Lucene search
K

38452 matches found

OSV
OSV
added 2026/03/20 4:52 a.m.5 views

CVE-2026-33017 Langflow has Unauthenticated Remote Code Execution via Public Flow Build Endpoint

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/buildpublictmp/flowid/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses...

9.3CVSS6.3AI score0.98412EPSS
Exploits16References10
Vulnrichment
Vulnrichment
added 2026/03/20 4:24 a.m.2 views

CVE-2026-32953 Tillitis: TKey Client has an Error in Protocol Implementation

Tillitis TKey Client package is a Go package for a TKey client. Versions 1.2.0 and below contain a critical bug in the tkeyclient Go module which causes 1 out of every 256 User Supplied Secrets USS to be silently ignored, producing the same Compound Device Identifier CDI—and thus the same key...

4.7CVSS5.9AI score0.00246EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/20 4:24 a.m.5 views

CVE-2026-32953

Tillitis TKey Client package is a Go package for a TKey client. Versions 1.2.0 and below contain a critical bug in the tkeyclient Go module which causes 1 out of every 256 User Supplied Secrets USS to be silently ignored, producing the same Compound Device Identifier CDI—and thus the same key...

4.7CVSS5.9AI score0.00246EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/20 4:8 a.m.5 views

CVE-2026-32949 SQLBot: SSRF to Arbitrary File Read (AFR) via Rogue MySQL

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a Server-Side Request Forgery SSRF vulnerability that allows an attacker to retrieve arbitrary system and application files from the server. An attacker can exploit the...

8.7CVSS6AI score0.00427EPSS
Exploits1References5
CVE
CVE
added 2026/03/20 4:3 a.m.17 views

CVE-2026-32947

Harden-Runner (CI/CD security agent for GitHub Actions runners) versions 2.15.1 and earlier are affected by a DNS over HTTPS (DoH) vulnerability that enables data exfiltration through permitted HTTPS endpoints by encoding data (e.g., hostname) in DoH subdomains. The attack requires the attacker t...

4.9CVSS6.2AI score0.00305EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/20 2:23 a.m.13 views

CVE-2026-32889

Tinytag (Python) version 2.2.0 is affected by a Denial of Service via a non-terminating SYLT frame parsing loop when processing attacker-supplied MP3s. The root cause is in _parse_synced_lyrics/_find_string_end_pos where an absent string terminator can cause the parser to reset its offset and nev...

6.5CVSS5.7AI score0.0041EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/20 2:16 a.m.4 views

DEBIAN-CVE-2026-32874

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.4.0 through 5.11.0 contain an accumulating memory leak in JSON parsing large outside of the range -2^63, 2^64 - 1 integers. The leaked memory is a copy of the string form of the integer plus a...

7.5CVSS5.3AI score0.00479EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/20 1:26 a.m.3 views

CVE-2026-32711

pydicom is a pure Python package for working with DICOM files. Versions 2.0.0-rc.1 through 3.0.1 are vulnerable to Path Traversal through a maliciously crafted DICOMDIR ReferencedFileID when it is set to a path outside the File-set root. pydicom resolves the path only to confirm that it exists, b...

7.8CVSS5.8AI score0.00279EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/20 1:4 a.m.2 views

CVE-2026-32880

ChurchCRM is an open-source church management system. Versions prior to 7.0.2 allow an admin user to edit JSON type system settings to store a JavaScript payload that can execute when any admin views the system settings. The JSON input is left unescaped/unsanitized in SystemSettings.php, leading ...

6.4CVSS5.8AI score0.0032EPSS
Exploits1References2Affected Software1
vulnersOsv
vulnersOsv
added 2026/03/20 12:31 a.m.6 views

ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (>=0.2.0 <=0.28.0), ai.ancf.lmos:arc-graphql-spring-boot-starter (>=0.1.1 <=0.112.0) +1641 more potentially affected by CVE-2026-22737 via org.springframework:spring-webflux (>=6.0.0 <=6.1.21)

org.springframework:spring-webflux MAVEN version =6.0.0, =0.2.0, =0.1.1, =0.1.1, =0.0.4, =0.1.0, =0.6.0, =0.6.0, =0.2.2, =0.0.6, =0.0.6, =4.5.0, =1.2.0, =1.3.0 and more Source cves: CVE-2026-22737 Source advisory: OSV:GHSA-4773-3JFM-QMX3...

5.9CVSS6AI score0.00385EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/03/20 12:25 a.m.4 views

SUSE CVE-2026-28500

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass exists in onnx.hub.load due to improper logic in the repository trust verification mechanism. While the function is designed to warn users...

9.1CVSS5.8AI score0.00318EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.9 views

itsourcecode Online Frozen Foods Ordering System SQL注入漏洞

itsourcecode Online Frozen Foods Ordering System is an open-source online frozen food ordering system developed by itsourcecode. Version 1.0 of the system has a SQL injection vulnerability, which arises from incorrect handling of the parameter productname in the file admin/admin/editmenuaction.ph...

9.8CVSS5.8AI score0.00327EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2026/03/20 12:0 a.m.5 views

CVE-2026-23274

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtIDLETIMER: reject rev0 reuse of ALARM timer labels IDLETIMER revision 0 rules reuse existing timers by label and always call modtimer on timer-timer. If the label was created first by revision 1 with XTIDLETIMERALARM...

7.8CVSS5.7AI score0.00123EPSS
Exploits0References19
Tenable Nessus
Tenable Nessus
added 2026/03/20 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-23266

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fbdev: rivafb: fix divide error in nv3arb A userspace program can trigger the RIVA NV3 arbitration code by calling the FBIOPUTVSCREENINFO ioctl on /dev/fb. When...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/20 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-4159

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - 1-byte OOB heap read in wcPKCS7DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte...

3.3CVSS5.8AI score0.00095EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.11 views

AWStats 安全漏洞

AWStats is a log analysis tool developed by eldy, a personal developer. This software supports the analysis of web site logs on all operating systems such as IIS 5.0 and Apache. It can analyze logs from web, WAP, proxy, streaming servers, FTP, and mail servers. AWStats 8.0 has a security...

7.8CVSS5.7AI score0.01046EPSS
Exploits1References3
Packet Storm News
Packet Storm News
added 2026/03/20 12:0 a.m.17 views

NASimJax: GPU-Accelerated Policy Learning Framework for Penetration Testing

Penetration testing, the practice of simulating cyberattacks to identify vulnerabilities, is a complex sequential decision-making task that is inherently partially observable and features large action spaces. Training reinforcement learning RL policies for this domain faces a fundamental...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.3 views

PT-2026-26653

A vulnerability was identified in atjiu pybbs 6.0.0. This affects the function create of the file src/main/java/co/yiiu/pybbs/controller/api/TopicApiController.java. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available a...

5.1CVSS4.1AI score0.00295EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.5 views

Zimbra Collaboration Suite(ZCS) 安全漏洞

Zimbra Collaboration Suite ZCS is an open-source collaboration suite developed by Zimbra Corporation. This product includes features such as WebMail, calendars, and contact management. Both the Zimbra Collaboration Suite 10.0 and 10.1 versions contained security vulnerabilities. These...

6.1CVSS5.7AI score0.00223EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.4 views

PT-2026-26562

AVideo is a video-sharing Platform. Versions prior to 8.0 contain a SQL Injection vulnerability in the getSqlFromPost method of Object.php. The $ POST'sort' array keys are used directly as SQL column identifiers inside an ORDER BY clause. Although real escape string was applied, it only escapes...

8.6CVSS5.8AI score0.00398EPSS
Exploits0References3
Rows per page
Query Builder