Lucene search
K
CvelistRecent

363927 matches found

Cvelist
Cvelist
added 17 minutes ago2 views

CVE-2026-59880 Immutable.js: Hash-collision algorithmic complexity denial of service in Immutable.Map/Set

Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, Immutable.Map and Immutable.Set keep keys that share the same 32-bit hash in a HashCollisionNode collision bucket that is scanned linearly, allowing an attacker who controls keys inserted into a Map, such a...

8.7CVSS
Exploits0References5
Cvelist
Cvelist
added 17 minutes ago1 views

CVE-2026-59262 AFFiNE - Unauthorized Document Edit History Access via GraphQL histories Field

AFFiNE's histories GraphQL field fails to validate Doc.Read permission before exposing document edit history, allowing authenticated workspace members to retrieve restricted content timelines. Attackers can supply arbitrary document GUIDs to access full edit histories including user names, emails...

7.1CVSS
Exploits0References4
Cvelist
Cvelist
added 23 minutes ago1 views

CVE-2026-59725 Socket.IO: Engine.IO Polling Transport Connection Exhaustion

Socket.IO enables bidirectional and low-latency communication for every platform. From 4.1.0 before 6.6.7, Engine.IO protocol v4 polling transport does not properly close the HTTP response for invalid binary POST requests with Content-Type: application/octet-stream, allowing an unauthenticated...

7.5CVSS
Exploits0References3
Cvelist
Cvelist
added 25 minutes ago2 views

CVE-2026-59724 Socket.IO: Engine.IO WebTransport SID DoS

Socket.IO enables bidirectional and low-latency communication for every platform. From 6.5.0 before 6.6.7, Engine.IO servers with WebTransport enabled can resolve a crafted session ID such as proto through an inherited property of the clients object during WebTransport upgrade handling, causing a...

7.5CVSS
Exploits0References3
Cvelist
Cvelist
added 30 minutes ago1 views

CVE-2026-59876 protobufjs: Text Format string map parsing can mutate returned map object prototype

protobufjs compiles protobuf definitions into JavaScript JS functions. From 8.2.0 until 8.6.5, the protobufjs Text Format extension parsed string-keyed map entries using ordinary property assignment, allowing a map entry with key proto to change the prototype of the returned map object instead of...

4.8CVSS
Exploits0References4
Cvelist
Cvelist
added 33 minutes ago2 views

CVE-2026-59877 protobufjs: Denial of Service via infinite loop in .proto option parsing

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.6.5 and 8.6.6, protobufjs parsed option names by advancing through schema tokens until reaching an = token without checking for end of input, so a crafted .proto schema that opens an option declaration and ends...

5.3CVSS
Exploits0References6
Cvelist
Cvelist
added 35 minutes ago1 views

CVE-2026-53951 Copier: trust-prefix bypass via path traversal runs tasks unprompted

Copier is a library and CLI app for rendering project templates. In versions 9.5.0 through 9.15.1, the trust setting's prefix match copier/settings.py compares the template URL against a trusted prefix with a raw str.startswith and no path normalization, while the URL is normalized when the...

8.8CVSS
Exploits0References2
Cvelist
Cvelist
added 36 minutes ago1 views

CVE-2026-59871 node-tar: Process crash via PAX numeric path type confusion

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, node-tar coerces all-digit PAX path and linkpath values in src/pax.ts to JavaScript numbers, causing downstream path handling such as normalizeWindowsPathentry.path.split'/' to throw an uncaught TypeError. This issue is...

5.3CVSS
Exploits0References3
Cvelist
Cvelist
added 36 minutes ago2 views

CVE-2026-9074 IBM API Connect SQL Injection

IBM API Connect 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3 contains an unauthenticated SQL injection vulnerability in the password reset functionality...

9.1CVSS
Exploits0References2
Cvelist
Cvelist
added 37 minutes ago1 views

CVE-2026-59874 node-tar: Negative tar entry size causes infinite loop in archive replace

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, tar.replace accepts a checksum-valid tar header with a negative base-256 encoded entry size, causing the archive scanner to make no progress while repeatedly parsing the same header. This issue is fixed in version 7.5.18...

8.7CVSS
Exploits0References3
Cvelist
Cvelist
added 38 minutes ago0 views

CVE-2026-59873 node-tar: Decompression/parse DoS via unlimited input

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not enforce hard upper bounds on total decompressed data, entry counts, or decompression ratio in extraction and parsing paths such as src/extract.ts, allowing a small crafted gzip bomb to exhaust disk spac...

9.2CVSS
Exploits0References3
Cvelist
Cvelist
added 38 minutes ago2 views

CVE-2026-3144 IBM API Connect Default Credentials

IBM API Connect 12.1.0.0 through 12.1.0.3 uses default credentials which could allow an attacker to gain unauthorized access to the application before the system enforces a credential update...

8.1CVSS
Exploits0References1
Cvelist
Cvelist
added 41 minutes ago1 views

CVE-2026-59875 node-tar: Uncaught Exception DoS via NUL byte in PAX path/linkpath records

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.17, node-tar does not strip NUL bytes from PAX path and linkpath records in src/pax.ts, allowing a crafted archive with values to reach fs.lstat or fs.open and terminate the process with an uncaught exception. This issue is...

5.3CVSS
Exploits0References3
Cvelist
Cvelist
added 43 minutes ago1 views

CVE-2026-59868 js-yaml: YAML merge-key chains can force quadratic CPU consumption

js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.0, when merge keys are enabled, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys where each mapping merges the previous one. This issue is fixed in...

5.3CVSS
Exploits0References3
Cvelist
Cvelist
added 45 minutes ago0 views

CVE-2026-59869 js-yaml: YAML merge-key chains can force quadratic CPU consumption

js-yaml is a JavaScript YAML parser and dumper. From 3.0.0 before 3.15.0 and from 4.0.0 before 4.3.0, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys where each mapping merges the previous one. This issue is fixed in...

7.5CVSS
Exploits0References5
Cvelist
Cvelist
added 48 minutes ago1 views

CVE-2026-59870 js-yaml quadratic-complexity denial of service via YAML11_SCHEMA !!omap parsing

js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.1, YAML11SCHEMA support for the !!omap tag in src/tag/sequence/omap.ts uses omapTag.addItem to perform a linear duplicate-key scan on every insertion, causing On^2 CPU consumption when yaml.load parses a crafted ordered-map...

5.3CVSS
Exploits0References3
Cvelist
Cvelist
added 53 minutes ago1 views

CVE-2026-54344 ToolJet GitHub Actions comment body shell injection exposes deployment secrets

ToolJet is an open-source low-code platform for building internal tools. Prior to 3.20.180, ToolJet's render preview deployment workflow interpolates github.event.comment.body directly into a bash conditional in a run step, allowing any GitHub user who can comment on an open pull request with a...

4.7CVSS
Exploits0References1
Cvelist
Cvelist
added 54 minutes ago1 views

CVE-2026-59702 repomix - Server-Side Request Forgery via Unvalidated Repository URLs in POST /api/pack

repomix contains a server-side request forgery vulnerability in the POST /api/pack endpoint that allows unauthenticated attackers to make arbitrary outbound requests. The endpoint fails to properly validate http://, https://, and file:// URLs before passing them to git clone, enabling attackers t...

9.3CVSS
Exploits0References4
Cvelist
Cvelist
added 57 minutes ago2 views

CVE-2026-55761 Portainer: Unauthenticated Restore Endpoint Allows Admin Takeover on Uninitialised Portainer Instances

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. In versions 2.39.0 through 2.39.3 and 2.40.0 until 2.43.0, unauthenticated restore and administrator initialization...

7.1CVSS
Exploits0References6
Cvelist
Cvelist
added 57 minutes ago2 views

CVE-2026-14967 Path traversal in github_workflows allows writing artifacts outside output directory

BBOT's githubworkflows module could be induced to write a downloaded artifact outside its configured output directory: its path-containment check did not resolve .., so a crafted CODEREPOSITORY URL could traverse out of the intended folder. The write is bounded to two directory levels above the...

3.1CVSS
Exploits0References1
Cvelist
Cvelist
added 57 minutes ago2 views

CVE-2026-14966 Symlink guard bypass in unarchive module allows planting symlinks during extraction

BBOT's unarchive module rejects archives containing symlink entries before extraction, but for zip and 7z archives it failed to detect symlinks whose listing carries a DOS-attribute prefix before the unix mode, as produced by legacy versions of p7zip. Such an archive, downloaded and extracted...

3.1CVSS
Exploits0References1
Cvelist
Cvelist
added 1 hour ago1 views

CVE-2026-57439 CyberChef: Prototype pollution in Series Chart operation

CyberChef is a web app for encryption, encoding, compression, and data analysis. Prior to 11.2.0, the Series Chart operation accepts proto as a key while parsing user-supplied CSV, allowing prototype pollution that can be chained with operations such as Parse UDP to inject malicious JavaScript in...

5CVSS
Exploits0References5
Cvelist
Cvelist
added 1 hour ago1 views

CVE-2026-15063 Trustyai-service-operator: trustyai service operator: gorch port bypass when auth is enabled

A flaw was found in the gorch service template, which is part of the trustyai-service-operator. Even when authentication is enabled, the gorch service exposes unproxied orchestrator and detector metrics ports. This allows any pod on the cluster network to directly access these ports, bypassing th...

6.3CVSS
Exploits0References2
Cvelist
Cvelist
added 1 hour ago4 views

CVE-2026-49147 App::Ack versions through 3.10.0 for Perl print unsanitised terminal escape sequences from filenames in several output modes

App::Ack versions through 3.10.0 for Perl print unsanitised terminal escape sequences from filenames in several output modes. When ack prints a filename whose basename contains terminal control bytes such as ANSI escape sequences, those bytes reach the terminal unchanged. Version 3.10.0 added a...

Exploits0References1
Cvelist
Cvelist
added 1 hour ago4 views

CVE-2026-49146 App::Ack versions before 3.10.0 for Perl allow memory exhaustion via an unbounded context value in a project .ackrc

App::Ack versions before 3.10.0 for Perl allow memory exhaustion via an unbounded context value in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The -B and -C context options accepted any positive integer, and ack...

Exploits0References2
Cvelist
Cvelist
added 1 hour ago5 views

CVE-2026-59703 repomix - Local File Inclusion via file:// URL Scheme in Git Clone Endpoint

repomix contains a local file inclusion vulnerability in the git clone endpoint that allows unauthenticated attackers to read arbitrary local git repositories. The isValidRemoteValue function in src/core/git/gitRemoteParse.ts fails to block file:// URLs, permitting attackers to supply file://...

8.7CVSS
Exploits0References4
Cvelist
Cvelist
added 1 hour ago4 views

CVE-2026-55668 File Browser: ScopedFs follows a dangling symlink on write, letting a scoped user create files outside their scope

File Browser provides a web file managing interface. Prior to 2.63.16, ScopedFs validates the nearest existing ancestor of a dangling symlink as in scope and then follows the symlink during file creation, allowing an authenticated user with Create and Modify permissions to create...

6.3CVSS
Exploits0References3
Cvelist
Cvelist
added 1 hour ago3 views

CVE-2026-49145 App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project .ackrc

App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The project-source option blocklist in App::Ack::ConfigLoader does not include...

Exploits0References1
Cvelist
Cvelist
added 1 hour ago4 views

CVE-2026-54652 Frigate viewer can read logs exposing admin and camera credentials

Frigate is an open source network video recorder. In version 0.17.1, the GET /api/logs/service endpoint allows any authenticated user including the viewer role to download Frigate and nginx logs, exposing auto-generated admin passwords and camera credentials logged in request query strings and...

8.1CVSS
Exploits0References3
Cvelist
Cvelist
added 1 hour ago4 views

CVE-2026-55873 SeaweedFS: Improper authorization in the S3Tables / Iceberg REST management API lets a low-privileged S3 user enumerate administrator-owned table buckets

SeaweedFS is a distributed storage system. In versions 4.08 through 4.33, requests signed with SigV4 service s3tables are routed to the S3Tables management API where authorization collapses account-less S3 identities into the shared admin account and fails open, allowing an authenticated...

4.3CVSS
Exploits0References4
Cvelist
Cvelist
added 1 hour ago4 views

CVE-2026-55874 SeaweedFS: Path traversal in the S3 gateway X-Amz-Copy-Source header allows cross-bucket object read

SeaweedFS is a distributed storage system. Prior to 4.34, the S3 API gateway does not reject dot-dot path segments in the X-Amz-Copy-Source header used by CopyObject and UploadPartCopy, allowing an authenticated identity scoped to one bucket to read objects from other buckets through server-side...

7.7CVSS
Exploits0References4
Cvelist
Cvelist
added 1 hour ago3 views

CVE-2026-15067 Multiple Security Vulnerabilities in Terraform Provider for Snowflake Could Allow Privilege Escalation and Unauthorized Snowflake Account Takeover

Snowflake Terraform Provider versions prior to 2.18.0 contain several security vulnerabilities, including SQL injection via an unsanitized data source input could result in arbitrary SQL execution under the provider's privileged Snowflake session, potentially enabling sensitive data exfiltration...

8.8CVSS
Exploits0References1
Cvelist
Cvelist
added 1 hour ago4 views

CVE-2026-15044 Trustyai-service-operator: trustyai service operator: unauthenticated access to ai guardrails and orchestrator apis

A flaw was found in the TrustyAI Service Operator. When deploying services like gorch or NemoGuardrails, if a specific security setting is not enabled, these services can expose their communication channels without requiring users to prove their identity. This allows any other program within the...

6.3CVSS
Exploits0References2
Cvelist
Cvelist
added 1 hour ago6 views

CVE-2026-15062 SQL Injection in Snowflake Snowpark Python SDK

SQL injection vulnerabilities in the Snowflake Snowpark Python SDK snowpark-python versions prior to 1.53.0 could allow authenticated low-privilege users to execute SQL beyond their authorization scope. An attacker could exploit these vulnerabilities by embedding SQL payloads in source database...

9.6CVSS
Exploits0References1
Cvelist
Cvelist
added 1 hour ago4 views

CVE-2026-15036 Harness gitspaces Endpoint list_all.go getAuthorizedSpaces authorization

A vulnerability was determined in Harness up to 2.28.2. This vulnerability affects the function getAuthorizedSpaces of the file app/api/controller/gitspace/listall.go of the component gitspaces Endpoint. Executing a manipulation can lead to authorization bypass. The attack can be executed remotel...

5.3CVSS
Exploits0References6
Cvelist
Cvelist
added 1 hour ago4 views

CVE-2026-11903 Stored XSS in MOVEit Transfer Ad Hoc module

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Progress MOVEit Transfer Ad Hoc module. This issue affects MOVEit Transfer: from 2026.0.0 before 2026.0.1, from 2025.1.0 before 2025.1.4, from 2025.0.0 before 2025.0.8...

8CVSS
Exploits0References1
Cvelist
Cvelist
added 1 hour ago4 views

CVE-2026-10699 Memory leak in SFTP service can result in a denial of service in MOVEit Transfer

Missing release of memory after effective lifetime vulnerability in Progress MOVEit Transfer Custom Reports modules. This issue affects MOVEit Transfer: from 2025.0.0 before 2025.0.8, from 2025.1.0 before 2025.1.4, from 2026.0.0 before 2026.0.1...

7.5CVSS
Exploits0References1
Cvelist
Cvelist
added 1 hour ago2 views

CVE-2026-10698 Table scope bypass vulnerability in custom reports

Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer Custom Reports modules. This issue affects MOVEit Transfer: from 2025.0.0 before 2025.0.8, from 2025.1.0 before 2025.1.4, from 2026.0.0 before 2026.0.1...

7.2CVSS
Exploits0References1
Cvelist
Cvelist
added 1 hour ago3 views

CVE-2026-10706 Exposure of Sensitive Information to an Unauthorized attacker

In Adalo’s no-code app builder, Versions 1 and 2 the attackers may extract full user records and correlate user behavior across multiple applications via dbId enumeration. The platform does not implement data minimization, privacy by design, or implement appropriate technical safeguards, allowing...

Exploits0References1
Cvelist
Cvelist
added 1 hour ago3 views

CVE-2026-10708 Insufficiently Protected Credentials

This vulnerability enables large‑scale data harvesting without requiring app‑specific secrets. A single request to a minimal leaderboard component may return user records containing emails, UUIDs, and custom fields. The combination of wildcard CORS behavior, long‑lived twenty‑day JWTs, and the...

Exploits0References1
Cvelist
Cvelist
added 2 hours ago3 views

CVE-2026-15035 bentoml OpenLLM Model Repository Directory Name common.py async_run_command command injection

A vulnerability was found in bentoml OpenLLM 0.6.30. This affects the function asyncruncommand of the file src/openllm/common.py of the component Model Repository Directory Name Handler. Performing a manipulation of the argument cmd results in command injection. Attacking locally is a requirement...

5.3CVSS
Exploits0References7
Cvelist
Cvelist
added 2 hours ago3 views

CVE-2026-60092 AVideo - Stored Cross-Site Scripting via Unescaped User-Agent in Participants Panel

AVideo Meet plugin through commit e8d6119f3cb1b849149906efeb0a41fc024f59f8 contains a stored cross-site scripting vulnerability in the Meet plugin's getMeetInfo.json.php endpoint. When a participant joins a public meeting, the raw HTTP User-Agent header is stored meetjoinlog.useragent without...

6.1CVSS
Exploits0References3
Cvelist
Cvelist
added 2 hours ago3 views

CVE-2026-59257 n8n - SQL Injection in MySQL v1 executeQuery Operation via Expression Interpolation

n8n before 1.123.61, 2.x before 2.27.4, and 2.28.x before 2.28.1 contains a SQL injection vulnerability in the legacy MySQL v1 node's executeQuery operation. The operation substitutes evaluated ... expression values directly into the raw SQL string without parameterization. When a workflow uses...

5.3CVSS
Exploits0References2
Cvelist
Cvelist
added 2 hours ago3 views

CVE-2026-59253 n8n - Improper Authorization in Workflow Assignment to Folders

n8n before 2.28.0 contains an improper authorization vulnerability allowing authenticated users to assign workflows to folders in other projects. Attackers can bypass project and folder authorization boundaries by supplying crafted request payloads during workflow creation, causing logical...

5.3CVSS
Exploits0References2
Cvelist
Cvelist
added 2 hours ago2 views

CVE-2026-58657 Grav - Stored CSS Injection via Markdown Image resize() Action

Grav before 2.0.0 affected through 2.0.0-rc.9 and the 2.0 branch contains a stored CSS injection vulnerability in the Markdown image resize media action. Prior media hardening rejects direct ?style= payloads and unsafe attribute fallbacks, but the resize action in Excerpts::processMediaActions...

4.8CVSS
Exploits0References4
Cvelist
Cvelist
added 2 hours ago2 views

CVE-2026-58656 Grav API Plugin - Cross-Origin Admin Account Takeover via CORS Wildcard and JWT Query Parameter

Grav API plugin before v1.0.0-rc.16 accepts JWT tokens via the ?token= URL query parameter and responds with Access-Control-Allow-Origin: , allowing unauthenticated attackers to make fully authenticated cross-origin API requests from any malicious website. Attackers who obtain a leaked JWT token...

8.7CVSS
Exploits0References2
Cvelist
Cvelist
added 2 hours ago2 views

CVE-2026-58654 Grav - Arbitrary File Upload via Avatar Endpoint

The Grav API plugin getgrav/grav-plugin-api 1.0.0 contains an unrestricted file upload vulnerability in the avatar upload endpoint /api/v1/users/user/avatar. The endpoint validates only the client-declared MIME type getClientMediaType beginning with 'image/' and does not inspect the actual file...

5.3CVSS
Exploits0References2
Cvelist
Cvelist
added 2 hours ago2 views

CVE-2026-56778 n8n - Authorization Bypass in Public API Execution Retry Endpoint

n8n before 2.25.7 and 2.26.x before 2.26.2 contains an authorization bypass in the Public API execution retry endpoint, which authorizes access using the workflow:read scope instead of workflow:execute. An authenticated user with read-only access to a shared workflow can use the Public API to ret...

6.4CVSS
Exploits0References2
Cvelist
Cvelist
added 2 hours ago2 views

CVE-2026-56776 n8n - Incorrect OAuth Scope Validation in Workflow Test Run Endpoint

n8n before 1.123.55, 2.25.7, and 2.26.2 contains an authorization bypass in the POST /workflows/workflowId/test-runs/new endpoint, which authorizes access using the workflow:read scope instead of workflow:execute. An authenticated user with read-only access to a workflow can trigger a real...

7.4CVSS
Exploits0References2
Cvelist
Cvelist
added 2 hours ago2 views

CVE-2026-56775 n8n - Incorrect OAuth Scope Validation in Evaluation Test Runs Endpoints

n8n before 1.123.55, 2.25.7, and 2.26.2 contains an authorization vulnerability in three mutating evaluation test-run endpoints that authorize state-changing actions using the workflow:read scope instead of the action-appropriate workflow:execute scope. On instances using Advanced Permissions...

5.4CVSS
Exploits0References2
Total number of security vulnerabilities363927