bound resource consumption while parsing form data. These limits are enforced for multipart/form-data, but silently ignored for application/x-www-form-urlencoded. An...

7.5CVSS0.00275EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
•added 2026/06/22 4:46 p.m.•4 views

CVE-2026-54283

Starlette is a lightweight ASGI framework/toolkit. From 0.4.1 until 1.3.1, request.form accepts maxfields and maxpartsize to bound resource consumption while parsing form data. These limits are enforced for multipart/form-data, but silently ignored for application/x-www-form-urlencoded. An...

7.5CVSS5.9AI score0.00275EPSS
Exploits0References2Affected Software1
NVD
NVD
•added 2026/06/17 2:17 p.m.•8 views

CVE-2025-69175

Unauthenticated Local File Inclusion in Line Agency = 1.3.1 versions...

8.1CVSS0.00348EPSS
Exploits0References1
CVE
CVE
•added 2026/06/16 8:57 p.m.•9 views

CVE-2026-39580

The CVE-2026-39580 entry covers an Unauthenticated PHP Object Injection in the WordPress theme Micdrop versions up to 1.3.1 . The affected component is the Micdrop WordPress theme; the root cause is a PHP Object Injection vulnerability in versions

8.1CVSS5.3AI score0.0025EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/16 12:0 a.m.•10 views

PT-2026-50108

Unauthenticated PHP Object Injection in Micdrop = 1.3.1 versions...

8.1CVSS5.4AI score0.0025EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/15 8:39 p.m.•11 views

Allocation of Resources Without Limits or Throttling

Overview starlette is a The little ASGI library that shines. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the request.form. An attacker can exhaust system resources and disrupt service availability by submitting a specially crafted...

8.7CVSS5.9AI score0.00275EPSS
Exploits0References2
Patchstack
Patchstack
•added 2026/06/15 8:13 p.m.•4 views

NPM: protobufjs-cli: Code injection in pbjs static output from crafted JSON descriptor names

NPM: protobufjs-cli: Code injection in pbjs static output from crafted JSON descriptor names vulnerability discovered by ? in WordPress Npm protobufjs-cli versions = 1.3.1...

8.2CVSS5.8AI score0.00228EPSS
Exploits0References2Affected Software1
CVE
CVE
•added 2026/06/10 3:42 p.m.•25 views

CVE-2026-46558

Plane is an open-source project management tool. The CVE-2026-46558 issue exists in versions prior to 1.3.1 and is a cross-workspace asset authorization bypass that allowed any authenticated user to read, copy, delete, and overwrite assets in other Plane workspaces. This indicates a loss of acces...

8.3CVSS5.4AI score0.0028EPSS
Exploits3References2Affected Software1
EUVD
EUVD
•added 2026/06/10 3:42 p.m.•12 views

EUVD-2026-36066

Plane is an open-source project management tool. Prior to version 1.3.1, there is a cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in other Plane workspaces. This issue has been patched in version 1.3.1...

8.3CVSS5.4AI score0.0028EPSS
Exploits3References2
Cvelist
Cvelist
•added 2026/06/10 3:42 p.m.•32 views

CVE-2026-46558 Plane: Cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in other Plane workspaces

Plane is an open-source project management tool. Prior to version 1.3.1, there is a cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in other Plane workspaces. This issue has been patched in version 1.3.1...

8.3CVSS0.0028EPSS
Exploits3References2
Vulnrichment
Vulnrichment
•added 2026/06/10 3:42 p.m.•8 views

CVE-2026-46558 Plane: Cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in other Plane workspaces

Plane is an open-source project management tool. Prior to version 1.3.1, there is a cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in other Plane workspaces. This issue has been patched in version 1.3.1...

8.3CVSS5.4AI score0.0028EPSS
Exploits3References2
Positive Technologies
Positive Technologies
•added 2026/06/10 12:0 a.m.•16 views

PT-2026-48461

🚨 CVE-2026-46558 Plane is an open-source project management tool. Prior to version 1.3.1, there is a cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in other Plane workspaces. This issue has been patched in version 1.3.1. šŸŽ–@cveNotify...

8.3CVSS5.2AI score0.0028EPSS
Exploits3References4
Packet Storm
Packet Storm
•added 2026/06/09 12:0 a.m.•69 views

šŸ“„ Quick Playground for WordPress 1.3.1 Shell Upload

Proof of concept remote shell upload exploit for Quick Playground for WordPress plugin versions 1.3.1 and below. ================================================================================================================================== | Title : Quick Playground for WordPress 1.3.1 —...

9.8CVSS5.5AI score0.03092EPSS
Exploits3
RedhatCVE
RedhatCVE
•added 2026/06/05 7:27 p.m.•8 views

CVE-2026-40102

Plane is an open-source project management tool. In versions 1.3.0 and below, SavedAnalyticEndpoint passes the user-controlled segment query parameter directly to a Django F expression without validation unlike the regular AnalyticsEndpoint, which checks against an allowlist, causing ORM Field...

6.5CVSS5.4AI score0.00295EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/05 7:12 p.m.•9 views

CVE-2026-39555

Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection. This issue affects Askka: from n/a through 1.3.1...

8.1CVSS5.4AI score0.00255EPSS
Exploits0References1
Fedora
Fedora
•added 2026/06/05 4:27 a.m.•19 views

[SECURITY] Fedora 44 Update: rust-sequoia-sq-1.3.1-12.fc44

Command-line frontends for Sequoia...

5.8AI score
Exploits0
Cvelist
Cvelist
•added 2026/06/04 12:0 a.m.•38 views

CVE-2026-38570

bacnetstack 1.3.1 contains an Out-of-bounds Read in bacnettagnumberdecode which allows attackers to cause a denial of service...

0.00278EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/04 12:0 a.m.•9 views

EUVD-2026-34310

bacnetstack 1.3.1 contains an Out-of-bounds Read in bacnettagnumberdecode which allows attackers to cause a denial of service...

5.8AI score0.00278EPSS
Exploits0References2
CNNVD
CNNVD
•added 2026/06/04 12:0 a.m.•8 views

BACnet Stack å®‰å…Øę¼ę“ž

BACnet Stack is an open-source protocol stack for BACnet, suitable for embedded systems, Linux, MacOS, BSD, and Windows. Version 1.3.1 of BACnet Stack contains a security vulnerability; this vulnerability stems from an out-of-bound read operation in bacnettagnumberdecode, which may lead to...

7.5CVSS5.3AI score0.00278EPSS
Exploits0References2
Rows per page
Query Builder