Lucene search
K
CvelistRecent

363394 matches found

Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-58171 Vibe-Trading < 0.1.10 - Path Traversal via Swarm Run Identifier

Vibe-Trading before 0.1.10 constructs the swarm run directory by joining a caller-supplied run identifier onto the runs base directory without validation in rundir agent/src/swarm/store.py. A crafted run identifier supplied through the MCP swarm tools causes the application to read arbitrary...

4.2CVSS0.00253EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-58170 Vibe-Trading < 0.1.10 - Path Traversal in Proposal Identifier Allows Forging Live Trading Mandates

Vibe-Trading before 0.1.10 builds the proposal file path by joining a caller-supplied proposal identifier onto the broker proposals directory without sanitization agent/src/live/mandate/commit.py. A proposal identifier containing path traversal sequences causes the application to load an...

8.3CVSS0.00416EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-58169 Vibe-Trading < 0.1.10 - Loopback Trust and Missing Host Validation Enable DNS-Rebinding Authentication Bypass and Remote Code Execution

Vibe-Trading before 0.1.10 contains a DNS rebinding authentication bypass vulnerability that allows remote attackers to bypass bearer-token authentication by exploiting the server's trust of TCP peer addresses for loopback clients combined with missing Host header validation while binding to...

7.7CVSS0.00286EPSS
Exploits0References7
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-58168 DeepTutor < 1.4.10 - Insecure Default Grants Unrestricted MCP Tool Access to Non-Admin Users

DeepTutor before version 1.4.10 contains an authorization bypass vulnerability that allows low-privilege users to invoke unrestricted MCP tools due to the allowedmcptools function returning None instead of a denied result when mcptools is omitted from a user's grant in...

8.8CVSS0.00412EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-58167 Nightingale < 9.0.0-beta.2 - Datasource Credential Disclosure to Low-Privilege Users

Nightingale n9e before 9.0.0-beta.2 exposes full datasource configurations, including plaintext database passwords, HTTP bearer tokens, HTTP basic-auth passwords, and mTLS client keys, to any authenticated low-privilege Standard role user through POST /api/n9e/datasource/list. The route is...

7.1CVSS0.00238EPSS
Exploits0References5
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-58166 OpenBMB ChatDev - Unauthenticated Path Traversal in Upload Handler Allows Arbitrary File Write and Delete

OpenBMB ChatDev through 2.2.0, fixed in commit 4fd4da6, contains a path traversal vulnerability that allows unauthenticated remote attackers to write or delete arbitrary files by supplying a malicious multipart filename in the file upload endpoint. Attackers can send a crafted filename containing...

9.1CVSS0.00628EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-10652 Out-of-bounds read in Zephyr DNS resolver TXT/SRV record parsing (unvalidated `rdlength`)

Zephyr's DNS resolver subsys/net/lib/dns parses resource records from DNS responses in dnsunpackanswer, which validated only the fixed RR header type, class, TTL, rdlength and accepted any attacker-declared rdlength, including one extending past the end of the received datagram. The TXT and SRV...

4.8CVSS0.00203EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-58165 OpenZiti - Privilege Escalation to Admin via Unauthorized Enrollment Creation

OpenZiti through 2.0.0, fixed in commit 3027fdf, contains a privilege escalation vulnerability that allows authenticated non-admin identities with fine-grained enrollment management permissions to create enrollments for any identity, including the default administrator, because the ApplyCreate...

8.8CVSS0.00244EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-13455 PostgreSQL Anonymizer: Unrestricted function can leak the secret salt

PostgreSQL Anonymizer contains a vulnerability that allows unprivileged masked users to repeatedly call the anon.hash function and collects seed, hashoutput pairs to perform an offline brute-force attack and deduce the salt. The problem is resolved in PostgreSQL Anonymizer 3.1.2 and later version...

4.3CVSS0.00118EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago30 views

CVE-2026-44948 Path Traversal in Rancher Fleet ImageScan GitRepo Path Handler

A path traversal vulnerability was found in Fleet's ImageScan subsystem in Rancher Fleet 0.12.0 up to 0.12.16, 0.13.0 up to 0.13.12, 0.14.0 up to 0.14.7 and 0.15.0 up to 0.15.3 could be used to traverse outside of the intended directory, causing a denial of service...

5.3CVSS0.00292EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-48315 ColdFusion | Improper Input Validation (CWE-20)

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gainin...

9.3CVSS0.00548EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-48281 ColdFusion | Improper Input Validation (CWE-20)

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS0.00855EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago36 views

CVE-2026-48277 ColdFusion | Improper Input Validation (CWE-20)

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS0.00855EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-48285 ColdFusion | Server-Side Request Forgery (SSRF) (CWE-918)

ColdFusion versions 2025.9, 2023.20 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue...

8.6CVSS0.00439EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-48313 ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary file system read and limited write access. An attacker could exploit this vulnerability to access sensitive...

9.3CVSS0.00479EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-48307 ColdFusion | Cross-site Scripting (Reflected XSS) (CWE-79)

ColdFusion versions 2025.9, 2023.20 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially resulting in arbitrary code execution in the context of the current user...

8.8CVSS0.00314EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago29 views

CVE-2026-48314 ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to gain limited read and write access to...

6.5CVSS0.00333EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-48276 ColdFusion | Unrestricted Upload of File with Dangerous Type (CWE-434)

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS0.00917EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-48282 ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interactio...

10CVSS0.01021EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago30 views

CVE-2026-48283 ColdFusion | Unrestricted Upload of File with Dangerous Type (CWE-434)

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS0.0063EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-48286 Adobe Campaign Classic (ACC) | Incorrect Authorization (CWE-863)

Adobe Campaign Classic ACC versions 7.4.3 build 9396 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS0.00712EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago37 views

CVE-2026-4360 Tarfile.extract() doesn't fully respect filter parameter

In the Tarfile.extract function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter='data' to the extract function...

2CVSS0.00304EPSS
Exploits0References7
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-44949 Unauthenticated namespace creation and RBAC injection via rancher-webhook FleetWorkspace mutating webhook

A Rancher FleetWorkspace admission path allowed side effects to occur in the Rancher webhook handler for versions 0.7.0 up to 0.7.10, 0.8.0 up to 0.8.7, 0.9.0 up to 0.9.6 and 0.10.0 up to 0.10.7. An unauthenticated attacker with network access to the in-cluster rancher-webhook service could submi...

7CVSS0.00232EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago30 views

CVE-2026-27957 Coolify: Authenticated RCE via command injection in CA certificate management feature

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, an authenticated command injection vulnerability in the CA Certificate management feature allows any authenticated user to execute arbitrary commands as the configured SSH...

8.8CVSS0.00658EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-27956 Coolify: Cross-team application domain enumeration via domains_by_server endpoint

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, GET /api/v1/servers/serveruuid/domains?uuid=appuuid bypasses team scoping when the optional uuid query parameter is provided. Any authenticated API user can enumerate domai...

4.3CVSS0.00176EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-27955 Coolify: Command Injection via Single-Quote Breakout in `executeInDocker()`

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, the executeInDocker helper wraps commands in bash -c '$command' without escaping single quotes. User-controlled dockercomposecustombuildcommand and...

6.6CVSS0.00222EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-27883 Coolify: IDOR in Deployment API - Cross-Team Deployment Information Disclosure

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, the GET /api/v1/deployments/uuid endpoint allows any authenticated user to access deployment details belonging to any team, bypassing team-based authorization. The $teamId ...

5CVSS0.00213EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago30 views

CVE-2026-48192

A vulnerability has been identified in Mendix Studio Pro 10.11 All versions, Mendix Studio Pro 10.12 All versions, Mendix Studio Pro 10.13 All versions, Mendix Studio Pro 10.14 All versions, Mendix Studio Pro 10.15 All versions, Mendix Studio Pro 10.16 All versions, Mendix Studio Pro 10.17 All...

6.8CVSS0.00193EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-27881 Coolify: Cross-team deployment information disclosure via GET /api/v1/deployments/{uuid} (IDOR)

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, GET /api/v1/deployments/uuid in DeployController.php retrieves deployment details without validating that the deployment belongs to the authenticated user's team. Any...

5CVSS0.00162EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-27882 Coolify: Timing Attack in GitLab Webhook Token Validation

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.461, the GitLab webhook endpoint uses a non-constant-time string comparison operator !== to validate the webhook secret token. This implementation is vulnerable to timing attack...

4.8CVSS0.00146EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-44947 Stale PSA ClusterRoleBinding Persists After RoleTemplate Downgrade in Rancher

A missing clean-up in the legacy Project Role Template Binding PRTB reconciler in Rancher versions 2.13.0 up to 2.13.7 and 2.14.0 up to 2.14.3 allowed users to retain unauthorized Pod Security Admission PSA permissions after an administrator removes those permissions from a RoleTemplate...

6.9CVSS0.00229EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago27 views

CVE-2026-14178 openGauss存在非法内存访问导致DoS漏洞

openGauss 在处理带 NLS 参数的 totimestamp 调用时,totimestampwithfmtnls 会将 nlsfmtstr 保存到 usess-parsercxt.nlsfmtstr。在 seqscan + sort 执行路径下,该字符串原本被分配在 SeqScan 的表达式上下文中;当 SeqScan 完成后,该内存上下文会被 reset,但后续结果输出阶段 timestampout 仍会通过 CheckNlsFormat 访问 usess-parsercxt.nlsfmtstr,导致访问已释放内存。攻击者在具备数据库 SQL 执行权限的情况下,可构造特定...

5.9CVSS0.00351EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago30 views

CVE-2026-35097 Weak Password Requirements in KTM System e-BOK

KTM System e-BOK enforces a maximum password length of six numeric digits and does not permit the use of any alphabetic, special, or extended characters. This issue was fixed in the patch published in June 2026...

6.9CVSS0.00249EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-35098 Improper Restriction of Excessive Authentication Attempts in KTM System e-BOK

KTM System e-BOK does not implement any limit or timeout on consecutive login attempts, allowing an attacker to perform unlimited authentication requests. This lack of rate‑limiting enables efficient brute‑force attacks against user accounts. When combined with vulnerability CVE-2026-35097, where...

6.9CVSS0.00323EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-35096 Cross-Site Request Forgery (CSRF) in KTM System e-BOK

KTM System e-BOK is vulnerable to Cross‑Site Request Forgery CSRF in both the email-change and password-change functionalities. An attacker can craft a malicious website that, when visited by an authenticated user, automatically sends a forged POST request to the application. This allows the...

5.1CVSS0.00157EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-35095 Session fixation in KTM System e-BOK

KTM System e-BOK allows the session identifier to be set by the client prior to authentication. If a cookie with a valid name is set, its value remains unchanged after successful login. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session...

4.8CVSS0.00145EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago38 views

CVE-2025-53648 Apache Gravitino: SQL misconfiguration can access or truncate files

SQL misconfiguration in the Gravitino UI, in versions 1.0.0 and below, can allow a malicious user to read or truncate files. Users are recommended to upgrade to version 1.0.0, which fixes this issue...

0.00348EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago29 views

CVE-2026-14241 Memory safety bugs fixed in Firefox 152.0.4

Memory safety bugs present in Firefox 152.0.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152.0.4...

0.00303EPSS
Exploits0References3
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-13474 Denial of service via malformed HTTP/2 requests

Denial of service via malformed HTTP/2 requests in NetScaler ADC and NetScaler Gateway if HTTP/2 is enabled in HTTP Profile and associated with the virtual server of type LB, CS, VPN or the service configured on NetScaler...

8.7CVSS0.0044EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-58015 Glib: path traversal in glib/gio/gdbusauthmechanismsha1.c via keyring_lookup_entry and mechanism_client_data_receive

A flaw was found in GLib. The D-Bus client-side implementation of the DBUSCOOKIESHA1 SASL authentication mechanism does not validate the cookiecontext parameter received from the server. A malicious D-Bus server can supply a cookiecontext containing path traversal sequences, causing the client to...

5.9CVSS0.00418EPSS
Exploits1References3
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-58016 Glib: integer underflow in gio/gdbusintrospection.c via "g_dbus_node_info_new_for_xml"

A flaw was found in GLib. A state confusion issue exists in gdbusnodeinfonewforxml in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a element nested within other elements like , , or . This issue can cause an unsigned integer overflow and...

7.5CVSS0.00373EPSS
Exploits1References3
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-10817 Insufficient input validation leading to memory overread

Insufficient input validation leading to memory overread in NetScaler ADC and NetScaler Gateway if the TCP TimeStamp is enabled in TCP Profile and is associated with the virtual server of type LB, CS, VPN or the service configured on NetScaler...

6.9CVSS0.0041EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-58014 Glib: off-by-one error in glib/gkeyfile.c via "g_key_file_get_locale_string_list"

A flaw was found in GLib. An off-by-one error can occur in the gkeyfilegetlocalestringlist function in the gkeyfile.c file when loading a key file with an empty value. This flaw can cause an out-of-bounds access of 1 byte or a denial of service when the out-of-bounds access crosses a page boundar...

7.3CVSS0.00293EPSS
Exploits1References3
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-58013 Glib: buffer over-read in glib/giochannel.c via "g_io_channel_read_line_backend"

A flaw was found in GLib. A buffer over-read can occur in giochannelreadlinebackend in the giochannel.c file when a custom line terminator with a length greater than one is set, causing memcmp to read past the GString buffer. This vulnerability can cause a minor information disclosure of 7 bytes ...

6.5CVSS0.00329EPSS
Exploits1References3
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-58012 Glib: buffer over-read in g_regex_replace() via glib/gregex.c:string_append() and g_utf8_next_char()

A flaw was found in GLib. A buffer over-read can occur in the gregexreplace function when used with the GREGEXRAW compile flag and case-change replacement escapes because the stringappend function processes matched substrings using UTF-8 functions that assume valid UTF-8 input, even when the stri...

6.5CVSS0.00322EPSS
Exploits1References3
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-58010 Glib: buffer over-read in glib/gvariant-serialiser.c via gvs_tuple_is_normal()

A flaw was found in GLib. An off-by-one error can occur in the gvstupleisnormal function in the glib/gvariant-serialiser.c file when doing an alignment padding check because the bounds check uses instead of =, causing an out-of-bounds read of only 1 byte. This issue can cause a minor information...

6.5CVSS0.00322EPSS
Exploits1References3
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-58011 Glib: out-of-bounds read in glib/gdatetime.c:g_date_time_get_ymd via invalid gdatetime

A flaw was found in GLib. An out-of-bounds read of only 2 bytes can occur in the gdatetimegetymd function in the glib/gdatetime.c file when an invalid GDateTime object produced by the gdatetimeaddfull function is processed. This flaw can corrupt the date output and potentially cause logic errors...

6.5CVSS0.00344EPSS
Exploits1References3
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-58116 LLaMA-Factory 0.9.5 Remote Code Execution via WebUI Model Path

LLaMA-Factory through 0.9.5 contains a remote code execution vulnerability that allows attackers with WebUI access to execute arbitrary Python code by supplying a malicious model path in the Chat or Training interfaces. The application passes user-supplied model path input unvalidated into...

9.8CVSS0.00497EPSS
Exploits2References2
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-10816 Arbitrary File Read (Unauthenticated)

Arbitrary File Read Unauthenticated in NetScaler ADC and NetScaler Gateway if the access to NSIP, Cluster Management IP or SNIP with management access is enabled...

7.1CVSS0.00415EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago30 views

CVE-2026-6556 @fastify/express vulnerable to middleware bypass via non-string mount paths in prefixed plugins

@fastify/express versions 4.0.6 and earlier only rewrite the plugin prefix for middleware mount paths when the path argument is a string. Non-string mount paths arrays of paths and regular expressions are left unprefixed inside prefixed plugin scopes, so middleware registered with those forms doe...

9.1CVSS0.00295EPSS
Exploits0References2
Total number of security vulnerabilities363394