Lucene search
K

530 matches found

Cvelist
Cvelist
added 2026/06/28 9:45 p.m.32 views

CVE-2026-13508 khoj-ai khoj Conversation Sharing api_chat.py authorization

A flaw has been found in khoj-ai khoj up to 2.0.0-beta.28. This impacts an unknown function of the file src/khoj/routers/apichat.py of the component Conversation Sharing Handler. This manipulation of the argument conversation.agent causes incorrect authorization. Remote exploitation of the attack...

6.5CVSS0.00165EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.17 views

PT-2026-51020

Name of the Vulnerable Software and Affected Versions Mercator versions prior to 2025.05.19 Description The Query Engine allows authenticated users to execute queries via a JSON DSL Domain Specific Language, which is a specialized language used to define data queries. The controller method...

7.1CVSS5.9AI score0.00281EPSS
Exploits0References7
Oracle linux
Oracle linux
added 2026/06/18 12:0 a.m.7 views

openssl security update

1:1.1.1k-16 - Fix CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7verify Resolves: RHEL-180978 - Fix CVE-2024-4741: Use After Free with SSLfreebuffers Resolves: RHEL-180983 1:1.1.1k-15 - Fix CVE-2025-69419: Arbitrary code execution due to out-of-bounds write in PKCS12 processing...

8.8CVSS5.8AI score0.05582EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.22 views

PT-2026-45802

NamelessMC is website software for Minecraft servers. In version 2.2.4,core/classes/Misc/ProfilePostReactionContext.php only verifies that the wall post exists and does not enforce blocked/private-profile visibility. modules/Core/queries/reactions.php allows unauthenticated GET requests for...

6.9CVSS5.8AI score0.00272EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Golang 1.19, Golang 1.23

The matching of hosts against proxy patterns may improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to “.example.com”, a request to “::1%25.example.com:80” will be incorrectly matched and not be proxied...

4.4CVSS6.7AI score0.00384EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2026/05/11 4:50 p.m.10 views

CVE-2026-34094 Customized help link for page protection indicator is relative to subpage name, because the link target is missing the "/wiki/" prefix

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Page/Article.Php. This issue affects MediaWiki: from before 1.43.7, 1.44.4, 1.45.2...

2CVSS5.8AI score0.0017EPSS
Exploits0References1
CVE
CVE
added 2026/04/23 12:0 a.m.16 views

CVE-2026-31171

CVE-2026-31171 affects ToToLink A3300R firmware v17.0.0cu.557_B20221024. The issue allows an attacker to execute arbitrary commands via the url parameter to /cgi-bin/cstecgi.cgi, as described in multiple sources (EUVD/NVD/CVE listings). The root cause and exact vulnerable component are described ...

6.5CVSS6.1AI score0.00279EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/05 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-31933

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, specially crafted traffic can cause Suricata to slow down, affecting...

7.5CVSS7AI score0.00351EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/03 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-20915

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stored cross-site scripting XSS in Checkmk version 2.5.0 beta before 2.5.0b2 allows authenticated users with permission to create pending changes to inject...

8.5CVSS5.9AI score0.00147EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/25 4:14 p.m.29 views

CVE-2026-22510 WordPress Melody theme <= 1.6.3 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in AncoraThemes Melody melodyschool allows Object Injection.This issue affects Melody: from n/a through = 1.6.3...

8.1CVSS0.00395EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/22 12:0 a.m.8 views

PT-2026-26962

Name of the Vulnerable Software and Affected Versions SOGo versions prior to 5.12.5 Description SOGo does not properly renew One-Time Passwords OTPs when a user disables and re-enables them. Additionally, the generated OTPs have a length of only 12 digits, which is shorter than the recommended 20...

2.6CVSS6AI score0.00135EPSS
Exploits0References23
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.12 views

Quill 安全漏洞

Quill is an open-source application developed by Quill. It provides an application editor function. Versions of Quill prior to 0.7.1 contained security vulnerabilities. These vulnerabilities stemmed from unlimited memory allocation during the parsing of Mach-O binary files, which could lead to...

5.5CVSS7.3AI score0.001EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/27 9:40 p.m.5 views

EUVD-2026-9075

Gradio is an open-source Python package designed for quick prototyping. Starting in version 4.16.0 and prior to version 6.6.0, Gradio applications running outside of Hugging Face Spaces automatically enable "mocked" OAuth routes when OAuth components e.g. gr.LoginButton are used. When a user visi...

6AI score0.00453EPSS
Exploits1References1
OSV
OSV
added 2026/02/17 9:31 p.m.4 views

GHSA-FPJ8-GQ4V-P354 Apache Tomcat - Client certificate verification bypass

Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Older EOL...

9.1CVSS6AI score0.00235EPSS
Exploits0References12
Vulnrichment
Vulnrichment
added 2026/01/26 5:39 p.m.3 views

CVE-2026-24430 Tenda W30E V2 HTTP Responses Expose Plaintext Credentials

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 disclose sensitive account credentials in cleartext within HTTP responses generated by the maintenance interface. Because the management interface is accessible over unencrypted HTTP by default, credentials may be expose...

8.2CVSS5.7AI score0.00235EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/20 12:0 a.m.3 views

CVE-2025-56005

An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile parameter in the yacc function. This parameter accepts a .pkl file that is deserialized with pickle.load without validation. Because pickle allows execution of embedded...

9.8CVSS9.2AI score0.16903EPSS
Exploits3References5
OSV
OSV
added 2026/01/15 10:14 a.m.7 views

USN-7916-2 python-apt regression

USN-7916-1 fixed a vulnerability in python-apt. The update had a PEP 440 incompatible version. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Julian Andres Klode discovered that python-apt incorrectly handled deb822 configuration files. An attacker...

6.9CVSS5.8AI score0.00127EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/01/09 12:28 p.m.11 views

CVE-2018-21000

An issue was discovered in the safe-transmute crate before 0.10.1 for Rust. A constructor's arguments are in the wrong order, causing heap memory corruption...

9.8CVSS6.8AI score0.02032EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:14 a.m.8 views

CVE-2016-10889

The nextgen-gallery plugin before 2.1.57 for WordPress has SQL injection via a gallery name...

9.8CVSS8.1AI score0.01815EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:11 a.m.7 views

CVE-2016-10790

cPanel before 60.0.25 does not use TLS for HTTP POSTs to listinput.cpanel.net SEC-192...

7.5CVSS7AI score0.01111EPSS
Exploits0References1
Rows per page
Query Builder