Lucene search
K

1773 matches found

Cvelist
Cvelist
added 2026/06/10 3:51 p.m.34 views

CVE-2026-46497 SSRF via sitemap-derived URLs in Crawlee for Python

Crawlee is a web scraping and browser automation library. From version 1.0.0 to before version 1.7.0, Crawlee is vulnerable to SSRF via sitemap-derived URLs. This issue has been patched in version 1.7.0...

2.3CVSS0.00286EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/10 3:51 p.m.10 views

EUVD-2026-36067

Crawlee is a web scraping and browser automation library. From version 1.0.0 to before version 1.7.0, Crawlee is vulnerable to SSRF via sitemap-derived URLs. This issue has been patched in version 1.7.0...

2.3CVSS5.4AI score0.00286EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/10 8:59 a.m.10 views

CVE-2026-10024

The TinyMCE shortcode Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'btnrel' Shortcode Attribute in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.7AI score0.00228EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 3:41 a.m.36 views

CVE-2026-10024 TinyMCE shortcode Addon <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'btnrel' Shortcode Attribute

The TinyMCE shortcode Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'btnrel' Shortcode Attribute in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00228EPSS
Exploits0References3
CVE
CVE
added 2026/06/09 3:41 a.m.24 views

CVE-2026-10024

CVE-2026-10024 affects the TinyMCE shortcode Addon for WordPress (versions

6.4CVSS5.7AI score0.00228EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/08 6:37 p.m.13 views

Security Bulletin: IBM Langflow Desktop 1.0.0 - 1.9.2 DNS Rebinding Bypasses SSRF Protection Allowing Access to Internal Services

Summary A Time-of-Check to Time-of-Use TOCTOU vulnerability in IBM Langflow Desktop's SSRF protection allows authenticated attackers to bypass internal network access restrictions using DNS rebinding attacks. The validateurlforssrf function validates URLs using socket.getaddrinfo, but...

5.4CVSS5.6AI score0.00138EPSS
Exploits0Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/08 2:31 a.m.12 views

Malicious code in zer0one-dnslog (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 903c45d49e6716373a67196c41e8acfbf8afa3320a635380ffe3403e8f127605 The package is published as a 'simple date formatting utility' but ships a postinstall payload that, on npm install, runs a curl pipeline against clo...

5.6AI score
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.7 views

CVE-2026-5508

The WowPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wowpress shortcode in all versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.7AI score0.00234EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.11 views

CVE-2026-46685

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, when RUSTFSCORSALLOWEDORIGINS is unset, the RustFS S3 listener's ConditionalCorsLayer reflects any request Origin value back as Access-Control-Allow-Origin and also sets Access-Control-Allow-Credentials: true and...

6CVSS5.5AI score0.00108EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:22 p.m.18 views

CVE-2026-7567

The Temporary Login plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.0.0. This is due to improper input validation in the maybelogintemporaryuser function, which fails to verify that the 'temp-login-token' GET parameter is a scalar string before...

9.8CVSS5.4AI score0.09246EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.9 views

CVE-2026-45042

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, improper authorization in the UploadPartCopy operation allows copying objects across buckets without enforcing destination bucket restrictions on allowed copy sources. The implementation validates GetObject...

7.1CVSS5.5AI score0.00207EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.10 views

CVE-2026-40978

SQL injection vulnerability in Spring AI's CosmosDBVectorStore allows attackers to execute arbitrary SQL queries via crafted document IDs. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

8.8CVSS6AI score0.00338EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/05 4:52 p.m.10 views

CVE-2026-45291 Cloudburst Network erroneously handles invalid connections

Cloudburst Network provides network components used within Cloudburst projects. A vulnerability in versions prior to 1.0.0.CR3-20260418.124334-32 impacts publicly accessible software depending on the affected versions of Network and allows an attacker to exploit a bug in Network to close the pare...

7.5CVSS5.5AI score0.00263EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/05 4:51 p.m.12 views

EUVD-2026-34861

Cloudburst Network provides network components used within Cloudburst projects. A vulnerability in versions prior to 1.0.0.CR3-20260417.085727-30 impacts publicly accessible software depending on the affected versions of Network and allows an attacker to exploit a vulnerability in Network to stal...

7.5CVSS5.5AI score0.00278EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/30 9:2 a.m.34 views

Malicious code in buffer-utilities (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b3cf478b4c7637e44008fcc4590911059673b2efa3b3e956676ca18e5462c3d5 buffer-utilities impersonates the legitimate buffer package by Feross Aboukhadijeh, copying its name, email, homepage, and GitHub repo metadata, and...

5.6AI score
Exploits0References4
CNNVD
CNNVD
added 2026/05/30 12:0 a.m.9 views

AiOPMSD Final SQL注入漏洞

AiOPMSD Final is a video stream download tool developed by AiOPMSD Corporation. Version 1.0.0 of AiOPMSD Final contains a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the actor parameter, potentially allowing unauthenticated attackers to execute...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/28 8:26 p.m.11 views

CVE-2026-41897

Mantis Bug Tracker MantisBT is an open source issue tracker. From 1.0.0 to 2.28.1, lack of validation of filtertarget parameter on returndynamicfilters.php normally used as an AJAX in View Issues Page allows an attacker to inject arbitrary HTML if the target is a TEXTAREA custom field. This...

5.3CVSS5.9AI score0.00281EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/05/28 7:16 p.m.22 views

CVE-2026-45044

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the admin router explicitly whitelists /profile/cpu and /profile/memory from the authentication layer, allowing any unauthenticated HTTP client to invoke profiling handlers without credentials. On supported builds...

8.8CVSS0.0031EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/28 6:35 p.m.14 views

EUVD-2026-32997

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, RustFS suffers from sensitive information leakage in log outputs. When the server is run with RUSTLOG=debug sensitive credentials including SessionToken JWT, SecretAccessKey, and full JWT claims are printed in...

5.3CVSS5.8AI score0.00152EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/28 6:32 p.m.10 views

EUVD-2026-32995

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, improper authorization in the UploadPartCopy operation allows copying objects across buckets without enforcing destination bucket restrictions on allowed copy sources. The implementation validates GetObject...

7.1CVSS5.8AI score0.00207EPSS
Exploits0References1
Rows per page
Query Builder