Lucene search
K

246 matches found

Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-57960 Hi.Events 1.9.0 - Unauthenticated Attendee PII Exposure via Check-in List short_id

Hi.Events through 1.9.0 public check-in list endpoints use shortid as sole access control, allowing unauthenticated access to retrieve full attendee lists including emails and personal information. Attackers with knowledge of the shortid can call GET /api/public/check-in-lists/shortid/attendees t...

8.3CVSS0.00339EPSS
Exploits0References3
CVE
CVE
added 4 days ago10 views

CVE-2026-57960

Hi.Events

8.3CVSS5.8AI score0.00339EPSS
Exploits0References3
Cvelist
Cvelist
added last week29 views

CVE-2026-56026 WordPress utm.codes plugin <= 1.9.0 - Server Side Request Forgery (SSRF) vulnerability

Subscriber Server Side Request Forgery SSRF in utm.codes = 1.9.0 versions...

6.4CVSS0.0022EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 4:29 p.m.17 views

CVE-2026-42867

CVE-2026-42867 – Langflow exposed path traversal via the Knowledge Bases API (POST /api/v1/knowledge_bases). The root cause is that user-supplied base names are concatenated into file paths without proper containment checks, allowing an authenticated attacker to create directories and write files...

6.5CVSS5.9AI score0.00313EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/06/10 6:37 a.m.12 views

EUVD-2026-35991

NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in applications as stub resolver over UDP, lacks matching the query destination address and port with the response source address and port. Furthermore not the query ID, neither the question of the query is matched with that of t...

8.2CVSS5.4AI score0.00147EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 2:15 p.m.12 views

EUVD-2026-33940

Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client HTTP/2 CONTINUATION flood. When Mint's HTTP/2 receive path observes a HEADERS frame without the ENDHEADERS flag, the unparsed...

8.2CVSS5.9AI score0.00384EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/02 1:59 p.m.34 views

CVE-2026-28116 WordPress Progress Planner plugin <= 1.9.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Emilia Projects Progress Planner allows Stored XSS. This issue affects Progress Planner: from n/a through 1.9.0...

5.9CVSS0.00136EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/02 1:59 p.m.8 views

CVE-2026-28116 WordPress Progress Planner plugin <= 1.9.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Emilia Projects Progress Planner allows Stored XSS. This issue affects Progress Planner: from n/a through 1.9.0...

5.9CVSS5.8AI score0.00136EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 1:59 p.m.9 views

EUVD-2026-33929

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Emilia Projects Progress Planner allows Stored XSS. This issue affects Progress Planner: from n/a through 1.9.0...

5.9CVSS5.8AI score0.00136EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.5 views

WordPress plugin Progress Planner 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.9CVSS5.1AI score0.00136EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 1:16 p.m.10 views

CVE-2026-7528 Unauthenticated File Upload Vulnerability Allows Disk Space Exhaustion and Path Disclosure in Langflow OSS

IBM Langflow OSS 1.0.0 through 1.9.0 could allow a denial of service due to uncontrolled resource consumption...

7.1CVSS5.8AI score0.00215EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.20 views

PT-2026-43985

Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.9.0 Description Uncontrolled resource consumption may lead to a denial of service, a condition where a system becomes unavailable to its intended users. Recommendations At the moment, there is no...

7.5CVSS5.8AI score0.00215EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux - уязвимость в python-py

A denial of service attack via regular expressions in the py.path.svnwc component of py also known as python-py in versions up to 1.9.0 could be exploited by attackers to trigger a compute-time denial of service attack by providing malicious input to the blame functionality...

7.5CVSS6.8AI score0.04607EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/14 7:58 p.m.7 views

CVE-2026-44304

Lemur manages TLS certificate creation. Prior to 1.9.0, Lemur's LDAP authentication module lemur/auth/ldap.py constructs LDAP search filters using unsanitized user input via Python string interpolation. An authenticated LDAP user can inject LDAP filter metacharacters through the username field to...

8.1CVSS5.8AI score0.00179EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 10:16 p.m.24 views

CVE-2026-44304

Lemur manages TLS certificate creation. Prior to 1.9.0, Lemur's LDAP authentication module lemur/auth/ldap.py constructs LDAP search filters using unsanitized user input via Python string interpolation. An authenticated LDAP user can inject LDAP filter metacharacters through the username field to...

8.1CVSS0.00179EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 9:28 p.m.16 views

CVE-2026-44305

Lemur manages TLS certificate creation. Prior to 1.9.0, when LDAP TLS is enabled LDAPUSETLS = True, Lemur's LDAP authentication module unconditionally disables TLS certificate verification at the global ldap module level. This allows a man-in-the-middle attacker positioned between Lemur and the...

6.8CVSS5.8AI score0.00094EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/12 9:27 p.m.6 views

CVE-2026-44304 Lemur: LDAP Filter Injection enables post-authentication privilege escalation

Lemur manages TLS certificate creation. Prior to 1.9.0, Lemur's LDAP authentication module lemur/auth/ldap.py constructs LDAP search filters using unsanitized user input via Python string interpolation. An authenticated LDAP user can inject LDAP filter metacharacters through the username field to...

8.1CVSS5.8AI score0.00179EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 9:27 p.m.18 views

CVE-2026-44304

Summary: Lemur’s LDAP authentication module (lemur/auth/ldap.py) constructs LDAP filters using unsanitized username input, enabling a post-authentication LDAP filter injection that can modify group membership queries and escalate privileges to administrator. This affects Lemur prior to version 1....

8.1CVSS5.8AI score0.00179EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 9:27 p.m.41 views

CVE-2026-44304 Lemur: LDAP Filter Injection enables post-authentication privilege escalation

Lemur manages TLS certificate creation. Prior to 1.9.0, Lemur's LDAP authentication module lemur/auth/ldap.py constructs LDAP search filters using unsanitized user input via Python string interpolation. An authenticated LDAP user can inject LDAP filter metacharacters through the username field to...

8.1CVSS0.00179EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 6:17 p.m.22 views

CVE-2026-42048

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow is vulnerable to Path Traversal in the Knowledge Bases API DELETE /api/v1/knowledgebases. This occurs because user-supplied knowledge base names are concatenated directly into file paths withou...

9.6CVSS0.04417EPSS
Exploits1References1
Rows per page
Query Builder