Lucene search
K

58 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/28 4:19 p.m.6 views

CVE-2026-9091

Casdoor versions 2.362.0 and earlier contain a logic flaw in the social‑login binding flow that allows users to bypass configured MFA requirements. The binding‑rule code path in controllers/auth.go calls HandleLoggedIn directly without invoking checkMfaEnable. Any user authenticating via this pat...

5.9AI score0.00037EPSS
Exploits0References2
NVD
NVD
added 2026/05/13 4:16 p.m.4 views

CVE-2026-42266

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager allowedextensionsuris is not correctly enforced by JupyterLab. The Py...

8.8CVSS0.00029EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2026/05/05 9:50 p.m.3 views

org.webjars.npm:npmcli__agent (>=2.2.2 <=3.0.0), org.webjars.npm:pac-proxy-agent (=4.1.0) +6 more potentially affected by CVE-2026-42338 via org.webjars.npm:ip-address (>=5.8.9 <=9.0.5)

org.webjars.npm:ip-address MAVEN version =5.8.9, =2.2.2, =2.8.3, =5.0.0, =8.0.5 - org.webjars.npm:socks5-client =1.2.6 - org.webjars.npm:socks5-http-client =1.0.4 - org.webjars.npm:socks5-https-client =1.2.1 Source cves: CVE-2026-42338 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16636414...

6.1CVSS5.8AI score0.00012EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.6 views

PT-2026-37201

CVE-2026-42312 pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the set config value API method @permissionPerms.SETTINGS in src/p… https://t.co/ADtnuQJj56...

6.8CVSS5.8AI score0.0002EPSS
Exploits1References11
CVE
CVE
added 2026/04/23 12:28 a.m.18 views

CVE-2026-41196

Luanti (formerly Minetest) has a sandbox escape in LuaJIT affecting versions 5.0.0 through 5.15.1 (prior to 5.15.2). A malicious mod can escape the sandboxed Lua environment and run arbitrary code with full filesystem access on the user’s device, across server-side mods (including async and mapge...

10CVSS6.2AI score0.00091EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/22 4:28 p.m.3 views

Security Bulletin: IBM Guardium Data Protection is affected by a spring-security-config-5.8.14.jar vulnerability (CVE-2024-38827)

Summary IBM Guardium Data Protection has addressed this vulnerability in an update. Vulnerability Details CVEID:CVE-2024-38827 DESCRIPTION: The usage of String.toLowerCase and String.toUpperCase has some Locale dependent exceptions that could potentially result in authorization rules not working...

4.8CVSS7.1AI score0.00399EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/03/25 4:14 p.m.6 views

CVE-2026-25361

CVE-2026-25361 affects the WordPress plugin set described in the provided documents as a reflection-based cross-site scripting issue. The Initial Description states a Reflected XSS in magepeopleteam WpEvently mage-eventpress, impacting WpEvently versions from n/a through

7.1CVSS5.8AI score0.00045EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 12:31 a.m.16 views

CVE-2026-28816

A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to delete files for which it does not have permission...

0.00033EPSS
Exploits0References3
Circl
Circl
added 2026/03/24 3:17 a.m.3 views

CVE-2026-4742

creationtimestamp| type| source ---|---|--- 2026-03-24 03:17:30+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-4742...

6.3CVSS5.8AI score0.00063EPSS
Exploits0References1
Circl
Circl
added 2026/03/22 3:0 a.m.3 views

CVE-2026-32044

creationtimestamp| type| source ---|---|--- 2026-03-22 03:00:05+00:00| seen| https://github.com/openclaw/openclaw/security/advisories/GHSA-rm2p-j3r7-4x4j...

6.7CVSS5.8AI score0.00016EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/20 2:48 a.m.22 views

CVE-2026-32935 phpseclib's AES-CBC unpadding susceptible to padding oracle timing attack

phpseclib is a PHP secure communications library. Projects using versions 0.1.1 through 1.0.26, 2.0.0 through 2.0.51, and 3.0.0 through 3.0.49 are vulnerable to a to padding oracle timing attack when using AES in CBC mode. This issue has been fixed in versions 1.0.27, 2.0.52 and 3.0.50...

8.2CVSS0.00017EPSS
Exploits0References2
Circl
Circl
added 2026/03/12 11:10 p.m.3 views

CVE-2026-3910

creationtimestamp| type| source ---|---|--- 2026-03-12 23:10:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mgvji6tzjd2u 2026-03-13 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0286/ 2026-03-13 01:52:18+00:00| seen|...

8.8CVSS7.4AI score0.03241EPSS
Exploits0References31
vulnersOsv
vulnersOsv
added 2026/03/11 12:36 a.m.2 views

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @kontaa/subgraph (>=1.0.1 <=1.2.3) +27 more potentially affected by CVE-2026-31901 via parse-server (>=2.0.8 <=7.5.4)

parse-server NPM version =2.0.8, =1.0.5, =1.0.1, =1.2.1, =2.4.46, =2.4.8, =1.0.0, =1.0.0, =1.0.1, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.29 - parse-cli-server2 =0.0.30 and more Source cves: CVE-2026-31901 Source advisory: OSV:GHSA-W54V-HF9P-8856...

6.3CVSS5.8AI score0.00044EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/02/25 9:54 p.m.4 views

@0xlimao/n8n-nodes-ethereum (>=1.0.0 <=1.0.1), @aayshian/n8n-aisensy-ay19 (=0.0.1) +95 more potentially affected by CVE-2026-27498 via n8n-core (>=2.0.0 <=2.1.1)

n8n-core NPM version =2.0.0, =1.0.0, =0.0.1, =1.0.0, =0.0.1, =0.0.1, =0.3.6, =0.1.0, =1.0.0, =0.1.4, =0.1.0, =0.1.13 and more Source cves: CVE-2026-27498 Source advisory: SNYK:JS-N8NCORE-15357608...

9CVSS5.4AI score0.00594EPSS
Exploits0
NVD
NVD
added 2026/01/22 5:16 p.m.1 views

CVE-2026-24355

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality allows Stored XSS.This issue affects Houzez Theme - Functionality: from n/a through = 4.2.6...

6.5CVSS0.00064EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/17 2:22 a.m.20 views

CVE-2025-14075 WP Hotel Booking <= 2.2.7 - Unauthenticated Sensitive Information Exposure via 'email' Parameter

The WP Hotel Booking plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.7. This is due to the plugin exposing the 'hotelbookingfetchcustomerinfo' AJAX action to unauthenticated users without proper capability checks, relying only on a...

5.3CVSS0.00073EPSS
Exploits0References5
Circl
Circl
added 2025/12/18 9:48 a.m.2 views

CVE-2025-60064

creationtimestamp| type| source ---|---|--- 2025-12-18 09:48:35+00:00| seen| https://gist.github.com/Darkcrai86/8c4e548566ada935ff7b3f76a2e0b3f9...

8.1CVSS4.8AI score0.0011EPSS
Exploits0References1
OSV
OSV
added 2025/11/28 12:51 p.m.2 views

OESA-2025-2754 containerd security update

containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...

7.8CVSS6.4AI score0.00007EPSS
Exploits1References3
OSV
OSV
added 2025/11/12 10:15 a.m.1 views

CVE-2025-12382

Improper Limitation of a Pathname 'Path Traversal' vulnerability in Algosec Firewall Analyzer on Linux, 64 bit allows an authenticated user to upload files to a restricted directory leading to code injection. This issue affects Algosec Firewall Analyzer: A33.0 up to build 320, A33.10 up to build...

8.8CVSS5.9AI score0.0011EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/10 10:8 p.m.7 views

CVE-2025-64518 CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection

The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Starting in version 2.1.0 and prior to version 11.0.1, the XML Validator used by cyclonedx-core-java was not configured securely, making the library...

7.5CVSS0.00058EPSS
Exploits0References5
Rows per page
Query Builder