Lucene search
K

548 matches found

CVE
CVE
added 3 days ago11 views

CVE-2026-57763

CVE-2026-57763 affects the WordPress Structured Content plugin (versions ≤ 1.7.0). The description notes a Contributor Cross Site Scripting (XSS) vulnerability; the provided documents do not specify the exact root cause, impacted file(s), or remediation steps.

6.5CVSS5.8AI score0.00139EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 5:17 p.m.10 views

CVE-2026-55423

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.7.0, the logout button does not clear the session. The previous user stays logged in unless another user explicitly logs in. This vulnerability is fixed in 1.7.0...

6.1CVSS0.00152EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/23 4:27 p.m.37 views

CVE-2026-55423 Langflow: Logout button does not clear session

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.7.0, the logout button does not clear the session. The previous user stays logged in unless another user explicitly logs in. This vulnerability is fixed in 1.7.0...

6.1CVSS0.00152EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/06/19 9:17 p.m.9 views

Langflow: Logout button does not clear session

Summary The logout button does not clear the session. The previous user stays logged in unless another user explicitly logs in. Details Not in auto login mode. Hosted on localhost. accesstokenlf remains present in both Local Storage and Cookies. refreshtokenlf remains present in Cookies. Root...

6.1CVSS5.9AI score0.00152EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/06/19 2:16 p.m.28 views

CVE-2016-20089 Iperius Remote 1.7.0 Unquoted Service Path Elevation of Privilege

Iperius Remote 1.7.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation path. When installed from directories containing spaces, attackers can place malicious executables in the path to be...

8.5CVSS0.00122EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/19 2:16 p.m.6 views

EUVD-2016-10902

Iperius Remote 1.7.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation path. When installed from directories containing spaces, attackers can place malicious executables in the path to be...

8.5CVSS6.2AI score0.00122EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in hunspell

Hunspell 1.7.0 has an invalid read operation in SuggestMgr::left CommonsSubstring in suggestmgr.cxx...

6.5CVSS5.7AI score0.01656EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.13 views

PT-2026-51100

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.7.0 Description The logout button fails to clear the user session, allowing a previous user to remain logged in unless another user explicitly authenticates. This occurs because the '/logout' endpoint deletes...

6.1CVSS5.9AI score0.00152EPSS
Exploits1References10
ATTACKERKB
ATTACKERKB
added 2026/06/18 9:19 p.m.8 views

CVE-2026-8668

A static credential embedded in Chef 360 prior to v1.7.0 permitted unauthenticated access to internal message queues. Queue messages contained tenant-specific identifiers. The credential has been rotated and replaced with per-tenant access in subsequent versions, eliminating this access method...

5.1CVSS5.2AI score0.0017EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/16 8:57 p.m.22 views

CVE-2026-39446 WordPress Kapee theme < 1.7.0 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Kapee 1.7.0 versions...

8.1CVSS0.00308EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 8:17 p.m.11 views

CVE-2026-46683

Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.0, there is a SSRF and local file read vulnerability via the xsl-style-sheet option. This issue has been patched in version 1.7.0...

6.9CVSS0.00249EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/10 7:53 p.m.7 views

CVE-2026-46683 Snappy: SSRF and local file read via the xsl-style-sheet option

Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.0, there is a SSRF and local file read vulnerability via the xsl-style-sheet option. This issue has been patched in version 1.7.0...

6.9CVSS5.3AI score0.00249EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/10 7:53 p.m.28 views

CVE-2026-46683 Snappy: SSRF and local file read via the xsl-style-sheet option

Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.0, there is a SSRF and local file read vulnerability via the xsl-style-sheet option. This issue has been patched in version 1.7.0...

6.9CVSS0.00249EPSS
Exploits0References2
NVD
NVD
added 2026/06/10 4:17 p.m.10 views

CVE-2026-46497

Crawlee is a web scraping and browser automation library. From version 1.0.0 to before version 1.7.0, Crawlee is vulnerable to SSRF via sitemap-derived URLs. This issue has been patched in version 1.7.0...

2.3CVSS0.00286EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/10 3:51 p.m.9 views

EUVD-2026-36067

Crawlee is a web scraping and browser automation library. From version 1.0.0 to before version 1.7.0, Crawlee is vulnerable to SSRF via sitemap-derived URLs. This issue has been patched in version 1.7.0...

2.3CVSS5.4AI score0.00286EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/06/08 5:52 p.m.7 views

apheris-auth (=0.23.0), apheris-cli (>=0.51.0 <=0.52.0) +1 more potentially affected by CVE-2026-41479 via authlib (=1.7.0)

authlib PYPI version =1.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on authlib and may be impacted: - apheris-auth =0.23.0 - apheris-cli =0.51.0, =1.3.0, =1.3.0b4 Source cves: CVE-2026-41479 Source advisory: OSV:GHSA-W8P2-R796-3VMQ...

5.4CVSS5.5AI score0.0016EPSS
Exploits1
EUVD
EUVD
added 2026/06/08 2:1 p.m.11 views

EUVD-2026-35071

QloApps through 1.7.0 contains a stored cross-site scripting vulnerability in the admin file manager that allows authenticated administrators to inject malicious JavaScript by uploading crafted SVG files. Attackers can embed JavaScript event handlers such as onload within SVG files uploaded throu...

4.8CVSS5.5AI score0.0023EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.10 views

QloApps 跨站脚本漏洞

QloApps is an open-source hotel management and reservation system developed by QloApps. Versions of QloApps 1.7.0 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from a storage-based cross-site scripting vulnerability in the administrator’s file manager. It...

4.8CVSS5.3AI score0.0023EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 6:43 p.m.11 views

CVE-2026-45745

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Starting in version 1.7.0, Termix Desktop Electron disables TLS certificate validation, allowing a machine-in-the-middle attacker to intercept and modify HTTPS traffic to the configured...

8CVSS5.5AI score0.00168EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.8 views

CVE-2026-43889

Outline is a service that allows for collaborative documentation. Prior to 1.7.0, the shares.create API accepts both collectionId and documentId simultaneously and, when published=false, only verifies read access for each—skipping the "share" permission check. A subsequent shares.update authorize...

6.5CVSS5.6AI score0.00211EPSS
Exploits0References1
Rows per page
Query Builder