Lucene search
+L

5822 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in ntfs-3g

In NTFS-3G, from version 2021.8.22, ntfsck has a heap-based buffer overflow issue, involving a value of buffer+5123-2. NOTE: The upstream documentation states that ntfsck is deprecated; however, it is still being distributed with some Linux distributions...

7.8CVSS7.3AI score0.00504EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.10 views

Mantis Bug Tracker(MantisBT) 访问控制错误漏洞

Mantis Bug Tracker MantisBT is an open-source bug tracker developed by Mantis Bug Tracker. Versions of Mantis Bug Tracker prior to 2.28.1 contained an access control vulnerability. This vulnerability stemmed from allowing authenticated users to upload attachments to private issues that they did n...

4.3CVSS5.8AI score0.00248EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/19 12:59 p.m.9 views

CVE-2026-42097 Authentication Bypass in Sparx Pro Cloud Server

Sparx Pro Cloud Server requires authentication based on requested URL. An attacker can omit the "model" query parameter and send the model name only in the binary blob in POST request allowing SQL query execution without authentication. The vendor was notified early about this vulnerability, but...

9.3CVSS6AI score0.00941EPSS
Exploits3References4
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.18 views

PT-2026-41893

Name of the Vulnerable Software and Affected Versions Sparx Pro Cloud Server versions 6.1 build 167 and earlier Description Authentication is required based on the requested URL. An attacker can bypass this check by omitting the model query parameter and providing the model name only within the...

9.3CVSS5.9AI score0.00941EPSS
Exploits3References9
vulnersOsv
vulnersOsv
added 2026/05/18 9:0 p.m.7 views

@antv/li-analysis-assets (>=1.0.0 <=1.9.1), @antv/li-core-assets (>=1.0.0 <=1.3.7) +3 more potentially affected by unknown CVE via @antv/li-sdk (=1.5.1)

@antv/li-sdk NPM version =1.5.1 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/li-sdk and may be impacted: - @antv/li-analysis-assets =1.0.0, =1.0.0, =1.0.0, =0.0.1, =0.0.2 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVLISDK-16754381...

5.5AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/18 9:0 p.m.6 views

base-flow (=1.0.6), cmp-graph (>=0.0.1 <=0.0.5) +11 more potentially affected by unknown CVE via @antv/g6-editor (>=1.0.8 <=1.2.0)

@antv/g6-editor NPM version =1.0.8, =0.0.1, =1.0.13, =1.0.0, =0.1.0, =1.0.0, =0.0.1, =0.1.0, =0.0.2, =0.2.5, =0.2.6 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVG6EDITOR-16754928...

5.5AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/18 9:0 p.m.7 views

qbi-charts (=1.0.17), shuyi-charts (>=1.1.1 <=1.1.27) potentially affected by unknown CVE via @antv/s2-vue (=2.2.0)

@antv/s2-vue NPM version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/s2-vue and may be impacted: - qbi-charts =1.0.17 - shuyi-charts =1.1.1, =1.1.27 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVS2VUE-16754366...

5.5AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/18 9:0 p.m.29 views

@antv/l7 (>=2.1.13 <=2.25.10), @antv/l7-component (>=2.0.0-beta.1 <=2.25.10) +13 more potentially affected by unknown CVE via @antv/l7-utils (>=2.0.0-beta.1 <=2.25.9)

@antv/l7-utils NPM version =2.0.0-beta.1, =2.1.13, =2.0.0-beta.1, =2.0.0-beta.1, =2.1.13, =2.1.13, =2.10.0, =2.1.13, =2.10.0, =2.1.13, =2.1.13, =2.1.13, =2.0.0-beta.1, =2.10.0, =1.0.0, =1.0.17, =1.0.18 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVL7UTILS-16754432...

5.5AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/18 9:0 p.m.7 views

chrisbao_package1 (>=1.0.0 <=1.0.1), dss-bloodrelation (>=1.0.0 <=1.0.6) +4 more potentially affected by unknown CVE via @antv/g6-plugins (=1.0.9)

@antv/g6-plugins NPM version =1.0.9 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/g6-plugins and may be impacted: - chrisbaopackage1 =1.0.0, =1.0.0, =0.1.0, =1.3.7, =1.1.0, =1.1.2 Source cves: unknown CVE Source advisory:...

5.5AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/18 9:0 p.m.6 views

@2nova/wu-ui (>=1.1.0 <=1.3.12), @action.sustainability/storybook-dashboard (>=0.1.1 <=0.1.5) +824 more potentially affected by unknown CVE via @antv/color-util (=2.0.6)

@antv/color-util NPM version =2.0.6 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/color-util and may be impacted: - @2nova/wu-ui =1.1.0, =0.1.1, =0.1.1, =0.1.0, =0.0.2, =0.1.2, =1.0.0, =1.1.15, =1.0.4, =0.1.5, =1.0.0, =0.0.1, =1.0.2,...

5.7AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/17 1:15 p.m.10 views

CVE-2026-8757

A vulnerability was found in adenhq hive up to 0.11.0. This affects the function readeventstail of the file core/framework/server/routessessions.py of the component Delete Request Handler. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit has...

7.5CVSS6.7AI score0.0061EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/05/17 5:0 a.m.19 views

EUVD-2026-30683

A vulnerability was determined in Oinone Pamirs up to 7.2.0. Affected by this issue is the function RSQLToSQLNodeConnector.makeVariable of the component queryListByWrapper Interface. This manipulation causes sql injection. The attack can be initiated remotely. The exploit has been publicly...

7.5CVSS5.6AI score0.00259EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.41 views

PT-2026-41585

Name of the Vulnerable Software and Affected Versions Kilo-Org kilocode versions prior to 7.0.48 Description A path traversal issue exists in the File Diff API Endpoint within the Bun.file function of the packages/opencode/src/kilocode/review/worktree-diff.ts file. A remote attacker can trigger...

5.3CVSS5.8AI score0.0058EPSS
Exploits1References6
OSV
OSV
added 2026/05/15 9:30 p.m.4 views

CVE-2026-45316 Open WebUI: Read-Only Users Can Toggle Note Pin Status via Incorrect Permission Check (Write via Read-Only Access)

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the POST /api/v1/notes/id/pin endpoint performs a write operation toggling the ispinned field but only checks for read permission. Users with read-only access to a shared note can...

3.5CVSS6AI score0.00218EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/05/15 2:13 a.m.6 views

CVE-2026-2652

A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain FastAPI routes when the server is started with authentication enabled --app-name basic-auth and served via uvicorn ASGI. The FastAPI permission middleware only enforces authentication on /gateway/...

8.6CVSS7.5AI score0.01502EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/05/15 12:0 a.m.10 views

Microsoft Power Automate for Desktop < 2.68.237.26118 Information Disclosure (May 2026)

The version of Microsoft Power Automate for desktop installed on the remote Windows host is prior to 2.68.237.26118. It is, therefore, affected by an information disclosure vulnerability: - Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker ...

6.5CVSS5.8AI score0.00868EPSS
Exploits0References2
OSV
OSV
added 2026/05/14 4:17 a.m.15 views

UBUNTU-CVE-2026-46446

SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to cpassword = '%@' in changePasswordForLogin...

7.1CVSS5.9AI score0.00239EPSS
Exploits0References7
Packet Storm
Packet Storm
added 2026/05/14 12:0 a.m.72 views

📄 PJPROJECT 2.16 Buffer Overflow

PJPROJECT versions 2.16 and below suffer from a heap buffer overflow vulnerability. Exploit Title: PJPROJECT 2.16 - Heap Bufferoverflow Google Dork: CVE-2026-25994 PJSIP PJNATH pjsip ≤ 2.16 Date: Apr 6 2026 Exploit Author: V.Nos - BinSmaser Team Vendor Homepage: https://github.com/pjsip/pjproject...

9.8CVSS6AI score0.01927EPSS
Exploits3
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.10 views

PT-2026-41049

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description A race condition in the Payments component allows a remote attacker to potentially achieve a sandbox escape by using a specially crafted HTML page. A sandbox escape is a technique used...

8.8CVSS5.8AI score0.00498EPSS
Exploits0References84
CVE
CVE
added 2026/05/13 8:30 p.m.29 views

CVE-2026-44372

CVE-2026-44372 affects Nitro, a server toolkit, with an Open Redirect via a protocol-relative URL bypass in wildcard route rules. Before the patch, a redirect rule using a wildcard could be manipulated to redirect cross-host by sliding an extra slash after the rule prefix. The issue is fixed in N...

6.1CVSS5.8AI score0.00237EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder