Lucene search
K

160794 matches found

CVE
CVE
added 2 days ago6 views

CVE-2026-53653

Grav (file-based web platform) contains CVE-2026-53653: unauthenticated denial of service by requesting image derivatives with oversized dimensions via URL actions like forceResize in Grav::fallbackUrl. The root cause is that request parameters are passed to ImageMedium magic actions without a di...

8.7CVSS6.1AI score0.00301EPSS
Exploits0References5
EUVD
EUVD
added 2 days ago9 views

EUVD-2026-41129

API Platform Core vulnerable to cross-user attribute leak in JSON:API and HAL item normalizers due to missing isCacheKeySafe gate...

5.9CVSS6.1AI score0.00197EPSS
Exploits0References2
CVE
CVE
added 2 days ago15 views

CVE-2026-59792

CVE-2026-59792 affects JetBrains IntelliJ IDEA prior to 2026.1.4, with a path-traversal weakness in project workspace ID handling that could enable code execution. The connected sources corroborate a 2026.2-era code execution claim tied to this path traversal issue. The available documents do not...

9.8CVSS6.4AI score0.00424EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2 days ago11 views

CVE-2026-29519

CVE-2026-29519 affects Lucee CFML Server across 5.3.x, 6.1.x, 6.2.x, and 7.0.x release lines. It describes a reflected cross-site scripting vulnerability in URL path parsing, where unauthenticated remote attackers can cause arbitrary JavaScript to execute in a victim’s browser by embedding payloa...

8.2CVSS6.3AI score0.00386EPSS
Exploits1References2
CVE
CVE
added 2 days ago6 views

CVE-2026-61444

PRAISONAi before 4.6.78 has a code‑injection vulnerability in deploy/api.py: the agents_file parameter is interpolated into an f-string without sanitization, allowing arbitrary Python code execution when the generated server code runs via subprocess.Popen(). Affected: PraisonAI

9.4CVSS6.2AI score0.00392EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-42902

PraisonAI versions before 4.6.78 contain a code injection vulnerability in deploy/api.py where the agentsfile parameter is directly interpolated into an f-string without sanitization. Attackers can inject arbitrary Python code that executes when the generated server code runs via subprocess.Popen...

9.4CVSS6.2AI score0.00392EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2 days ago8 views

CVE-2026-58207

A flaw was found in NATS Server. A client with the ability to send account-scoped connection monitoring requests could crash the server. This is achieved by providing pagination offset and limit values that cause an arithmetic overflow, leading to a Denial of Service DoS. Mitigation Upstream...

7.7CVSS6AI score0.0056EPSS
Exploits0References8
EUVD
EUVD
added 2 days ago8 views

EUVD-2026-42876

Improper Neutralization of Parameter/Argument Delimiters vulnerability in elixir-plug plug allows an attacker to inject or override HTTP cookie attributes. The Plug.Conn.Cookies.encode/2 function in lib/plug/conn/cookies.ex builds the Set-Cookie response header by interpolating the cookie value a...

2.1CVSS6.1AI score0.00146EPSS
Exploits0References4
CVE
CVE
added 2 days ago6 views

CVE-2026-54470

Dell Unisphere for PowerMax, versions up to 10.3.0.5, are affected by an Improper Restriction of XML External Entity Reference. The issue targets the XML parser in a network-accessible context and could allow a low-privileged, remote attacker to gain unauthorized access to sensitive data. The CVS...

5.3CVSS6.1AI score0.0019EPSS
Exploits0References1
CVE
CVE
added 2 days ago10 views

CVE-2026-54469

Dell Unisphere for PowerMax, versions 10.3.0.5 and earlier, are affected by a Deserialization of Untrusted Data vulnerability that could allow arbitrary command execution with root privileges via remote access from a low-privilege attacker. The CVE (CVE-2026-54469) is documented with a high-sever...

8.8CVSS6.3AI score0.00442EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago9 views

EUVD-2026-42869

Dell PowerFlex Manager, Version prior to 5.1.0.1, contains an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure...

7.7CVSS6.1AI score0.00215EPSS
Exploits0References1
CVE
CVE
added 2 days ago12 views

CVE-2026-58225

This CVE affects postgrex (specifically Postgrex.Notifications) used with elixir-ecto. The root cause is a SQL injection-like flaw in the reconnect replay: on (re)connect, handle_connect/1 concatenates LISTEN statements and wraps them in a dollar-quoted block (DO $$ ... $$). quote_channel/1 doubl...

2.1CVSS6.3AI score0.00163EPSS
Exploits0References4
NVD
NVD
added 2 days ago8 views

CVE-2026-41878

R-SOFT DMS is vulnerable to Insecure Direct Object Reference IDOR attack in multiple file download endpoints. The application fetches files from the database by ID and serves them to whoever requests them, relying only on session authentication, meaning any valid user can access any file. This...

7.1CVSS0.0047EPSS
Exploits0References1
NVD
NVD
added 2 days ago7 views

CVE-2026-41877

R-SOFT DMS is vulnerable to Stored XSS in file upload functionality. Authenticated attacker can inject arbitrary HTML and JS into the name of the file being uploaded, which will be executed when visiting file list or upload status by other users. This issue was fixed in version v3.19-2832 and...

5.1CVSS0.0039EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2 days ago6 views

CVE-2026-41878

R-SOFT DMS is vulnerable to Insecure Direct Object Reference IDOR attack in multiple file download endpoints. The application fetches files from the database by ID and serves them to whoever requests them, relying only on session authentication, meaning any valid user can access any file. This...

8.7CVSS6.1AI score0.01228EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2 days ago7 views

CVE-2026-41880

R-SOFT DMS is vulnerable to OS Command Injection in the Optical Character Recognition OCR module. Multiple command execution functions accept user-controllable file paths without proper sanitization before passing them to the system shell via SSH. In current infrastructure the URL encoding...

9CVSS6.2AI score0.01331EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago10 views

EUVD-2026-42853

R-SOFT DMS is vulnerable to OS Command Injection in konwertujAction function. The document converter executes shell commands using unsanitized file paths and format parameters. This allows an authenticated attacker to execute arbitrary system commands with the privileges of the web server user...

8.7CVSS6.3AI score0.01228EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2 days ago6 views

CVE-2026-41876

R-SOFT DMS is vulnerable to OS Command Injection in konwertujAction function. The document converter executes shell commands using unsanitized file paths and format parameters. This allows an authenticated attacker to execute arbitrary system commands with the privileges of the web server user...

8.7CVSS6.3AI score0.01228EPSS
Exploits0References2
NVD
NVD
added 2 days ago5 views

CVE-2026-40005

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache IoTDB. An attacker can write arbitrary files anywhere the IoTDB process has write permissions with unsafe API. This issue affects Apache IoTDB: from 1.0.0 before 2.0.10. Users are recommended to...

9.1CVSS0.00349EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-42838

Incorrect Authorization, Improper Access Control vulnerability in Apache IoTDB. Authorization bypass in /rest/v2/fastLastQuery exposes last-value data to unauthorized authenticated users. This issue affects Apache IoTDB: from 1.3.5 before 1.3.8, from 2.0.5 before 2.0.10. Users are recommended to...

7.5CVSS6.1AI score0.00256EPSS
Exploits0References1
Rows per page
Query Builder