Lucene search
K
CvelistMost viewed

364903 matches found

Cvelist
Cvelist
•added 2026/05/05 3:45 p.m.•54 views

CVE-2026-7845 chatchat-space Langchain-Chatchat Vision Chat Paste Image dialogue.py PIL.Image.tobytes weak hash

A flaw has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. This issue affects the function PIL.Image.tobytes of the file libs/chatchat-server/chatchat/webuipages/dialogue/dialogue.py of the component Vision Chat Paste Image Handler. This manipulation of the argument...

2.6CVSS0.0014EPSS
Exploits0References6
Cvelist
Cvelist
•added 2026/05/05 3:28 p.m.•54 views

CVE-2025-61669 jupyter_server next parameter open redirect can redirect users to external domains

Jupyter Server is the backend for Jupyter web applications. In jupyterserver versions through 2.17.0, the next query parameter in the login flow is insufficiently validated in LoginFormHandler.redirectsafe, which allows redirects to arbitrary external domains via values such as ///example.com. An...

6.3CVSS0.00265EPSS
Exploits1References1
Cvelist
Cvelist
•added 2026/05/05 7:49 a.m.•54 views

CVE-2026-43868 Apache Thrift: Rust implementation vulnerable to CVE-2020-13949 pattern

Memory Allocation with Excessive Size Value vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

0.00665EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/05/05 2:26 a.m.•54 views

CVE-2026-6704 Blog Settings <= 1.0 - Reflected Cross-Site Scripting via 'page' Parameter

The Blog Settings plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

6.1CVSS0.00211EPSS
Exploits0References4
Cvelist
Cvelist
•added 2026/05/05 12:0 a.m.•54 views

CVE-2026-39103

Buffer Overflow vulnerability in GPAC before commit v391dc7f4d234988ea0bc3cc294eb725eddf8f702 allows an attacker to cause a denial of service via the src/scenegraph/svgattributes.c, svgparsestrings, gfsvgparseattribute...

0.00111EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/05/04 3:0 a.m.•54 views

CVE-2026-7725 PrefectHQ prefect GitRepository Pull storage.py argument injection

A vulnerability was found in PrefectHQ prefect up to 3.6.25.dev6. Affected by this issue is some unknown functionality of the file src/prefect/runner/storage.py of the component GitRepository Pull Handler. The manipulation of the argument commitsha/directories results in argument injection. It is...

6.5CVSS0.00247EPSS
Exploits0References8
Cvelist
Cvelist
•added 2026/05/04 12:39 a.m.•54 views

CVE-2026-7161 GeoVision GV-IP Device Utility Device Authentication insufficient encryption vulnerability

An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. When interacting with variou...

9.3CVSS0.00214EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/05/02 10:15 p.m.•54 views

CVE-2026-7670 Jinher OA UserSel.aspx sql injection

A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSummarize/UserSel.aspx. This manipulation of the argument DeptIDList causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may b...

7.5CVSS0.00259EPSS
Exploits0References4
Cvelist
Cvelist
•added 2026/04/27 8:46 p.m.•54 views

CVE-2026-3087 shutil.unpack_archive() doesn't check for Windows absolute paths in ZIPs

If shutil.unpackarchive is given a ZIP archive with an absolute Windows path containing a drive C:\... then the archive will be extracted outside the target directory which is different than other operating systems. Only Windows is affected by this vulnerability...

6CVSS0.00531EPSS
Exploits1References10
Cvelist
Cvelist
•added 2026/04/24 6:29 p.m.•54 views

CVE-2026-41492 Unauthenticated Admin Token Disclosure Leading to Authentication Bypass via /debug/vars in Dgraph

Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, Dgraphl exposes the process command line through the unauthenticated /debug/vars endpoint on Alpha. Because the admin token is commonly supplied via the --security "token=..." startup flag, an unauthenticated attacker can...

9.8CVSS0.02187EPSS
Exploits1References2
Cvelist
Cvelist
•added 2026/04/10 12:0 a.m.•54 views

CVE-2026-40200

An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms o...

8.1CVSS0.00128EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/04/09 5:57 p.m.•54 views

CVE-2026-39911 Hashgraph Guardian 3.5.1 Unsandboxed JavaScript Execution RCE

Hashgraph Guardian through version 3.5.1, fixed in commit 45fbe2f, contains an unsandboxed JavaScript execution vulnerability in the Custom Logic policy block worker that allows authenticated Standard Registry users to execute arbitrary code by passing user-supplied JavaScript expressions directl...

8.8CVSS0.00545EPSS
Exploits0References3
Cvelist
Cvelist
•added 2026/04/07 7:50 a.m.•54 views

CVE-2026-34197 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations o...

0.96666EPSS
Exploits13References1
Cvelist
Cvelist
•added 2026/04/01 1:18 p.m.•54 views

CVE-2026-35091 Corosync: corosync: denial of service and information disclosure via crafted udp packet

A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol UDP packet. This can lead to an out-of-bounds read, causing a denial of service...

8.2CVSS0.00867EPSS
Exploits1References17
Cvelist
Cvelist
•added 2026/03/27 9:8 p.m.•54 views

CVE-2026-33939 Handlebars.js has Denial of Service via Malformed Decorator Syntax in Template Compilation

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, when a Handlebars template contains decorator syntax referencing an unregistered decorator e.g. n, the compiled template calls lookupPropertydecorators, "n", which returns undefined. Th...

7.5CVSS0.00616EPSS
Exploits1References3
Cvelist
Cvelist
•added 2026/03/20 10:23 p.m.•54 views

CVE-2026-33186 gRPC-Go has an authorization bypass via missing leading slash in :path

gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted the mandatory...

9.1CVSS0.01557EPSS
Exploits1References1
Cvelist
Cvelist
•added 2026/03/20 4:52 a.m.•54 views

CVE-2026-33017 Langflow has Unauthenticated Remote Code Execution via Public Flow Build Endpoint

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/buildpublictmp/flowid/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses...

9.3CVSS0.98191EPSS
Exploits20References3
Cvelist
Cvelist
•added 2026/03/06 9:11 a.m.•54 views

CVE-2026-3589 WooCommerce < 10.5.3 - Arbitrary Admin User Creation via CSRF

The WooCommerce WordPress plugin from versions 5.4.0 to 10.5.2 does not properly handle batch requests, which could allow unauthenticated users to make a logged in admin call non store/WC REST endpoints, and create arbitrary admin users via a CSRF attack for example...

0.00126EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/03/05 5:53 a.m.•54 views

CVE-2025-69411 WordPress ionCube tester plus plugin <= 1.3 - Arbitrary File Download vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Robert Seyfriedsberger ionCube tester plus ioncube-tester-plus allows Path Traversal.This issue affects ionCube tester plus: from n/a through = 1.3...

7.5CVSS0.01609EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/02/23 8:33 p.m.•54 views

CVE-2026-23693 ElementsKit Elementor Addons < 3.7.9 Unauthenticated Mailchimp REST Endpoint

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor elementskit-lite WordPress plugin versions prior to 3.7.9 expose the REST endpoint /wp-json/elementskit/v1/widget/mailchimp/subscribe without authentication. The endpoint accepts client-supplied Mailchimp API...

10CVSS0.00384EPSS
Exploits0References3
Cvelist
Cvelist
•added 2026/02/13 6:27 p.m.•54 views

CVE-2026-2441

Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

0.2202EPSS
Exploits12References2
Cvelist
Cvelist
•added 2026/02/13 1:29 p.m.•54 views

CVE-2026-23112 nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds checks in nvmettcpbuildpduiovec nvmettcpbuildpduiovec could walk past cmd-req.sg when a PDU length or offset exceeds sgcnt and then use bogus sg-length/offset values, leading to copytoiter GPF/KASAN. Guard...

9.8CVSS0.00399EPSS
Exploits0References7
Cvelist
Cvelist
•added 2026/01/29 9:33 p.m.•54 views

CVE-2026-1340

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution...

9.8CVSS0.8404EPSS
Exploits6References1
Cvelist
Cvelist
•added 2026/01/06 3:52 p.m.•54 views

CVE-2020-36915 Adtec Digital SignEdje Digital Signage Player v2.08.28 Default Credentials

Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access and execute system commands across multiple Adtec...

8.7CVSS0.0033EPSS
Exploits1References6
Cvelist
Cvelist
•added 2025/12/30 10:41 p.m.•54 views

CVE-2023-54327 Tinycontrol LAN Controller 1.58a Authentication Bypass via Admin Password Change

Tinycontrol LAN Controller 1.58a contains an authentication bypass vulnerability that allows unauthenticated attackers to change admin passwords through a crafted API request. Attackers can exploit the /stm.cgi endpoint with a specially crafted authentication parameter to disable access controls...

9.8CVSS0.00621EPSS
Exploits2References4
Cvelist
Cvelist
•added 2025/12/24 7:28 p.m.•54 views

CVE-2019-25257 LogicalDOC Enterprise 7.7.4 Authenticated Command Execution via Binary Path Manipulation

LogicalDOC Enterprise 7.7.4 contains multiple authenticated OS command execution vulnerabilities that allow attackers to manipulate binary paths when changing system settings. Attackers can exploit these vulnerabilities by modifying configuration parameters like antivirus.command,...

8.7CVSS0.0035EPSS
Exploits1References3
Cvelist
Cvelist
•added 2025/10/27 5:29 p.m.•54 views

CVE-2025-55752 Apache Tomcat: Directory traversal via rewrite with possible RCE if PUT is enabled

Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the...

0.66535EPSS
Exploits4References1
Cvelist
Cvelist
•added 2025/08/28 7:36 p.m.•54 views

CVE-2025-6203 Vault unauthenticated denial of service through complex json payload

A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU consumption of Vault. This may lead to a timeout in Vault’s auditing subroutine, potentially resulting in the Vault server to become...

7.5CVSS0.00697EPSS
Exploits0References1
Cvelist
Cvelist
•added 2025/08/19 12:0 a.m.•54 views

CVE-2025-50579

A CORS misconfiguration in Nginx Proxy Manager v2.12.3 allows unauthorized domains to access sensitive data, particularly JWT tokens, due to improper validation of the Origin header. This misconfiguration enables attackers to intercept tokens using a simple browser script and exfiltrate them to a...

0.00356EPSS
Exploits0References2
Cvelist
Cvelist
•added 2025/06/10 4:23 a.m.•54 views

CVE-2025-3076 Elementor Pro <= 3.29.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘buttontext’ parameter in all versions up to, and including, 3.29.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00169EPSS
Exploits0References2
Cvelist
Cvelist
•added 2025/05/30 5:37 p.m.•54 views

CVE-2025-5054 Race Condition in Canonical Apport

Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function checkglobalpidandforward, which detects if the crashing process resided in a container, was being called...

4.7CVSS0.00668EPSS
Exploits2References3
Cvelist
Cvelist
•added 2025/05/29 3:18 p.m.•54 views

CVE-2025-48472 FreeScout Vulnerable to Insufficient Authorization

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, there is no check to ensure that the user is disabling notifications for the mailbox to which they already have access. Moreover, the code explicitly implements functionality that if the user does not have...

6.9CVSS0.00351EPSS
Exploits1References2
Cvelist
Cvelist
•added 2025/05/01 6:42 p.m.•54 views

CVE-2025-35996 KUNBUS Revolution Pi Improper Neutralization of Server-Side Includes (SSI) Within a Web Page

KUNBUS PiCtory version 2.11.1 and earlier are vulnerable when an authenticated remote attacker crafts a special filename that can be stored by API endpoints. That filename is later transmitted to the client in order to show a list of configuration files. Due to a missing escape or sanitization, t...

9CVSS0.12107EPSS
Exploits0References2
Cvelist
Cvelist
•added 2025/04/30 2:54 p.m.•54 views

CVE-2025-32972 The lesscss script service allows cache clearing without programming right

XWiki is a generic wiki platform. In versions starting from 6.1-milestone-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the script API of the LESS compiler in XWiki is incorrectly checking for rights when calling the cache cleaning API, makin...

2.7CVSS0.00412EPSS
Exploits0References3
Cvelist
Cvelist
•added 2025/04/29 4:9 p.m.•54 views

CVE-2025-23179 Ribbon Communications - CWE-798: Use of Hard-coded Credentials

CWE-798: Use of Hard-coded Credentials...

5.5CVSS0.00157EPSS
Exploits0References1
Cvelist
Cvelist
•added 2025/04/24 8:23 a.m.•54 views

CVE-2025-3776 Verification SMS with TargetSMS <= 1.5 - Unauthenticated Limited Remote Code Execution

The Verification SMS with TargetSMS plugin for WordPress is vulnerable to limited Remote Code Execution in all versions up to, and including, 1.5 via the 'targetvrajaxhandler' function. This is due to a lack of validation on the type of function that can be called. This makes it possible for...

8.3CVSS0.00745EPSS
Exploits1References3
Cvelist
Cvelist
•added 2025/04/16 9:0 a.m.•54 views

CVE-2025-3678 PCMan FTP Server HELP Command buffer overflow

A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. This issue affects some unknown processing of the component HELP Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the...

7.5CVSS0.00658EPSS
Exploits1References4
Cvelist
Cvelist
•added 2025/04/08 8:4 p.m.•54 views

CVE-2025-22871 Request smuggling due to acceptance of invalid chunked data in net/http

The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext...

0.00778EPSS
Exploits0References4
Cvelist
Cvelist
•added 2025/04/08 5:23 p.m.•54 views

CVE-2025-29822 Microsoft OneNote Security Feature Bypass Vulnerability

...

7.8CVSS0.00783EPSS
Exploits0References1
Cvelist
Cvelist
•added 2025/03/14 8:31 p.m.•54 views

CVE-2025-2308 HDF5 Scale-Offset Filter H5Z__scaleoffset_decompress_one_byte heap-based overflow

A vulnerability, which was classified as critical, was found in HDF5 1.14.6. This affects the function H5Zscaleoffsetdecompressonebyte of the component Scale-Offset Filter. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed...

5.3CVSS0.00364EPSS
Exploits1References4
Cvelist
Cvelist
•added 2025/02/28 9:2 p.m.•54 views

CVE-2025-27413 PwnDoc Arbitrary File Write to RCE using Path Traversal in template update from backup templates.json

PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality allows an administrator to import raw data into the database, including Path Traversal ../ sequences. This is problematic for the template update functionality as it uses the path from the...

6.5CVSS0.01079EPSS
Exploits1References6
Cvelist
Cvelist
•added 2025/02/19 4:42 p.m.•54 views

CVE-2025-27089 Overlapping policies allow update to non-allowed fields in directus

Directus is a real-time API and App dashboard for managing SQL database content. In affected versions if there are two overlapping policies for the update action that allow access to different fields, instead of correctly checking access permissions against the item they apply for the user is...

5.4CVSS0.0022EPSS
Exploits0References2
Cvelist
Cvelist
•added 2025/02/03 12:0 a.m.•54 views

CVE-2025-25063

An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It does not sufficiently validate uploaded SVG images to ensure they do not contain potentially dangerous SVG tags. SVG images can contain clickable links and executable scripting, and using a crafted SVG, ...

4.4CVSS0.00193EPSS
Exploits0References1
Cvelist
Cvelist
•added 2025/01/29 8:30 p.m.•54 views

CVE-2025-24795 The Snowflake Connector for Python uses insecure cache files permissions

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. On Linux systems, when temporary credential...

4.4CVSS0.00137EPSS
Exploits0References2
Cvelist
Cvelist
•added 2025/01/10 3:29 p.m.•54 views

CVE-2025-22599 WeGIA has a Cross-Site Scripting (XSS) Reflected endpoint `home.php` parameter `msg_c`

WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the home.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msgc parameter. This vulnerability is fixed in 3.2.8...

6.4CVSS0.00393EPSS
Exploits1References1
Cvelist
Cvelist
•added 2024/12/17 5:28 p.m.•54 views

CVE-2024-42194 HCL BigFix Inventory is affected by an access control vulnerability

An improper handling of insufficient permissions or privileges affects HCL BigFix Inventory. An attacker having access via a read-only account can possibly change certain configuration parameters by crafting a specific REST API call...

3.1CVSS0.00257EPSS
Exploits0References1
Cvelist
Cvelist
•added 2024/12/16 8:2 p.m.•54 views

CVE-2024-55949 Privilege escalation in IAM import API in MinIO

MinIO is a high-performance, S3 compatible object store, open sourced under GNU AGPLv3 license. Minio is subject to a privilege escalation in IAM import API, all users are impacted since MinIO commit 580d9db85e04f1b63cc2909af50f0ed08afa965f. This issue has been addressed in commit...

9.3CVSS0.00716EPSS
Exploits0References4
Cvelist
Cvelist
•added 2024/12/10 8:6 p.m.•54 views

CVE-2024-49105 Remote Desktop Client Remote Code Execution Vulnerability

...

8.4CVSS0.01507EPSS
Exploits0References1
Cvelist
Cvelist
•added 2024/12/10 5:49 p.m.•54 views

CVE-2024-49095 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability

...

7CVSS0.00438EPSS
Exploits0References1
Cvelist
Cvelist
•added 2024/12/10 5:12 p.m.•54 views

CVE-2024-53866 pnpm vulnerable to no-script global cache poisoning via overrides / `ignore-scripts` evasion

The package manager pnpm prior to version 9.15.0 seems to mishandle overrides and global cache: Overrides from one workspace leak into npm metadata saved in global cache; npm metadata from global cache affects other workspaces; and installs by default don't revalidate the data including on first...

5.8CVSS0.00942EPSS
Exploits1References2
Total number of security vulnerabilities5000