Lucene search
K
CvelistRecent

364798 matches found

Cvelist
Cvelist
added 2026/06/19 2:29 a.m.33 views

CVE-2026-11775 User Admin Simplifier <= 3.0.0 - Cross-Site Request Forgery

The User Admin Simplifier plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.0. This is due to missing or incorrect nonce validation on the useradminsimplifieroptionspage function. This makes it possible for unauthenticated attackers to rese...

4.3CVSS0.00128EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/19 2:26 a.m.35 views

CVE-2026-8805 Denial-of-service (DoS) vulnerability in MELSEC iQ-F Series EtherNet/IP module

Integer Overflow or Wraparound vulnerability in the EtherNet/IP function of Mitsubishi Electric MELSEC iQ-F Series FX5-EIP EtherNet/IP module FX5-EIP versions 1.000 and prior allows a remote attacker to cause a denial-of-service DoS condition in the affected product by rapidly establishing a larg...

8.7CVSS0.00379EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/19 12:0 a.m.30 views

CVE-2025-62821

Microsoft HEIF Image Extensions 1.2.22.0 has an out-of-bounds read because CHEIFItemInfoEntryGetDataSize can return success while leaving the reported data size as 0. This causes a caller to make a 1-byte allocation. Later, CopyPixels computes copysize = stride absroiheight but does not check the...

0.00823EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/19 12:0 a.m.28 views

CVE-2026-51843

Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the wanMTU parameter...

0.00384EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/19 12:0 a.m.29 views

CVE-2026-51845

Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the mac parameter...

0.00384EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/19 12:0 a.m.34 views

CVE-2026-51844

Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the cloneType parameter...

0.00384EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/19 12:0 a.m.29 views

CVE-2026-51846

In Tenda AC7 v15.03.06.44, the wanSpeed parameter of the route /goform/AdvSetMacMtuWan has a stack buffer overflow vulnerability that can lead to remote arbitrary code execution...

0.00584EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/18 11:54 p.m.44 views

CVE-2026-40624 AVer PTC cameras Files or Directories Accessible to External Parties

Improper input validation in AVer PTC500S, PTC115, PTC500+, and PTC115+ cameras may allow a remote, unauthenticated attacker to achieve arbitrary code execution via a specially crafted web request...

9.8CVSS0.00616EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/18 11:47 p.m.44 views

CVE-2026-50034 Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT Cleartext Transmission of Sensitive Information

An attacker within BLE communication range can passively intercept wireless traffic and obtain sensitive health-related information, including glucose measurement values...

7.1CVSS0.00145EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/18 11:45 p.m.35 views

CVE-2026-52866 Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT Missing Authorization

An attacker within BLE communication range can monopolize the device's only available BLE connection slot, preventing legitimate users or applications from establishing a connection...

7.1CVSS0.00222EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/18 11:37 p.m.38 views

CVE-2026-12049 pgAdmin 4: Open redirect in multi-factor authentication flow via unvalidated 'next' parameter

Open redirect in pgAdmin 4's multi-factor authentication flow. The MFA validate and register endpoints honoured the user-supplied 'next' query/form parameter without confirming the target pointed back inside pgAdmin, so an authenticated victim who clicked /mfa/validate?next= -- a link typically...

5.3CVSS0.00218EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/18 11:37 p.m.41 views

CVE-2026-12048 pgAdmin 4: Stored XSS via untrusted error and plan-node text rendered through html-react-parser

Stored cross-site scripting in pgAdmin 4's error-rendering and plan-node-rendering paths. Text returned by a PostgreSQL server ErrorResponse messages, including object names quoted back inside relation-does-not-exist errors and inside EXPLAIN Recheck Cond / Exact Heap Blocks fields was passed...

9.3CVSS0.0021EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/18 11:37 p.m.38 views

CVE-2026-12047 pgAdmin 4: HTML injection in cloud verify_credentials / deploy endpoints via unsanitised SDK exception text

HTML injection in pgAdmin 4's cloud deployment module. The verifycredentials, deploy, regions, and update-server endpoints under /rds/, /azure/, /google/, and the top-level /cloud/ blueprint propagated AWS / Azure / Google SDK exception text — and the related file-resolution and database-commit...

4.8CVSS0.00137EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/18 11:37 p.m.38 views

CVE-2026-12046 pgAdmin 4: Unauthenticated pickle deserialization in SQL Editor close / update_connection routes enables remote code execution

Two state-mutating endpoints in pgAdmin 4's SQL Editor blueprint -- DELETE /sqleditor/close/ and POST /sqleditor/initialize/sqleditor/updateconnection/// -- were the only routes in the module missing the @pgaloginrequired decorator. Both reach a pickle.loads sink on session'gridData''commandobj':...

9.5CVSS0.0071EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/18 11:37 p.m.40 views

CVE-2026-12045 pgAdmin 4: AI Assistant read-only transaction bypass allows unauthorised writes and remote code execution

Read-only transaction bypass in the pgAdmin 4 AI Assistant allows an attacker who can influence database content that the assistant reads to execute arbitrary SQL with the privileges of the pgAdmin user's database role. The AI Assistant's executesqlquery tool runs LLM-generated SQL inside a BEGIN...

9.4CVSS0.00482EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/18 11:37 p.m.36 views

CVE-2026-12050 pgAdmin 4: SQL injection in named restore point endpoint

SQL injection in pgAdmin 4's named restore point endpoint POST /browser/server/restorepoint/gid/sid. The user-supplied 'value' field was interpolated directly into the SQL string with str.format instead of being passed as a bound parameter, allowing an authenticated pgAdmin user with a connected...

5.3CVSS0.00245EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/18 11:37 p.m.38 views

CVE-2026-12044 pgAdmin 4: SQL injection in COMMENT ON ... IS '<description>' rendering across dialog templates

SQL injection in pgAdmin 4 across every dialog template that renders COMMENT ON ... IS '' for a user-supplied description field. The Jinja templates for Domains and their constraints, Foreign Tables, Languages, and Event Triggers, plus the Views OID-lookup query, interpolated the description...

8.8CVSS0.00489EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/18 10:12 p.m.18 views

CVE-2026-56078 PraisonAI - Arbitrary File Read and Write via Path Traversal in MultiAgentMonitor

PraisonAI before 1.5.115 contains a path traversal vulnerability in MultiAgentMonitor that fails to sanitize agent IDs when building file paths. Attackers can include traversal sequences like ../ in agent IDs to read, write, or overwrite arbitrary files, enabling sensitive disclosure, denial of...

8.8CVSS0.00687EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/18 10:12 p.m.20 views

CVE-2026-56076 PraisonAI - Cross-Origin Agent Execution via Hardcoded Wildcard CORS and Missing Authentication on AGUI Endpoint

PraisonAI before 1.5.128 contains a cross-origin agent execution vulnerability in the AGUI endpoint that allows remote attackers to trigger arbitrary agent execution. The POST /agui endpoint lacks authentication and hardcodes Access-Control-Allow-Origin: headers, combined with Starlette's...

8.6CVSS0.00504EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/18 10:12 p.m.23 views

CVE-2026-56077 PraisonAI - Information Disclosure via Shared MultiAgentLedger State

PraisonAI before 1.5.115 contains an information disclosure vulnerability in the MultiAgentLedger component that allows attackers to access sensitive data by registering agents with duplicate IDs. Attackers can exploit the lack of agent ID uniqueness enforcement to share ledger instances and expo...

7.1CVSS0.00256EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/18 10:12 p.m.23 views

CVE-2026-56075 PraisonAI - Arbitrary Shell Command Execution via Hardcoded Approval Mode Override

PraisonAI before 4.5.128 contains an arbitrary shell command execution vulnerability where the UI modules hardcode approvalmode to auto, overriding administrator configuration from PRAISONAPPROVALMODE environment variable. Authenticated attackers can instruct the LLM agent to execute arbitrary...

8.8CVSS0.00476EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/18 10:12 p.m.20 views

CVE-2026-56074 PraisonAI - Tool Approval Cache Bypass via Coarse-Grained Caching

PraisonAI before 1.5.128 caches tool approval decisions by tool name only, not by invocation arguments, allowing subsequent executecommand calls to bypass approval prompts. Attackers can exploit this by obtaining initial approval for a benign command, then silently exfiltrate API keys and...

6.8CVSS0.00116EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/18 9:42 p.m.23 views

CVE-2026-47647 Dynamics 365 Elevation of Privilege Vulnerability

...

9.9CVSS0.00426EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/18 9:42 p.m.23 views

CVE-2026-54130 M365 Copilot Information Disclosure Vulnerability

...

9.8CVSS0.00578EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/18 9:39 p.m.24 views

CVE-2026-32174 Azure Bot Service Elevation of Privilege Vulnerability

...

7.7CVSS0.00411EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/18 9:37 p.m.25 views

CVE-2026-47633 Microsoft Cost Management Information Disclosure Vulnerability

...

7.5CVSS0.0057EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/18 9:19 p.m.24 views

CVE-2026-8668 Hardcoded credentials in embedded content

A static credential embedded in Chef 360 prior to v1.7.0 permitted unauthenticated access to internal message queues. Queue messages contained tenant-specific identifiers. The credential has been rotated and replaced with per-tenant access in subsequent versions, eliminating this access method...

5.1CVSS0.0017EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/18 9:18 p.m.21 views

CVE-2026-8100

Impact A security issue has been identified in Chef 360 that could allow unauthorized access to protected API endpoints under specific conditions. This issue is due to improper handling of URL-encoded paths during request processing. In certain scenarios, an authenticated request may bypass...

9.4CVSS0.00401EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/18 9:12 p.m.23 views

CVE-2026-49205 phpMyFAQ: Missing userHasPermission() in 4 API write endpoints (CVE-2026-24421 Incomplete Fix)

phpMyFAQ is an open source FAQ web application. Versions prior to 4.1.4 have Missing Authorization in the API CategoryController. CVE-2026-24421 addressed this in the BackupController by adding: $this-userHasPermissionPermissionType::BACKUP. The same fix was not applied to 4 other write endpoints...

6.5CVSS0.0024EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/18 9:9 p.m.31 views

CVE-2026-54017 Open WebUI: Path traversal / SSRF in terminal server proxy via encoded path traversal

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the terminal-server reverse proxy in backend/openwebui/routers/terminals.py does not fully confine the user-controlled path segment before forwarding it to an admin-configured termin...

7.7CVSS0.00349EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/18 9:8 p.m.28 views

CVE-2026-22674 Hashgraph Guardian Stored XSS via branding companyName field

Hashgraph Guardian through 3.6.0, fixed in commit ba8c566, contains a stored cross-site scripting vulnerability that allows authenticated users with the STANDARDREGISTRY role to inject malicious scripts by submitting a crafted companyName value via the branding configuration API endpoint. Attacke...

4.8CVSS0.00177EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/18 9:1 p.m.21 views

CVE-2026-49257 mcp-pinot: Unauthenticated tool invocation via default oauth_enabled=False + host 0.0.0.0 bind

mcp-pinot is a Python-based Model Context Protocol MCP server for interacting with Apache Pinot. In versions 3.0.1 and below, mcp-pinot defaults to running an HTTP MCP server bound to 0.0.0.0:8080 with no authentication enabled. All MCP tools, including SQL query execution, schema creation, and...

10CVSS0.00498EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/18 8:52 p.m.24 views

CVE-2026-49454 Relyra SAML SignatureValue not cryptographically verified -> authentication bypass

Relyra is a strict-by-default SAML 2.0 Service Provider library for Elixir and Phoenix. Versions 1.0.0 and 1.1.0 accept forged SAML signatures because SignatureValue was not cryptographically verified before the library returned a successful authentication result. The XMLDSig trust boundary was...

9.1CVSS0.00135EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/18 8:47 p.m.21 views

CVE-2026-46699 conda-smithy vulnerable to misrouted repository invitation by conda-forge-webservices[bot] due to GitHub username takeover leading to unintended write access in conda-forge feedstock repository

conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.61.0, a vulnerability in the conda-forge automated webservices allowed unintended write access to feedstock repositories through GitHub...

7.6CVSS0.00201EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/18 8:31 p.m.22 views

CVE-2026-45696 OpenEXR HTJ2K decoder heap buffer over-read in ht_undo_impl() (DoS)

OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11, the HTJ2K High-Throughput JPEG 2000 decoder, htundoimpl in OpenEXRCore is vulnerable to a heap-buffer-overflow READ. The htundoimp...

8.3CVSS0.00263EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/18 8:20 p.m.20 views

CVE-2026-44663 OpenEXR: Integer overflow in the HTJ2K decoder leads to heap-buffer-overflow

OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11, an integer overflow in htundoimpl in src/lib/OpenEXRCore/internalht.cpp leads to a heap-buffer overflow when decoding a crafted...

6.1CVSS0.00199EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/18 8:18 p.m.22 views

CVE-2025-15661 libssh2 - Heap Buffer Over-read via sftp_symlink() in sftp.c

libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftpsymlink function in src/sftp.c that allows a malicious SSH server or man-in-the-middle attacker to disclose heap memory contents or cause a crash by sending a crafted SSHFXPNAME response...

8.3CVSS0.00267EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/18 8:1 p.m.20 views

CVE-2026-49252 deepstream is vulnerable to prototype pollution

deepstream is a server that allows clients and backend services to sync data, send messages and make rpcs at scale. Versions prior to 10.0.5 are vulnerable to Prototype Pollution. Exploitation can lead to potential privilege escalation from any authenticated user with write permission to any...

9.9CVSS0.0027EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/18 7:54 p.m.18 views

CVE-2026-49248 OneDev: RCE through absolute-path symlink following allows low-privileged users to overwrite arbitrary server via TarUtils.untar

OneDev is a Git server with CI/CD, kanban, and packages. In versions 15.0.6 and below, TarUtils.untar creates symbolic links verbatim from TAR entry getLinkName without validating whether the target is an absolute path. A subsequent file entry in the same archive traverses the symlink, writing to...

8.3CVSS0.00382EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/18 7:44 p.m.20 views

CVE-2026-43994 Coturn: Stack buffer overflow in decode_oauth_token_gcm()

Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.10.0 contain a stack buffer overflow in decodeoauthtokengcm. A uint16t noncelen field read from an attacker-supplied OAuth access token 0-65535 is passed directly to memcpy as the copy length into a 256-byte...

8.1CVSS0.0045EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/18 7:39 p.m.19 views

CVE-2026-25865 Punto Switcher 4.5.0.583 Unquoted Search Path via WinExec

Punto Switcher through 4.5.0.583 contains an unquoted search path element vulnerability that allows local attackers to execute arbitrary code by exploiting the application's call to WinExec without a fully qualified path for RunDll32.exe when invoking shell32.dll ControlRunDLL input.dll. Attacker...

8.5CVSS0.00149EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/18 7:33 p.m.21 views

CVE-2026-43915 Coturn: Stored Cross-Site Scripting (XSS) in web-admin interface via TURN username

Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.11.0 contain a stored cross-site scripting XSS vulnerability in the web-admin HTTPS interface. An attacker who can create a TURN allocation with a crafted USERNAME value can inject HTML/JavaScript that execut...

5.4CVSS0.00141EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/18 7:29 p.m.23 views

CVE-2026-56099 OpenBSD mpls_do_error Kernel Stack Memory Disclosure via MPLS Input

OpenBSD before commit 6a23123 2026-06-18 contains an out-of-bounds read vulnerability in the mplsdoerror function within sys/netmpls/mplsinput.c that allows remote attackers to disclose kernel stack memory by sending crafted MPLS frames with 16 labels and no Bottom-of-Stack bit set...

6.9CVSS0.00423EPSS
Exploits2References3
Cvelist
Cvelist
added 2026/06/18 7:26 p.m.20 views

CVE-2026-48980 pam_usb: getenv() used in PAM context allows environment variable injection into local-check logic

pamusb provides hardware authentication for Linux using removable media. In versions prior to 0.9.2, getenv environment variables XRDPSESSION, DISPLAY and TMUX allow environment variable injection into local-check logic. These environment variables influence whether a current session is local or...

6.3CVSS0.00127EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/18 7:7 p.m.17 views

CVE-2026-48983 pam_usb: TOCTOU race condition in pad directory creation allows symlink substitution

pamusb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, a symlink race condition exists in per-device and per-user pad directory creation. pamusb uses a check-then-act pattern: it calls lstat to test for existence and then calls mkdir separate...

5.8CVSS0.00084EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/18 7:1 p.m.18 views

CVE-2026-48982 pam_usb: Missing O_EXCL on pad temp file creation allows concurrent update race

pamusb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, when updating a one-time pad file, a temporary file is created using open without the OEXCL flag. Without OEXCL, the create operation is not atomic: two concurrent processes racing to...

5.8CVSS0.00088EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/18 6:55 p.m.19 views

CVE-2026-48981 pam_usb: xmlReadFile flags=0 permits XXE network entity fetching in conf.c

pamusb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, pamusb calls xmlReadFile with flags=0 when loading the configuration file, allowing libxml2 to process external entity references XXE, potentially making outbound network connections or...

6.7CVSS0.00115EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/18 6:46 p.m.16 views

CVE-2026-48716 nanobot: Path traversal via unsanitized WhatsApp document fileName enables arbitrary file write

nanobot is a personal AI assistant. In versions 0.1.5.post3 and prior, the WhatsApp bridge in bridge/src/whatsapp.ts constructs a filesystem path using the fileName field from an incoming WhatsApp document message without sanitization. The WhatsApp bridge downloads media attachments and writes th...

8.7CVSS0.00276EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/18 6:39 p.m.19 views

CVE-2026-47846

Bitnami Cassandra container images are affected by a retained default superuser vulnerability. When a custom administrator account is configured via the CASSANDRAUSER environment variable, the container initialization script creates the new superuser account but fails to drop the built-in cassand...

9.8CVSS0.00338EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/18 6:37 p.m.22 views

CVE-2026-47847

Bitnami MariaDB Galera container images and Helm chart are affected by a hardcoded default credential vulnerability in the Galera replication health-check user. The MARIADBREPLICATIONUSER and MARIADBREPLICATIONPASSWORD environment variables defaulted to monitor and monitor respectively. This user...

5.3CVSS0.00187EPSS
Exploits0References1
Total number of security vulnerabilities364798