Lucene search
K

1063 matches found

NVD
NVD
added 2026/03/06 4:16 a.m.9 views

CVE-2026-27807

MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs allows course instructors to upload YAML files to create/update various entities e.g., assignment settings. These YAML files are parsed with aliases enabled. This issue has been patch...

4.9CVSS0.00284EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.8 views

OliveTin 安全漏洞

OliveTin is an open-source web application developed by OliveTin. Versions of OliveTin prior to 3.00.11.1 contained security vulnerabilities. These vulnerabilities were caused by authentication context confusion in the RestartAction, which could allow low-privilege verified users to perform...

5.3CVSS7.3AI score0.00414EPSS
Exploits1References4
OSV
OSV
added 2026/03/01 6:45 a.m.4 views

MAL-2026-1094 Malicious code in dc-web-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b4a9ee6e67e1a649fe34c92b180cb1de89af4ac592d918fd7806dcc7aeccb53 The package dc-web-app was found to contain malicious code. Source: ghsa-malware eb1d0c37e10d0f166990673f475cf3b1686c9f8b8ffd25199d48e3ddc45edb85 Any...

5.7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/01 6:45 a.m.10 views

Malicious code in dc-web-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b4a9ee6e67e1a649fe34c92b180cb1de89af4ac592d918fd7806dcc7aeccb53 The package dc-web-app was found to contain malicious code. Source: ghsa-malware eb1d0c37e10d0f166990673f475cf3b1686c9f8b8ffd25199d48e3ddc45edb85 Any...

5.7AI score
Exploits0References1
Malwarebytes
Malwarebytes
added 2026/02/27 11:29 a.m.36 views

Inside a fake Google security check that becomes a browser RAT

A website styled to resemble a Google Account security page is distributing what may be one of the most fully featured browser-based surveillance toolkits we have observed in the wild. Disguised as a routine security checkup, it walks victims through a four-step flow that grants the attacker push...

6.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/02/27 10:14 a.m.10 views

CVE-2026-1697

The Secure and SameSite attribute are missing in the GraphicalData web services and WebClient web app of PcVue in version 12.0.0 through 16.3.3 included...

6.5CVSS5.9AI score0.00117EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.11 views

PT-2026-22402

Name of the Vulnerable Software and Affected Versions Canarytokens versions prior to sha-7ff0e12 Description The Canarytokens PWA Canarytoken has a Self Cross-Site Scripting issue. A Canarytoken creator can execute Javascript code by inserting it into the title field of their PWA token. This allo...

5.3CVSS6AI score0.00397EPSS
Exploits0References3
CVE
CVE
added 2026/02/26 7:57 a.m.25 views

CVE-2026-1697

CVE-2026-1697 affects PcVue components: GraphicalData web services and the WebClient web app, across versions 12.0.0 through 16.3.3. The underlying issue is the use of unsecure cookies due to missing Secure and SameSite attributes, enabling potential cookie exposure. Metrics show a Network-attack...

6.5CVSS5.3AI score0.00117EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/02/26 12:0 a.m.9 views

Manyfold 安全漏洞

Manyfold is a self-hosted web application developed by Manyfold OpenSource. Versions of Manyfold prior to 0.133.1 contained a security vulnerability, which was caused by the getmodel method in the ModelFilesController bypassing Pundit authorization...

6.5CVSS5.8AI score0.00265EPSS
Exploits1References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/24 4:56 p.m.10 views

Malicious code in @ai-studio-web/app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a29e5e23697b695bdd456d100ba49a1ef5c6f4450b46672dedcd164a073e8eb The package @ai-studio-web/app was found to contain malicious code. Source: ghsa-malware...

5.9AI score
Exploits0References1
Wolfi
Wolfi
added 2026/02/20 7:48 p.m.5 views

CVE-2026-27205 vulnerabilities

Vulnerabilities for packages: airflow, open-webui, mitmproxy, kubeflow-volumes-web-app, mlflow, emissary...

4.3CVSS6.1AI score0.00374EPSS
Exploits0
Wolfi
Wolfi
added 2026/02/20 7:48 p.m.4 views

GHSA-29VQ-49WR-VM6X vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server, airflow, open-webui, tensorflow-cpu-jupyter, kubeflow-volumes-web-app, mlflow, emissary, superset...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/02/20 7:17 p.m.7 views

CVE-2026-27199 vulnerabilities

Vulnerabilities for packages: emissary, airflow-core, mlflow, open-webui, localstack, superset, tensorflow-gpu-jupyter, tensorflow-cpu-jupyter, airflow, kubeflow-pipelines-visualization-server, kubeflow-volumes-web-app, litellm, azure-functions-python-worker...

6.3CVSS6.1AI score0.00556EPSS
Exploits1
Chainguard
Chainguard
added 2026/02/20 7:17 p.m.8 views

CVE-2026-27205 vulnerabilities

Vulnerabilities for packages: emissary, airflow-core, mlflow, open-webui, airflow, kubeflow-volumes-web-app, mitmproxy...

4.3CVSS6.1AI score0.00374EPSS
Exploits0
Chainguard
Chainguard
added 2026/02/20 7:17 p.m.5 views

GHSA-68RP-WP8R-4726 vulnerabilities

Vulnerabilities for packages: emissary, airflow-core, mlflow, open-webui, airflow, kubeflow-volumes-web-app, mitmproxy...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/02/20 7:17 p.m.6 views

GHSA-29VQ-49WR-VM6X vulnerabilities

Vulnerabilities for packages: emissary, airflow-core, mlflow, open-webui, localstack, superset, tensorflow-gpu-jupyter, tensorflow-cpu-jupyter, airflow, kubeflow-pipelines-visualization-server, kubeflow-volumes-web-app, litellm, azure-functions-python-worker...

6.1AI score
Exploits0
NVD
NVD
added 2026/02/19 6:24 p.m.7 views

CVE-2026-23616

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Anti-Spoofing configuration page. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$AntiSpoofingGeneral1$TxtSmtpDesc parameter to...

5.4CVSS0.00173EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/10 7:23 p.m.5 views

CVE-2026-25057

MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, instructors are able to upload a zip file to create an assignment from an exported configuration courses//assignments/uploadconfigfiles. The uploaded zip file entry names are used to create paths to...

9.1CVSS5.5AI score0.00469EPSS
Exploits0References1
NVD
NVD
added 2026/02/09 8:15 p.m.6 views

CVE-2026-25057

MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, instructors are able to upload a zip file to create an assignment from an exported configuration courses//assignments/uploadconfigfiles. The uploaded zip file entry names are used to create paths to...

9.1CVSS0.00469EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/09 6:39 p.m.4 views

CVE-2026-24900

MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, the courses//assignments//submissions/htmlcontent accepted a selectfileid parameter to serve SubmissionFile objects containing a record of files submitted by students. This parameter was not correct...

6.5CVSS5.7AI score0.00251EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder