Lucene search
K

149 matches found

Cvelist
Cvelist
added 6 days ago29 views

CVE-2026-59223 Open WebUI: `WEB_FETCH_FILTER_LIST` host allow/block filter bypassable via URL path and non-label-boundary matching

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, WEBFETCHFILTERLIST matching compared configured host entries against URL strings and non-label-boundary suffixes, allowing path-based blocklist bypasses such as !internal.example.com in a URL pa...

4.3CVSS0.00223EPSS
Exploits0References4
OSV
OSV
added 2026/06/30 11:17 p.m.4 views

UBUNTU-CVE-2026-55223

c3p0 is a JDBC Connection pooling library. In versions prior to 0.14.0, c3p0 in combination with other libraries, can compose to a "sink" for deserialization gadgets. The JDBC spec's DataSource.getConnection and ConnectionPoolDataSource.getPooledConnection match the getXXX form, so JavaBean...

6.3CVSS5.7AI score0.00284EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/24 5:33 a.m.9 views

EUVD-2026-38655

The Osiris Signature Banner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious...

6.1CVSS5.8AI score0.00135EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/10 2:34 p.m.12 views

EUVD-2026-36051

A stored cross-site scripting vulnerability existed in MISP BSimVis tag rendering code. Several client-side rendering paths interpolated tag names, collection names, entity identifiers, cluster names, and tag metadata directly into HTML, HTML attributes, inline JavaScript event handlers, and CSS...

6.9CVSS5.5AI score0.00277EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/05/28 12:0 a.m.15 views

OWASP FinBot CTF 0.2

FinBot is an Agentic AI security CTF platform from OWASP. Interact with AI agents, exploit real vulnerabilities, and learn to secure agentic systems. All from your browser...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/27 4:31 p.m.3 views

CVE-2026-42328 go-ipld-prime: DAG-CBOR and DAG-JSON decoders unbounded recursion depth

go-ipld-prime is an implementation of the InterPlanetary Linked Data IPLD spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Prior to 0.23.0, the DAG-CBOR and DAG-JSON decoders recurse on each nested map or list...

6.2CVSS6AI score0.0012EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.14 views

PT-2026-43499

Name of the Vulnerable Software and Affected Versions My Email Shortcode versions prior to 0.92 Description The plugin is subject to Stored Cross-Site Scripting, a flaw where malicious scripts are permanently stored on the target server. This occurs due to insufficient input sanitization and outp...

6.4CVSS6AI score0.00187EPSS
Exploits0References6
NVD
NVD
added 2026/05/25 9:16 p.m.20 views

CVE-2026-9503

A security flaw has been discovered in GNU LibreDWG up to 0.14. This impacts the function dwgnextentity of the file src/decode.c of the component DWG File Handler. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been releas...

4.8CVSS0.00143EPSS
Exploits0References7
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Thunderbird

Ribose RNP before version 0.16.3 may hang when the input is malformed...

5.3CVSS5.5AI score0.00901EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in exiv2

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was discovered in Exiv2 versions v0.27.4 and earlier. This infinite loop occurs when Exiv2 is used to modify the metadata of a specially crafted image file. ...

5.5CVSS6.3AI score0.01109EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/19 7:57 a.m.12 views

CVE-2026-45675

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, he LDAP and OAuth authentication flows use a TOCTOU Time-of-Check-Time-of-Use pattern for first-user admin role assignment. The regular signup handler signuphandler in auths.py, line...

8.1CVSS5.9AI score0.00354EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/18 6:34 a.m.15 views

EUVD-2026-30739

Net::Statsd::Lite versions through 0.10.0 for Perl allowed metric injections. The values from the setadd method were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Note that version 0.9.0 fixed a similar issue...

5.8AI score0.00306EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/04 5:44 p.m.6 views

CVE-2026-41572 Note Mark: Unauthenticated read of notes and assets in soft-deleted public books

Note Mark is an open-source note-taking application. Prior to version 0.19.3, after a note-mark owner soft-deletes a public book, its notes and uploaded assets stay readable at /api/notes/id, /api/notes/id/content, the slug URL, and the asset endpoints. Unauthenticated callers who hold the note I...

5.3CVSS5.7AI score0.00194EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/02 2:30 p.m.4 views

CVE-2026-7642

A vulnerability was detected in pskill9 website-downloader up to 0.1.0. This affects the function downloadwebsite of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument outputPath results in os command injection. The attack may be initiated remotely. Th...

6.5CVSS6.4AI score0.0134EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/05/02 12:0 p.m.14 views

CVE-2026-7628

The CVE-2026-7628 affects crazyrabbitLTC mcp-code-review-server (up to version 0.1.0). The vulnerability is in RepoMix Command Handler’s function executeRepomix (src/repomix.ts), where a manipulation yields command injection. Exploitation can be remote, and public exploit code is available. The i...

6.5CVSS6.3AI score0.0111EPSS
Exploits0References7
OSV
OSV
added 2026/04/17 1:3 p.m.5 views

OESA-2026-1984 avahi security update

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. This enables you to plug your laptop or computer into a network and instantly be able to view other people who you can chat with, find printers to print to or find files being shared...

5.5CVSS5.7AI score0.00203EPSS
Exploits1References2
NVD
NVD
added 2026/04/15 9:16 a.m.4 views

CVE-2026-4011

The Power Charts Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the pc shortcode in all versions up to, and including, 0.1.0. This is due to insufficient input sanitization and output escaping on the 'id' shortcode attribute. Specifically, in the...

6.4CVSS0.00265EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/04/02 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-34441

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.40.0, cpp-httplib is vulnerable to HTTP Request Smuggling...

6.5CVSS6.4AI score0.00196EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/21 3:26 a.m.2 views

CVE-2026-3331 Lobot Slider Administrator <= 0.6.0 - Cross-Site Request Forgery to Settings Update

The Lobot Slider Administrator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.6.0. This is due to missing or incorrect nonce validation on the fourtyslideroptionspage function. This makes it possible for unauthenticated attackers to modify...

4.3CVSS5.7AI score0.0014EPSS
Exploits0References3
NVD
NVD
added 2026/03/05 2:16 a.m.9 views

CVE-2026-3257

UnQLite versions through 0.06 for Perl uses a potentially insecure version of the UnQLite library. UnQLite for Perl embeds the UnQLite library. Version 0.06 and earlier of the Perl module uses a version of the library from 2014 that may be vulnerable to a heap-based overflow...

9.8CVSS0.00408EPSS
Exploits0References3
Rows per page
Query Builder