Lucene search
K
CvelistRecent

363627 matches found

Cvelist
Cvelist
added 33 minutes ago2 views

CVE-2026-13199 Insufficient Entropy in Raspberry Pi 5 and Compute Module 5

EEPROM firmware on Raspberry Pi 5 and Compute Module 5 devices produced non-random KASLR and RNG seed values. This resulted in consistent kernel addresses across boots and devices, potentially making it easier to exploit other vulnerabilities. Additionally, the low-quality RNG seed may affect the...

5.1CVSS
Exploits0References2
Cvelist
Cvelist
added 1 hour ago2 views

CVE-2026-58384 Gimp: gimp: integer overflow in read_rle_channel()

A flaw was found in GIMP's PSD parser. An integer overflow in readRLEchannel can cause an undersized heap allocation for the RLE row-length table, after which subsequent per-row writes corrupt heap memory. This could lead to memory corruption, potentially resulting in denial of service or arbitra...

7.3CVSS
Exploits0References4
Cvelist
Cvelist
added 1 hour ago5 views

CVE-2026-8377 Improper Authorization in Armiya Technologies' Access Control System

Missing Authorization vulnerability in Armiya Information Technologies Ltd. Co. Access Control System GKS allows Collect Data from Common Resource Locations. This issue affects Access Control System GKS: before Version 2...

8.2CVSS
Exploits0References1
Cvelist
Cvelist
added 2 hours ago5 views

CVE-2026-8309 Reflected XSS in Armiya Technologies' Access Control System

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Armiya Information Technologies Ltd. Co. Access Control System GKS allows Reflected XSS. This issue affects Access Control System GKS: before Version 2...

5.4CVSS
Exploits0References1
Cvelist
Cvelist
added 2 hours ago5 views

CVE-2026-8306 Stored XSS in Armiya Technologies' Access Control System

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Armiya Information Technologies Ltd. Co. Access Control System GKS allows Stored XSS. This issue affects Access Control System GKS: before Version 2...

6.1CVSS
Exploits0References1
Cvelist
Cvelist
added 2 hours ago5 views

CVE-2026-7380 HTML Injection in Armiya Technologies' Access Control System

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in Armiya Information Technologies Ltd. Co. Access Control System GKS allows XSS Targeting HTML Attributes. This issue affects Access Control System GKS: before Version 2...

6.1CVSS
Exploits0References1
Cvelist
Cvelist
added 2 hours ago4 views

CVE-2026-5799 IDOR in Idvlabs' Ontime

Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers. This issue affects Ontime: through 04052026...

7.5CVSS
Exploits0References1
Cvelist
Cvelist
added 2 hours ago3 views

CVE-2026-5730 IDOR in Idvlabs' Ontime

Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers. This issue affects Ontime: through 04052026...

7.5CVSS
Exploits0References1
Cvelist
Cvelist
added 3 hours ago6 views

CVE-2026-12277 Frontend File Manager Plugin <= 23.6 - Unauthenticated Arbitrary File Deletion via Saved File Metadata Path Traversal

The Frontend File Manager Plugin WordPress plugin through 23.6 does not validate a file path derived from user input before deleting the referenced file, allowing unauthenticated users to delete arbitrary files on the server such as wp-config.php when guest upload mode is enabled. Deleting...

Exploits0References1
Cvelist
Cvelist
added 3 hours ago3 views

CVE-2026-12375 Uncanny Automator Pro 7.3.0.5 - Backdoor via Compromised Vendor Update Server

The uncanny-automator-pro WordPress plugin before 7.3.0.6 was distributed with malicious code after the vendor's uncanny-automator-pro WordPress plugin before 7.3.0.6 update/distribution infrastructure was compromised; the injected backdoor grants unauthenticated attackers an administrator sessio...

Exploits0References1
Cvelist
Cvelist
added 3 hours ago5 views

CVE-2026-4375 DoLeads Integrator <= 1.2.2 & wp2epub <= 0.65 - Unauthenticated RCE

The DoLeads Integrator WordPress plugin through 0.65, wp2epub WordPress plugin through 0.65 have been seen to be used to achieve RCE, once they are added adding to a blog, for example using a vulnerability where unclosed extensions from wordpress.org can be installed by unauthorized users...

Exploits0References1
Cvelist
Cvelist
added 3 hours ago6 views

CVE-2026-10834 WP Travel Engine < 6.8.1 - Subscriber+ Arbitrary Media File Move via user_profile_image

The WP Travel Engine WordPress plugin before 6.8.1 does not properly validate the source of a user-supplied profile image path before moving the file, allowing authenticated users with subscriber-level access and above to relocate arbitrary files within the WordPress uploads directory into their...

Exploits0References1
Cvelist
Cvelist
added 3 hours ago4 views

CVE-2026-14345 WPFunnels <= 3.12.7 - Unauthenticated Remote Code Execution via 'postData' Parameter

The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.12.7 via the 'postData' parameter parameter. This is due to unsanitized write of attacker-controlled postData values...

9.8CVSS
Exploits0References11
Cvelist
Cvelist
added 3 hours ago4 views

CVE-2026-57871

Relative path traversal vulnerability in MicroRealEstate file upload functionality allows attackers to potentially overwrite system files. This issue affects MicroRealEstate: through 1.0.0-alpha3...

7.1CVSS
Exploits0References2
Cvelist
Cvelist
added 3 hours ago6 views

CVE-2026-58315

Cross-site request forgery vulnerability exists in SEIKO EPSON Web Config. If a user views a malicious page while logged into Web Config, unintended operations may be performed...

5.1CVSS
Exploits0References2
Cvelist
Cvelist
added 3 hours ago4 views

CVE-2026-57870

Broken object-level access control on the Template API in MicroRealEstate allows attackers to retrieve document templates used by other organizations without authorization. This issue affects MicroRealEstate: through 1.0.0-alpha3...

5.3CVSS
Exploits0References2
Cvelist
Cvelist
added 3 hours ago2 views

CVE-2026-57869

Broken object-level access controls and the use of a deterministic pattern during random ID generation in MicroRealEstate allows attackers to access documents uploaded by landlords or tenants without authorization. This issue affects MicroRealEstate: through 1.0.0-alpha3...

7.1CVSS
Exploits0References2
Cvelist
Cvelist
added 3 hours ago5 views

CVE-2026-57868

MicroRealEstate is affected by broken object-level access controls in PDF generator functionality. This issue affects MicroRealEstate: through 1.0.0-alpha3...

7.1CVSS
Exploits0References2
Cvelist
Cvelist
added 3 hours ago3 views

CVE-2026-57867

MicroRealEstate allows adversaries to bypass authentication due to a lack of token state management. This would permit adversaries targeting MicroRealEstate deployments to brute-force One-Time Passwords OTP to log in as any user. This issue affects MicroRealEstate: through 1.0.0-alpha3...

8.8CVSS
Exploits0References2
Cvelist
Cvelist
added 5 hours ago6 views

CVE-2026-27844

Uncaught Exception CWE-248 in the Controller 6000 and Controller 7000 diagnostic web interface allows an authenticated and authorized operator to trigger a Controller restart by sending specific requests, resulting in a temporary denial of service. Version of Command Centre affected: 9.50 prior t...

2.7CVSS
Exploits0References1
Cvelist
Cvelist
added 5 hours ago5 views

CVE-2026-27790

Uncaught Exception CWE-248 in the T20 Readers allows an authenticated and authorized operator to trigger a restart by sending specific requests, resulting in a temporary denial of service. Version of Command Centre affected: 9.50 prior to vCR9.50.260616a distributed in 9.50.1587MR1 9.40 prior to...

2.7CVSS
Exploits0References1
Cvelist
Cvelist
added 5 hours ago4 views

CVE-2026-26053

An Incorrect Privilege Assignment CWE-266 vulnerability in the Command Centre Server allows an authenticated operator with limited privileges to perform some operations that they would not normally be authorized to perform. Version of Command Centre affected: 9.50 prior to vEL9.50.1587MR1, 9.40...

5.3CVSS
Exploits0References1
Cvelist
Cvelist
added 5 hours ago6 views

CVE-2026-42201 Coolify: OS Command Injection via Database Credential Fields in Docker Compose Service Commands

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, database credential fields redispassword, keydbpassword, dragonflypassword, clickhouseadminuser, clickhouseadminpassword, postgresuser, mysqluser are validated only as...

3.3CVSS
Exploits0References4
Cvelist
Cvelist
added 5 hours ago5 views

CVE-2026-34158 Coolify: Command injection via single-quote breakout in Docker Compose custom commands

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, the executeInDocker helper wraps user-controlled commands in single quotes without escaping embedded single quotes. Attackers who can edit application settings can inject a...

8.8CVSS
Exploits0References1
Cvelist
Cvelist
added 5 hours ago6 views

CVE-2026-34170 Coolify: Server-Side Request Forgery via attacker-controlled GitHub App API URL

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the GithubApp apiurl field is used as the base URL for server-side HTTP requests without allowlisting or private IP blocking, allowing an authenticated user to configure a...

4.3CVSS
Exploits0References1
Cvelist
Cvelist
added 5 hours ago6 views

CVE-2026-34037 Cross-Tenant Resource Cloning via Broken Object-Level Authorization in cloneTo()

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, the cloneTo Livewire action in ResourceOperations.php authorizes the source resource but resolves destination resources with unscoped Eloquent lookups, allowing an...

9.9CVSS
Exploits0References3
Cvelist
Cvelist
added 5 hours ago6 views

CVE-2026-34048 Coolify: Missing authorization on terminal websocket bootstrap routes allows low-privileged members to execute commands on team servers

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, terminal websocket bootstrap routes only check authentication and do not enforce terminal authorization, allowing a low-privileged team member to connect to terminal routes...

9.9CVSS
Exploits0References3
Cvelist
Cvelist
added 5 hours ago6 views

CVE-2026-34057 Coolify: Authenticated Remote Code Execution via Command Injection in Database Import Container Name

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the database import Livewire component app/Livewire/Project/Database/Import.php allows client-controlled container and server properties to reach shell commands without...

8.8CVSS
Exploits0References3
Cvelist
Cvelist
added 5 hours ago6 views

CVE-2026-42143 Coolify: OS Command Injection via Persistent Volume Names - Root RCE on Managed Servers

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, user-controlled persistent volume names are interpolated into shell commands executed on managed servers without escaping or validation, allowing an authenticated member to...

8.8CVSS
Exploits0References3
Cvelist
Cvelist
added 5 hours ago6 views

CVE-2026-42147 Coolify: SSRF via S3 Storage Endpoint in testConnection()

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, S3 storage endpoint validation only checks URL format and testConnection sends a server-side request to the configured endpoint, allowing an authenticated user with storage...

4.9CVSS
Exploits0References3
Cvelist
Cvelist
added 5 hours ago4 views

CVE-2026-34044 Coolify: Cross-team IDOR in logs component (resource lookup not team-scoped)

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, the Logs::mount component looks up resources by UUID without scoping the lookup to the current team, allowing an authenticated user to access logs for applications owned by...

7.7CVSS
Exploits0References3
Cvelist
Cvelist
added 5 hours ago6 views

CVE-2026-34152 Coolify: Command Injection via Newline in Pre/Post Deployment Commands (Heredoc Transport)

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, pre-deployment and post-deployment commands are single-quote escaped but then sent through SSH heredoc transport that preserves newlines, allowing an authenticated user to...

8.8CVSS
Exploits0References4
Cvelist
Cvelist
added 6 hours ago4 views

CVE-2026-34149 Coolify: Authenticated Host-Level RCE via Unescaped Database Credentials in Backup Jobs

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, DatabaseBackupJob interpolates user-controlled database credentials and MongoDB collection exclusion names into backup shell commands without adequate escaping, allowing an...

3.3CVSS
Exploits0References4
Cvelist
Cvelist
added 6 hours ago4 views

CVE-2026-34171 Coolify: Account takeover via CSRF-able GET endpoint that resets password to attacker-known value

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the GET /invitations/uuid endpoint can perform a state-changing password reset using an attacker-known invitation UUID, allowing an attacker who can cause a victim to visit...

8CVSS
Exploits0References3
Cvelist
Cvelist
added 6 hours ago6 views

CVE-2026-34034 Coolify: Host RCE via Sentinel token injection

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, the sentineltoken setting is used in shell commands without sufficient validation, allowing an authenticated user with access to server Sentinel settings to inject shell...

8.8CVSS
Exploits0References3
Cvelist
Cvelist
added 6 hours ago5 views

CVE-2026-34168 Coolify: Command injection via unsanitized persistent storage name in docker volume commands

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the LocalPersistentVolume.name field is interpolated directly into docker volume shell commands without shell argument escaping, allowing an authenticated user to set a...

8.8CVSS
Exploits0References3
Cvelist
Cvelist
added 6 hours ago6 views

CVE-2026-42145 Coolify: File Upload Without Type or Size Validation in Database Backup Restore

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, the file upload endpoint app/Http/Controllers/UploadController.php for database backup restore uploads did not enforce file type or size validation, allowing an authenticat...

3.1CVSS
Exploits0References4
Cvelist
Cvelist
added 6 hours ago4 views

CVE-2026-34198 Coolify: Password reset link poisoning via X-Forwarded-Host header spoofing

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the TrustProxies middleware trusts all proxies $proxies = '', accepting X-Forwarded-Host from any source. The TrustHosts middleware, intended to prevent host header attacks...

5.3CVSS
Exploits0References4
Cvelist
Cvelist
added 6 hours ago4 views

CVE-2026-34058 Coolify: OS Command Injection via Unmanaged Container Operations - Remote Code Execution

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the Livewire component Server\Resources exposes public methods startUnmanaged, stopUnmanaged, restartUnmanaged that accept a container ID parameter directly from the browse...

8.8CVSS
Exploits0References4
Cvelist
Cvelist
added 6 hours ago5 views

CVE-2026-34035 Coolify: Host RCE via Log Drain secret/env command injection

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, log drain secret and environment values were interpolated into shell commands without sufficient encoding, allowing an authenticated user to inject commands executed on the...

8.8CVSS
Exploits0References3
Cvelist
Cvelist
added 6 hours ago6 views

CVE-2026-34047 Coolify: WebSocket Endpoint Access Control Flaw Leading to Remote Code Execution

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, terminal WebSocket bootstrap routes did not enforce the expected authorization middleware, allowing an authenticated user to access terminal functionality for resources...

9.9CVSS
Exploits0References4
Cvelist
Cvelist
added 6 hours ago5 views

CVE-2026-42172 Coolify: Sanctum API Tokens Have No Expiration — Leaked Tokens Grant Permanent Access

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, Sanctum API tokens did not expire, allowing a leaked token to retain access indefinitely until manually revoked. This issue is fixed in version 4.0.0-beta.474...

3.1CVSS
Exploits0References4
Cvelist
Cvelist
added 6 hours ago4 views

CVE-2026-42200 Coolify: PostgreSQL Init Script Path Traversal Leads to Arbitrary File Write and Root RCE

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, PostgreSQL initialization script generateinitscripts method in app/Actions/Database/StartPostgresql.php filename handling did not sufficiently restrict paths, allowing an...

8.8CVSS
Exploits0References4
Cvelist
Cvelist
added 7 hours ago5 views

CVE-2026-11328 Exclusive Addons for Elementor <= 2.7.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post title parameter in all versions up to, and including, 2.7.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS
Exploits0References3
Cvelist
Cvelist
added yesterday7 views

CVE-2024-56141 Minosoft has IV equal to key

Minosoft is an open-source, multi-version Minecraft Java Edition client written in Kotlin. Starting in commit f1ae30e2b046a490026a8413b075685deb795122, the CryptManager encryption routine CryptManager.kt initializes its AES cipher using an initialization vector IV that is set equal to the secret...

5CVSS
Exploits0References2
Cvelist
Cvelist
added yesterday8 views

CVE-2026-53648 FOSSBilling: Downloadable product files can be overwritten through filename collisions

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.1, downloadable product files are stored using a deterministic filename-derived path. When an administrator uploads a file for a downloadable product, FOSSBilling stores the file as md5 under the uploads...

5.1CVSS0.00039EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday8 views

CVE-2026-53647 FOSSBilling vulnerable to unauthenticated API key configuration disclosure via guest Serviceapikey get_info endpoint

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.3 through 0.7.2, the Guest serviceapikey/getinfo API endpoint is accessible without authentication. Any caller with a valid API key can retrieve all custom configuration parameters custom fields stored in the...

6.9CVSS0.00062EPSS
Exploits1References1
Cvelist
Cvelist
added yesterday7 views

CVE-2026-13356 Interrupted navigation could allow address bar origin spoofing in Firefox for iOS

A malicious webpage could interrupt a pending navigation by enqueuing a synchronous JavaScript dialog, causing the browser UI to display the destination origin in the address bar while continuing to render attacker-controlled content. This vulnerability was fixed in Firefox for iOS 152.3...

Exploits0References2
Cvelist
Cvelist
added yesterday20 views

CVE-2026-53646 FOSSBilling: Client password reset token reuse allows persistent account takeover

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.6 through 0.7.2, when a ClientPasswordReset record already exists for a client from a previous unexpired reset request, subsequent calls to the resetpassword guest API endpoint reuse the existing token instea...

7.7CVSS0.00041EPSS
Exploits1References1
Cvelist
Cvelist
added yesterday19 views

CVE-2026-53645 FOSSBilling's missing self-edit prevention in staff permission management allows persistent privilege escalation

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 allow a low-privileged staff account to grant arbitrary module permissions to itself through the admin API, resulting in persistent privilege escalation. A staff user that only has...

8.5CVSS0.00031EPSS
Exploits0References1
Total number of security vulnerabilities363627