Lucene search
K

13435 matches found

OSV
OSV
added yesterday8 views

ROOT-APP-NPM-CVE-2021-23337 CVE-2021-23337 in @rootio/lodash.template - Patched by Root

Root has patched CVE-2021-23337 in the @rootio/lodash.template package for Root:npm. Multiple fixed versions available...

7.2CVSS5.4AI score0.2241EPSS
Exploits3
Nuclei
Nuclei
added yesterday17 views

Scoold < 1.64.0 - Authentication Bypass

Scoold is a Q&A and a knowledge sharing platform for teams. A semicolon path injection vulnerability was found on the /api;/config endpoint. By appending a semicolon in the URL, attackers can bypass authentication and gain unauthorised access to sensitive configuration data. Furthermore, PUT...

8.7CVSS6AI score0.01008EPSS
Exploits0References3
NVD
NVD
added 4 days ago4 views

CVE-2026-55881

OpenReplay is a self-hosted session replay suite. From 1.22.0 before 1.27.0, getFirstMob returned 15-second presigned S3 download URLs for a session's DOM-replay recording based solely on the session path parameter, while validateProjectAccess checked only that the project belonged to the...

7.1CVSS0.00246EPSS
Exploits0References4
Cvelist
Cvelist
added 4 days ago29 views

CVE-2026-55501 9router: Login brute-force protection bypass via spoofed X-Forwarded-For header

9Router is an AI router & token saver. Prior to 0.4.80, the dashboard login rate limiter in src/lib/auth/loginLimiter.js derives the client identity from the attacker-controlled X-Forwarded-For HTTP header, and src/app/api/auth/login/route.js uses that spoofable value for checkLock and recordFail...

7.3CVSS0.00515EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-42924

MaxKB is an open-source AI assistant for enterprise. Prior to 2.10.0-lts, MaxKB tool import functionality in apps/tools/serializers/tool.py and MCP referencing mode in apps/application/chatpipeline/step/chatstep/impl/basechatstep.py do not consistently validate MCP transport type, allowing an...

8.8CVSS6.2AI score0.00384EPSS
Exploits0References2
OSV
OSV
added 4 days ago4 views

ROOT-APP-PYPI-CVE-2026-54276 CVE-2026-54276 in rootio-aiohttp - Patched by Root

Root has patched CVE-2026-54276 in the rootio-aiohttp package for Root:PyPI. Multiple fixed versions available...

6.3CVSS5.8AI score0.00178EPSS
Exploits0
OSV
OSV
added 5 days ago4 views

ROOT-OS-DEBIAN-13-CVE-2025-61147 CVE-2025-61147 in rootio-libde265 - Patched by Root

Root has patched CVE-2025-61147 in the rootio-libde265 package for Root:Debian:13. Multiple fixed versions available...

6.2CVSS5.8AI score0.00159EPSS
Exploits1
OSV
OSV
added 5 days ago4 views

ROOT-OS-DEBIAN-13-CVE-2026-41080 CVE-2026-41080 in rootio-expat - Patched by Root

Root has patched CVE-2026-41080 in the rootio-expat package for Root:Debian:13. Multiple fixed versions available...

3.7CVSS5.2AI score0.00379EPSS
Exploits0
OSV
OSV
added 5 days ago7 views

ROOT-OS-DEBIAN-11-CVE-2026-34982 CVE-2026-34982 in rootio-vim - Patched by Root

Root has patched CVE-2026-34982 in the rootio-vim package for Root:Debian:11. Multiple fixed versions available...

8.2CVSS6.2AI score0.0047EPSS
Exploits0
CVE
CVE
added 5 days ago10 views

CVE-2026-50644

CVE-2026-50644 affects SOPlanning. The vulnerability is an SQL injection in the audit retention configuration, exploitable by an attacker with high privileges (parameters_all rights) who can inject SQL through the audit configuration form; execution occurs when the audit functionality is accessed...

8.6CVSS6.2AI score0.00277EPSS
Exploits0References2
OPENSUSE Linux
OPENSUSE Linux
added 5 days ago6 views

Security update for transmission (moderate)

openSUSE Security Update: Security update for transmission Announcement ID: openSUSE-SU-2026:0237-1 Rating: moderate References: 1267404 Cross-References: CVE-2026-38978 Affected Products: openSUSE Backports SLE-15-SP7 An update that fixes one vulnerability is now available. Description: This...

5.3CVSS6.1AI score0.00305EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 5 days ago9 views

PT-2026-57009

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.1 Description An unauthenticated publish visitor can perform a UNION SELECT injection via the block search endpoint 'POST /api/search/fullTextSearchBlock'. The issue occurs because the endpoint concatenates...

7.5CVSS6.1AI score0.0038EPSS
Exploits0References8
CVE
CVE
added 6 days ago13 views

CVE-2026-58254

NATS Server (affected components: leafnode message trace destination checks) could allow a leafnode operator to send trace events to subjects that should be disallowed and use trace-only behavior to interfere with delivery/storage. Root cause: checks were applied to ordinary client connections bu...

6.5CVSS5.9AI score0.00428EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 6 days ago10 views

CVE-2026-59880

Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, Immutable.Map and Immutable.Set keep keys that share the same 32-bit hash in a HashCollisionNode collision bucket that is scanned linearly, allowing an attacker who controls keys inserted into a Map, such a...

8.7CVSS6AI score0.0037EPSS
Exploits1
RedHat Linux
RedHat Linux
added 6 days ago5 views

kernel: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr

In the Linux kernel, the following vulnerability has been resolved: ima: don't clear IMADIGSIG flag when setting or removing non-IMA xattr Currently when both IMA and EVM are in fix mode, the IMA signature will be reset to IMA hash if a program first stores IMA signature in security.ima and then...

5.8AI score0.00168EPSS
Exploits0References5
Debian CVE
Debian CVE
added 6 days ago5 views

CVE-2026-59870

js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.1, YAML11SCHEMA support for the !!omap tag in src/tag/sequence/omap.ts uses omapTag.addItem to perform a linear duplicate-key scan on every insertion, causing On^2 CPU consumption when yaml.load parses a crafted ordered-map...

7.5CVSS6.5AI score0.00358EPSS
Exploits1
OSV
OSV
added 6 days ago5 views

ROOT-APP-PYPI-CVE-2023-28370 CVE-2023-28370 in rootio-tornado - Patched by Root

Root has patched CVE-2023-28370 in the rootio-tornado package for Root:PyPI. Multiple fixed versions available...

6.1CVSS6.6AI score0.01132EPSS
Exploits0
OSV
OSV
added 6 days ago6 views

BIT-PILLOW-2026-55380 Pillow GdImageFile decompression bomb protection bypass

Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile.open read image dimensions from the GD 2.x header and stored them in self.size without calling Image.decompressionbombcheck, allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This iss...

7.5CVSS6AI score0.00361EPSS
Exploits1References4
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42151

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.17, 2.32.7, 2.33.8, and 2.34.2, Coder's subdomain-based workspace app proxy allowed the same-owner CORS check to be bypassed. When a workspace-name subdomain segment parsed as a UUID, the...

6.8CVSS6AI score0.00222EPSS
Exploits0References7
OPENSUSE Linux
OPENSUSE Linux
added 6 days ago3 views

Security update for docker-compose (important)

openSUSE security update: security update for docker-compose ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21247-1 Rating: important References: bsc1239340 bsc1239766 bsc1265782 bsc1266625 Cross-References: CVE-2025-0495 CVE-2025-22869...

9.1CVSS6.8AI score0.00868EPSS
Exploits0References4
Rows per page
Query Builder