Lucene search
K

538 matches found

NVD
NVD
added 2026/05/08 4:16 a.m.38 views

CVE-2026-42273

Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall performs host matching in a case-sensitive manner, while HTTP hostnames are case-insensitive. This discrepancy can result in heimdall failing to match a rule for a request host...

7.8CVSS0.00301EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/05/07 4:35 p.m.120 views

Exploit for CVE-2026-7482

CVE-2026-7482: Ollama GGUF Heap OOB Read Reproduction This re...

9.1CVSS5.8AI score0.01001EPSS
Exploits3
EUVD
EUVD
added 2026/05/07 3:24 a.m.8 views

EUVD-2026-28294

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.26.0 to before version 0.31.8.0, the auth filter has the deactivated/banned user check commented out. This issue has been patched in version...

5.3CVSS5.7AI score0.00269EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/05 12:26 a.m.9 views

NPM: Axios: Prototype Pollution Gadgets - Response Tampering, Data Exfiltration, and Request Hijacking

Response Tampering, Data Exfiltration, and Request Hijacking vulnerability discovered by ? in WordPress Npm axios versions = 0.31.0...

7.4CVSS5.8AI score0.00838EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.8 views

PT-2026-36991

Name of the Vulnerable Software and Affected Versions Apache Thrift versions prior to 0.23.0 Description An issue exists involving memory allocation with an excessive size value. Recommendations Upgrade to version 0.23.0...

5.3CVSS5.8AI score0.00665EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.9 views

CVE-2026-7594

A vulnerability was detected in Flux159 mcp-game-asset-gen 0.1.0. Affected is the function imageto3dasync of the file src/index.ts of the component MCP Interface. The manipulation of the argument statusFile results in path traversal. The attack can be executed remotely. The exploit is now public...

7.5CVSS6.8AI score0.00418EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/04 5:44 p.m.5 views

CVE-2026-41572 Note Mark: Unauthenticated read of notes and assets in soft-deleted public books

Note Mark is an open-source note-taking application. Prior to version 0.19.3, after a note-mark owner soft-deletes a public book, its notes and uploaded assets stay readable at /api/notes/id, /api/notes/id/content, the slug URL, and the asset endpoints. Unauthenticated callers who hold the note I...

5.3CVSS5.7AI score0.00194EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.9 views

MCP-RTFM 路径遍历漏洞

MCP-RTFM is an intelligent document generation and knowledge base construction tool developed by Ryan Joachim. Version 0.1.0 of MCP-RTFM contains a path traversal vulnerability. This vulnerability arises from the handling of the docFile parameter in the getdoccontent/readdoc/updatedoc functions...

6.5CVSS6.6AI score0.00294EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/02 2:30 p.m.4 views

CVE-2026-7642

A vulnerability was detected in pskill9 website-downloader up to 0.1.0. This affects the function downloadwebsite of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument outputPath results in os command injection. The attack may be initiated remotely. Th...

6.5CVSS6.4AI score0.0134EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/05/02 12:0 p.m.13 views

CVE-2026-7628

The CVE-2026-7628 affects crazyrabbitLTC mcp-code-review-server (up to version 0.1.0). The vulnerability is in RepoMix Command Handler’s function executeRepomix (src/repomix.ts), where a manipulation yields command injection. Exploitation can be remote, and public exploit code is available. The i...

6.5CVSS6.3AI score0.0111EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/05/01 12:0 a.m.6 views

Fedora 42 : pyp2spec (2026-91671b8061)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-91671b8061 advisory. Automatic update for pyp2spec-0.14.1-1.fc42. Changelog for pyp2spec Tue Apr 21 2026 Packit - 0.14.1-1 - Update to 0.14.1 upstream release - Resolves:...

5.8AI score
Exploits0References1
EUVD
EUVD
added 2026/04/29 6:0 p.m.7 views

EUVD-2026-26273

A security flaw has been discovered in NousResearch hermes-agent 0.8.0. This affects the function checksensitivepath of the file tools/filetools.py. The manipulation results in symlink following. Attacking locally is a requirement. The exploit has been released to the public and may be used for...

4.8CVSS4.7AI score0.00138EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.26 views

PT-2026-37180

Name of the Vulnerable Software and Affected Versions Icinga Web versions prior to 0.13.1 Description An issue allows an attacker to inject malicious Javascript into a victim's browser to execute it within the context of Icinga Web. This occurs when a victim visits a specifically prepared website...

7.6CVSS5.9AI score0.00259EPSS
Exploits0References10
Nvidia
Nvidia
added 2026/04/28 12:0 a.m.8 views

Security Bulletin: NVIDIA NemoClaw - April 2026

NVIDIA has released a software update for NVIDIA® NemoClaw. To protect your system, clone or update this software to v0.0.18 or later from NVIDIA/NemoClaw on GitHub. Go to NVIDIA Product Security. Details The following table summarizes the potential vulnerabilities that this security update...

8.6CVSS5.5AI score0.00395EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2026/04/27 12:0 p.m.11 views

AVX2 Implementation Did Not Fully Reduce Intermediate Values

The AVX2 implementation of ML-DSA did not fully reduce intermediate inputs to the inverse NTT, which leads to a testable difference in panic behaviour of internal functions compared to the portable implementation. Impact We are not aware of inputs to the public key generation, signing or...

5.8AI score
Exploits0Affected Software1
CVE
CVE
added 2026/04/24 1:46 a.m.32 views

CVE-2026-32952

CVE-2026-32952 affects the Go package go-ntlmssp. Before version 0.1.1, a malformed NTLM challenge message can trigger a slice-out-of-bounds panic in ntlmssp.Negotiator when used as an HTTP transport, potentially crashing the Go process. The issue is fixed in version 0.1.1. Affected components ar...

7.5CVSS5.7AI score0.01027EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.9 views

VeRL 权限许可和访问控制问题漏洞

VeRL is an open-source reinforcement learning framework developed by ByteDance, aimed at optimizing large model training and inference processes. Versions of VeRL prior to 0.7.0 contained vulnerabilities related to permission licensing and access control. These vulnerabilities stemmed from a...

6.3CVSS6.2AI score0.00333EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.8 views

PT-2026-33736

A vulnerability was determined in 1024bit extend-deep up to 0.1.6. The impacted element is an unknown function of the file index.js. This manipulation of the argument proto causes improperly controlled modification of object prototype attributes. Remote exploitation of the attack is possible. The...

7.5CVSS6.8AI score0.00336EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/17 9:30 p.m.8 views

Neo4j Labs MCP Servers: SSRF and Data Modification via read_only Mode Bypass Through CALL Procedures

Summary The readonly mode in mcp-neo4j-cypher versions prior to 0.6.0 can be bypassed using CALL procedures. Details Impact The enforcing of readonly mode in vulnerable versions could be bypassed by certain APOC procedures. Patches v0.6.0 release hardened the checks around the mode. The only way ...

2.3CVSS5.8AI score0.00264EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/17 6:36 p.m.5 views

MAL-2026-2851 Malicious code in @indriver-poc/whisperwind (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7543a4315d192afe241577899d5777567678b591c400103ba3da0dc46f1b1d55 The package @indriver-poc/whisperwind was found to contain malicious code. Source: ossf-package-analysis...

5.7AI score
Exploits0
Rows per page
Query Builder