Lucene search
K

147 matches found

EUVD
EUVD
added 2026/07/02 11:15 a.m.8 views

EUVD-2026-41296

Contributor SQL Injection in Custom Field Template = 2.7.8 versions...

8.5CVSS5.8AI score0.0022EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 10:16 p.m.6 views

CVE-2026-54704

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.28.0, the JDBC auto-instrumentation may fail to sanitize passwords in SQL CONNECT statements when the password is double-quoted. As a result, clear-text...

6.5CVSS0.00224EPSS
Exploits0References1
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-515 Ray Path Traversal vulnerability

LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers response can be found here:...

9.3CVSS7AI score0.81512EPSS
Exploits22References7
CVE
CVE
added 2026/06/23 5:18 p.m.11 views

CVE-2026-49411

Summary (technical, grounded): CVE-2026-49411 affects Deno’s Node.js compatibility TCP path. Prior to v2.8.0, permission checks for deny-net were performed on the original hostname string before DNS resolution and not re-checked after resolution. This allowed a numeric IP alias (for example 21307...

6.5CVSS5.8AI score0.00111EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.12 views

TencentOS Server 4: storm (TSSA-2026:0414)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0414 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

6.5CVSS5.5AI score0.00286EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/04 4:20 a.m.10 views

CVE-2026-50219

libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLGetBuffer, XMLParse, XMLParseBuffer, XMLParserFree, or XMLParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,...

4.9CVSS5.8AI score0.00218EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 6:3 p.m.12 views

EUVD-2026-33410

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Multiple Filament actions on the admin Order detail and Order shipments table were callable by an authenticated low-privilege user without the permission required to mutate orders. The order detail actions cancel, mark paid, mark...

8.1CVSS5.8AI score0.00258EPSS
Exploits0References2
OSV
OSV
added 2026/05/29 1:35 p.m.10 views

OESA-2026-2500 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via...

7.5CVSS5.7AI score0.00428EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/22 7:50 a.m.8 views

CVE-2026-7636 Slider by Soliloquy <= 2.8.1 - Authenticated (Subscriber+) Information Disclosure via REST API Endpoint

The Slider by Soliloquy – Responsive Image Slider for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.1 via the mapmetacap. This makes it possible for authenticated attackers, with subscriber-level access and above, to extra...

4.3CVSS5.8AI score0.00236EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/22 7:50 a.m.12 views

EUVD-2026-31416

The Slider by Soliloquy – Responsive Image Slider for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.1 via the mapmetacap. This makes it possible for authenticated attackers, with subscriber-level access and above, to extra...

4.3CVSS5.8AI score0.00236EPSS
Exploits0References8
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Ansible

A flaw was discovered in Ansible Engine when using Ansible Vault to edit encrypted files. When a user executes “ansible-vault edit”, another user on the same computer can read the old and new secrets. This occurs because the secrets are created in a temporary file using mkstemp, and after the fil...

4.7CVSS6.6AI score0.00374EPSS
Exploits0References2
CVE
CVE
added 2026/05/19 11:17 p.m.18 views

CVE-2026-34970

Summary: CVE-2026-34970 affects MantisBT, where versions 2.28.1 and earlier allow a bugnote author to view the Revisions page of a private issue after losing access to that issue. This undermines confidentiality by exposing private issue metadata on the Revisions page. Root cause (as described): ...

5.3CVSS5.7AI score0.00372EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/14 7:47 p.m.18 views

Important: Red Hat Security Advisory: multicluster engine for Kubernetes v2.8.6 security update

The multicluster engine for Kubernetes 2.8 General Availability release images, which add new features and enhancements, bug fixes, and updated container images. The multicluster engine for Kubernetes v2.8 images The multicluster engine for Kubernetes provides the foundational components that are...

10CVSS6AI score0.01815EPSS
Exploits12References10
Patchstack
Patchstack
added 2026/05/01 9:14 a.m.8 views

WordPress XT Floating Cart for WooCommerce plugin <= 2.8.4 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin XT Floating Cart for WooCommerce versions = 2.8.4...

6.1CVSS5.8AI score0.00276EPSS
Exploits0References1Affected Software1
Metasploit
Metasploit
added 2026/04/17 7:1 p.m.408 views

Camaleon CMS Directory Traversal CVE-2024-46987

Exploits CVE-2024-46987, an authenticated directory traversal vulnerability in Camaleon CMS versions use auxiliary/gather/camaleondownloadprivatefile msf auxiliarycamaleondownloadprivatefile show actions ...actions... msf auxiliarycamaleondownloadprivatefile set ACTION msf...

7.7CVSS5.9AI score0.1456EPSS
Exploits11
ATTACKERKB
ATTACKERKB
added 2026/04/14 1:3 a.m.3 views

CVE-2026-39419

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an authenticated user can bypass sandbox result validation and spoof tool execution results by exploiting Python frame introspection to read the wrapper's UUID from its bytecode constants, then writing a forged resu...

3.1CVSS5.9AI score0.00222EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/04/14 12:22 a.m.11 views

EUVD-2026-22182

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting XSS vulnerability through the application name or icon fields when creating an application. When a victim visits the public chat interface /ui/chat/accesstoken, the...

6.9CVSS6AI score0.00216EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/14 12:22 a.m.4 views

CVE-2026-39422 MaxKB has Stored XSS via ChatHeadersMiddleware

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting XSS vulnerability through the application name or icon fields when creating an application. When a victim visits the public chat interface /ui/chat/accesstoken, the...

6.9CVSS6AI score0.00216EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.7 views

PT-2026-32576

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting XSS vulnerability through the application name or icon fields when creating an application. When a victim visits the public chat interface /ui/chat/access token, the...

6.9CVSS6AI score0.00216EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.3 views

PT-2026-32564

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an incomplete fix for CVE-2025-53928, where a Remote Code Execution vulnerability still exists in the MCP node of the workflow engine. MaxKB only restricts the referencing code path loading MCP config from the...

9.8CVSS6AI score0.00427EPSS
Exploits1References4
Rows per page
Query Builder