Lucene search
K
CvelistRecent

366385 matches found

Cvelist
Cvelist
added 16 minutes ago1 views

CVE-2026-45793 Composer: Github Actions issued GITHUB_TOKEN disclosure in GitHub Actions logs

Composer is a dependency Manager for the PHP language. Prior to 1.10.28, 2.2.28, and 2.9.8, Composer\IO\BaseIO::loadConfiguration validates GitHub OAuth tokens with the regex ^.A-Za-z0-9+$ and interpolates rejected tokens into an UnexpectedValueException; GitHub Actions GITHUBTOKEN values using t...

7.5CVSS0.00079EPSS
Exploits0References9
Cvelist
Cvelist
added 20 minutes ago3 views

CVE-2026-20187 Cisco RoomOS Security Hardening Release - Exceptional Conditions Handling Vulnerabilities

As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The...

7.5CVSS
Exploits0References1
Cvelist
Cvelist
added 20 minutes ago4 views

CVE-2026-20158 Cisco RoomOS Security Hardening Release - Resource Lifetime Management Vulnerabilities

As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The...

7.5CVSS
Exploits0References1
Cvelist
Cvelist
added 20 minutes ago2 views

CVE-2026-52842 Lightpanda:URL parser misidentifies page origin for URLs containing @ in the path - Same-Origin Policy bypass

Lightpanda is a headless browser designed for AI and automation. Prior to 0.3.1, Lightpanda searched for @ across the entire URL string instead of only the authority component when computing a page origin, so a URL such as http://attacker.com/@victim.com/ was fetched from attacker.com but treated...

9.3CVSS0.00033EPSS
Exploits0References4
Cvelist
Cvelist
added 20 minutes ago3 views

CVE-2026-20153 Cisco RoomOS Security Hardening Release - Input Validation Vulnerabilities

As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The...

7.5CVSS
Exploits0References1
Cvelist
Cvelist
added 20 minutes ago2 views

CVE-2026-20157 Cisco RoomOS Security Hardening Release - Missing Encryption Vulnerabilities

As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The...

7.5CVSS
Exploits0References1
Cvelist
Cvelist
added 20 minutes ago3 views

CVE-2026-20156 Cisco RoomOS Security Hardening Release - Buffer Management Vulnerabilities

As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The...

8.1CVSS
Exploits0References1
Cvelist
Cvelist
added 21 minutes ago3 views

CVE-2026-20146 Cisco Identity Services Engine Path Traversal Vulnerability

A vulnerability in Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, remote attacker to perform path traversal attacks on the underlying operating system to either read or delete arbitrary files. To exploit this vulnerability, the...

5.5CVSS
Exploits0References1
Cvelist
Cvelist
added 21 minutes ago5 views

CVE-2026-20150 Cisco RoomOS Security Hardening Release - Access Control Vulnerabilities

As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The...

8.8CVSS
Exploits0References1
Cvelist
Cvelist
added 22 minutes ago3 views

CVE-2026-52843 Lightpanda: fetch() and XMLHttpRequest attach session cookies to cross-origin requests regardless of credentials mode

Lightpanda is a headless browser designed for AI and automation. Prior to 0.2.9, Lightpanda fetch and XMLHttpRequest unconditionally attached session cookies to every HTTP request, ignoring credentials: omit, credentials: same-origin, credentials: include, and XMLHttpRequest.withCredentials,...

9.3CVSS0.00033EPSS
Exploits0References4
Cvelist
Cvelist
added 24 minutes ago2 views

CVE-2026-49997 SurrealDB: Edge PERMISSIONS FOR delete bypassed when a connected node is deleted

SurrealDB is a scalable, distributed, collaborative, document-graph database for the realtime web. Prior to 3.1.0, Document::purgeedges in surrealdb/core/src/doc/delete.rs automatically removed graph edge records with permissions disabled through opt.clone.withpermsfalse when a connected node was...

5.4CVSS0.00023EPSS
Exploits0References3
Cvelist
Cvelist
added 27 minutes ago2 views

CVE-2026-48799 Postiz: Unauthenticated arbitrary lifetime PRO grant via Nowpayments webhook

Postiz is an AI social media scheduling tool. Prior to 2.21.8, Postiz fails to verify Nowpayments IPN callback authenticity against the payment provider shared secret and reads the target subscription identifier from the untrusted request body, allowing a low-privileged account to grant arbitrary...

7.7CVSS0.00022EPSS
Exploits0References4
Cvelist
Cvelist
added 33 minutes ago3 views

CVE-2026-45804 Diffusers: TOCTOU Trust Remote Code Bypass

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, Diffusers' DiffusionPipeline.frompretrained flow can bypass the trustremotecode guard because download validates modelindex.json and custom pipeline code before later loading from a cached folder that can change, allowin...

7.5CVSS0.00048EPSS
Exploits0References5
Cvelist
Cvelist
added 35 minutes ago2 views

CVE-2026-47703 AdGuard Home: DoQ-to-UDP State Reduction and Source-Port Oracle

AdGuard Home is a network-wide software for blocking ads and tracking. Prior to 0.107.75, AdGuard Home's client-triggered DoQ forwarding path to a udp:// upstream reduced backend UDP DNS state by producing dnsid=0 or txid=0 and exposed a quoted-port ICMP source-port oracle, weakening DNS response...

6.3CVSS0.00047EPSS
Exploits0References1
Cvelist
Cvelist
added 51 minutes ago5 views

CVE-2026-62685 File Browser: Colliding username normalization gives two users the same home directory

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.17, File Browser builds new user scopes from usernames passed through cleanUsername when Signup=true and CreateUserDir=true, but the many-to-one...

8.1CVSS
Exploits0References3
Cvelist
Cvelist
added 56 minutes ago4 views

CVE-2026-62843 File Browser: Archive builder turns backslash filenames into path traversal (zip-slip)

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. From 2.63.6 to 2.63.16, File Browser's archive builder uses strings.ReplaceAllnameInArchive, "", "/", which turns a POSIX filename such as ....\evil.sh into the...

6.8CVSS
Exploits0References3
Cvelist
Cvelist
added 57 minutes ago4 views

CVE-2026-9007 Reflected XSS in HCL Notes

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in HCL Notes from HCL Software allows reflected Cross-Site Scripting XSS. Successful exploitation allows an attacker to execute arbitrary JavaScript in the context of another user. This issue affects...

5.5CVSS
Exploits0References1
Cvelist
Cvelist
added 57 minutes ago5 views

CVE-2026-62683 File Browser: Trailing-slash delete leaves a stale public share behind

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.17, File Browser can leave a public directory share behind when the shared directory is deleted through a path with a trailing slash because the...

3.1CVSS
Exploits0References3
Cvelist
Cvelist
added 1 hour ago4 views

CVE-2026-55242 ERPNext: Server-Side Template Injection (SSTI) in Batch autonaming via Stock Settings.naming_series_prefix

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.111.0 and 16.22.0, an authenticated user with a standard operational role can trigger server-side template injection through a configuration field, resulting in unauthorized disclosure of data outside the user's norm...

8.8CVSS
Exploits0References1
Cvelist
Cvelist
added 1 hour ago5 views

CVE-2026-45150 Zen Browser - Missing Fullscreen Security Notification Allows Origin Spoofing

Zen is a firefox-based browser. Prior to 1.19.13b, Zen Browser did not provide a persistent, clearly visible security notification when a webpage entered fullscreen mode, allowing an attacker-controlled page to hide the real browser UI and origin information, imitate a trusted website UI, and...

6.3CVSS0.00027EPSS
Exploits0References1
Cvelist
Cvelist
added 1 hour ago5 views

CVE-2026-50147 Metabase: Arbitrary File Read via MySQL Connection Property Injection

Metabase is an open-source business intelligence and embedded analytics tool. From 1.57.0 until 1.57.19.1, 1.58.14.1, 1.59.10, and 1.60.4, an attacker who can configure a Metabase database connection can read arbitrary files from the Metabase server's filesystem by adding unsafe JDBC parameters t...

7.6CVSS0.00037EPSS
Exploits0References1
Cvelist
Cvelist
added 1 hour ago4 views

CVE-2026-50148 Metabase: Remote Code Execution via Snowflake JDBC Driver Arbitrary File Write

Metabase is an open-source business intelligence and embedded analytics tool. From 1.54.0 until 1.54.24, 1.55.24, 1.56.25, 1.57.19, 1.58.14, 1.59.10, and 1.60.4, a Metabase user with permission to add or edit a database connection can achieve remote code execution on the Metabase server by...

10CVSS0.00338EPSS
Exploits0References1
Cvelist
Cvelist
added 1 hour ago6 views

CVE-2026-45805 Penpot: MCP REPL server binds to 0.0.0.0 with unauthenticated /execute endpoint — RCE

Penpot is an open-source design tool for design and code collaboration. Prior to 2.15.0, Penpot MCP's mcp/packages/server/src/ReplServer.ts bound the ReplServer to 0.0.0.0:4403 and exposed an unauthenticated /execute endpoint that passed the code field to PluginBridge.executePluginTask, allowing...

8.8CVSS0.00045EPSS
Exploits0References4
Cvelist
Cvelist
added 1 hour ago5 views

CVE-2026-44986 Penpot: Pre-authenticated account takeover via team-invitation token + prepare-register-profile

Penpot is an open-source design tool for design and code collaboration. Prior to 2.14.5, Penpot exposed teamsinvitations.clj invitation tokens from create-team-invitations, embedded an existing profile id in auth.clj prepare-register-profile, and had auth.clj register-profile issue a session base...

9.9CVSS0.00083EPSS
Exploits0References4
Cvelist
Cvelist
added 1 hour ago5 views

CVE-2026-45806 Penpot: Authenticated SSRF in remote image import via create-file-media-object-from-url

Penpot is an open-source design tool for design and code collaboration. Prior to 2.15.0, Penpot's remote image import passed the user-controlled url from frontend/src/app/main/data/workspace/media.cljs into the backend RPC method :create-file-media-object-from-url in...

7.7CVSS0.00032EPSS
Exploits1References2
Cvelist
Cvelist
added 1 hour ago5 views

CVE-2026-60005 NGINX ngx_http_slice_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpslicemodule module. When the slice directive and unnamed regex captures are configured or when a background cache update happens, unauthenticated attackers can send requests that may cause uninitialized memory access in the NGINX...

8.8CVSS
Exploits0References1
Cvelist
Cvelist
added 1 hour ago4 views

CVE-2026-47160 Vaultwarden: Server-side request forgery (SSRF) via Icon Endpoint Decimal/Hex/Octal IP Bypass

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's /icons/domain/icon.png endpoint used src/httpclient.rs checks including shouldblockaddress and postresolve that missed decimal, hexadecimal, and octal IP representations, allowing SSRF through the...

5.8CVSS0.00048EPSS
Exploits0References4
Cvelist
Cvelist
added 1 hour ago6 views

CVE-2026-47164 Vaultwarden: SSO Email Auto-Link Can Bind an Existing Local Account to an Attacker-Controlled IdP Identity

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's SSO login flow checked the IdP emailverified claim only for new-user creation and not when SSOSIGNUPSMATCHEMAIL=true linked an IdP identity to an existing local account, allowing an attacker-controlled Id...

7.7CVSS0.00053EPSS
Exploits0References4
Cvelist
Cvelist
added 1 hour ago6 views

CVE-2026-47159 Vaultwarden: Authentication Flow Information Disclosure in SSO Discovery Allows Organization Enumeration and Pre-Validation Token Exposure

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's SSO discovery and pre-validation flow returned organization-related SSO metadata including organizationIdentifier values for arbitrary email addresses and allowed a valid pre-validation JWT to be obtained...

6.9CVSS0.00046EPSS
Exploits0References4
Cvelist
Cvelist
added 1 hour ago6 views

CVE-2026-47158 Vaultwarden: CSRF in SSO Authorization Flow

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's SSO authorization flow did not bind the OAuth state parameter accepted by /connect/authorize to the initiating browser session, allowed attacker-controlled PKCE parameters, and left SsoAuth records intact...

8.3CVSS0.00031EPSS
Exploits0References4
Cvelist
Cvelist
added 1 hour ago4 views

CVE-2026-46709 Tabby: Drag-and-drop path injection still allows RCE via shell command substitution (incomplete fix for CVE-2026-45038)

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.234, Tabby inserts dropped file paths from tabby-electron/src/pathDrop.ts into the active shell without neutralizing command substitution metacharacters such as $… and …, so the incomplete CVE-2026-45038 fix for...

7.8CVSS0.00025EPSS
Exploits0References3
Cvelist
Cvelist
added 1 hour ago3 views

CVE-2026-41580 Stirling-PDF: Reflected XSS through crafted PDF metadata fields (Title and Author)

Stirling-PDF is a locally hosted web application that facilitates various operations on PDF files. Prior to 2.0.0, Stirling-PDF's /get-info-on-pdf endpoint rendered PDF Title and Author metadata fields without proper HTML encoding or sanitization, allowing a crafted PDF to execute...

6.1CVSS0.0006EPSS
Exploits0References2
Cvelist
Cvelist
added 1 hour ago4 views

CVE-2026-61828 nixos/mysql : `services.mysql` is configured with insecure authentication by default when used with `mysql` or `percona-server`

Nixpkgs is a collection of software packages that can be installed with the Nix package manager. Prior to the 25.11 and 26.05 channel fixes, the NixOS module for MySQL services.mysql initializes the MySQL database in a way that allows local users, such as unprivileged web or CGI processes on the...

8.5CVSS
Exploits0References7
Cvelist
Cvelist
added 1 hour ago6 views

CVE-2026-54560 Cloudreve: OAuth access tokens bypass scope enforcement due to missing client_id claim

Cloudreve is a self-hosted file management and sharing system. From 4.12.0 until 4.16.1, Cloudreve's OAuth access tokens are issued without the OAuth clientid claim, so the JWT verifier does not load token scopes into request context and RequiredScopes treats the request like non-scoped session...

7.6CVSS
Exploits0References3
Cvelist
Cvelist
added 1 hour ago8 views

CVE-2026-54563 Cloudreve: Path Traversal / Broken Access Control in Cloudreve WebDAV (`/dav`) — scoped DAV credential escapes its configured account root

Cloudreve is a self-hosted file management and sharing system. Prior to 4.16.1, a Cloudreve WebDAV account rooted at a configured folder can send paths such as /dav/%2e%2e/outside.txt because stripPrefix in pkg/webdav/webdav.go joins the decoded request suffix to the account root with...

7.1CVSS
Exploits0References1
Cvelist
Cvelist
added 2 hours ago7 views

CVE-2026-54562 Cloudreve: Non-admin remote download users can SSRF loopback/internal services and read imported responses

Cloudreve is a self-hosted file management and sharing system. Prior to 4.16.1, Cloudreve's remote download workflow accepts user-supplied URLs at POST /api/v4/workflow/download and passes them to the configured downloader without blocking loopback, localhost, IPv6 localhost, or...

6.5CVSS
Exploits0References3
Cvelist
Cvelist
added 2 hours ago6 views

CVE-2026-33213 Redash: Open redirect vulnerability in post-login redirect handling

Redash is a package for data visualization and sharing. From 5.0.2 to 26.3.0, the getnextpath function in Redash's authentication module stripped the scheme and netloc from user-supplied next parameters but did not normalize multiple leading slashes, allowing a crafted login URL such as...

6.1CVSS
Exploits0References2
Cvelist
Cvelist
added 2 hours ago6 views

CVE-2026-60065 NGINX Plus ngx_stream_mqtt_filter_module vulnerability

When NGINX Plus is configured to use the Message Queuing Telemetry Transport MQTT filter module ngxstreammqttfiltermodule, unauthenticated attackers can send requests with conditions beyond the attacker's control to cause a heap buffer over-read in the NGINX worker process, leading to a restart...

6.3CVSS
Exploits0References1
Cvelist
Cvelist
added 2 hours ago5 views

CVE-2026-56434 NGINX ngx_http_ssi_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpssimodule module. This vulnerability may exist when the Server-Side Includes SSI, proxypass, and proxybuffering off directives are configured. With this configuration, an unauthenticated attacker with man-in-the-middle MITM abili...

8.3CVSS
Exploits0References1
Cvelist
Cvelist
added 2 hours ago5 views

CVE-2026-42533 NGINX Map directive and Regex matching vulnerability

A vulnerability exists in NGINX Plus and NGINX Open Source when a map directive uses regex matching and a string expression references the map's regex capture variables before referencing the map output variable. Alternatively, the same result could be achieved by using a non-cacheable variable i...

9.2CVSS
Exploits0References1
Cvelist
Cvelist
added 2 hours ago6 views

CVE-2026-60062 NGINX Agent Vulnerability

The NGINX Agent configdirs directive allows a low-privileged attacker to gain limited read and write access to files outside of the designated secure directory. The configdirs directive required for this issue can also be configured through NGINX Instance Manager. A successful exploit may allow a...

6.4CVSS
Exploits0References1
Cvelist
Cvelist
added 2 hours ago6 views

CVE-2026-52865 NGINX Ingress Controller vulnerability

When NGINX Ingress Controller processes Ingress or TransportServer resources, an authenticated, remote attacker with permission to create or modify Ingress or TransportServer resources can cause the NGINX Ingress Controller process to terminate. Impact: The NGINX Ingress Controller control plane...

7.1CVSS
Exploits0References1
Cvelist
Cvelist
added 2 hours ago5 views

CVE-2026-59762 BIG-IP HTTP/2 vulnerability

When an HTTP/2 profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Impact: System performance can degrade until the TMM process is either forced to restart or is manually restarted. This vulnerability allows a remote,...

8.7CVSS
Exploits0References1
Cvelist
Cvelist
added 2 hours ago6 views

CVE-2026-55723 NGINX Ingress Controller vulnerability

When NGINX Ingress Controller is configured with Custom Resource Definitions CRDs or Ingress annotations, an injection vulnerability exists in the configuration generator of NGINX Ingress Controller. Multiple user-controllable fields are written into the generated NGINX configuration without...

8.7CVSS
Exploits0References1
Cvelist
Cvelist
added 2 hours ago5 views

CVE-2026-61646 FastGPT: Shared axios SSRF guard validates only the initial URL before following redirects

FastGPT is a knowledge-based AI application platform. Prior to 4.15.0-beta5, FastGPT's shared SSRF guard validates only the initial request URL before handing the request to axios, and axios follows redirects by default. An authenticated workflow user can configure an HTTP request node to call an...

6.3CVSS
Exploits0References2
Cvelist
Cvelist
added 2 hours ago5 views

CVE-2026-61644 FastGPT: /api/core/chat/record/getCollectionQuote can disclose cross-tenant dataset text due to an unbound initialId lookup

FastGPT is a knowledge-based AI application platform. From 4.14.17 until 4.15.0-beta5, the POST /api/core/chat/record/getCollectionQuote endpoint authenticates the caller's chat and collection context, but the initialId center-node lookup is not bound to that authorized context. A low-privileged...

7.7CVSS
Exploits0References4
Cvelist
Cvelist
added 2 hours ago7 views

CVE-2026-61684 FastGPT: Unauthenticated cross-tenant data access via forgeable plugin-invoke JWT (default INVOKE_TOKEN_SECRET='token')

FastGPT is a knowledge-based AI application platform. In 4.15.0-beta4, FastGPT plugin invoke reverse-call endpoints under /api/invoke/ authenticate only by verifying a JWT signed with INVOKETOKENSECRET, which defaults to the constant string token and was not set in official deployment templates. ...

8.8CVSS
Exploits0References4
Cvelist
Cvelist
added 2 hours ago4 views

CVE-2026-62294 Flameshot: OCTOU symlink attack via predictable /tmp path in Flameshot "Open With"

Flameshot is powerful yet simple to use screenshot software. Prior to 14.0.0, the Open With feature wrote screenshots to a predictable temporary path and followed symlinks, creating a time-of-check to time-of-use race that allowed a local unprivileged attacker on the same machine to pre-plant a...

5.1CVSS
Exploits0References4
Cvelist
Cvelist
added 2 hours ago6 views

CVE-2026-61613 Cursor: Cloud Agent Browser Sandbox Escape

Cursor is a code editor built for programming with AI. Prior to the Cloud Agent fix on 03/31/2026, browser-enabled Cursor Cloud Agent sessions allowed attacker-controlled web content to connect from inside the agent container to an unauthenticated local agent endpoint, enabling code execution...

7.7CVSS
Exploits0References1
Cvelist
Cvelist
added 2 hours ago5 views

CVE-2026-61836 Directus: Authorization-dependent response served from unsegmented cache key

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 12.0.0, when response caching is enabled, the cache-key derivation in api/src/utils/get-cache-key.ts includes version, path, query, and accountability.user but omits authorization context such as share, role...

8.6CVSS
Exploits0References4
Total number of security vulnerabilities366385