Lucene search
K

364744 matches found

NVD
NVD
added 2026/06/11 7:16 p.m.12 views

CVE-2026-47175

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, several moderation commands echo user-controlled reason text in public bot replies without disabling mention parsing. A moderator who does not have permission to mention everyone can...

2.3CVSS0.00235EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 7:16 p.m.14 views

CVE-2026-47173

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a normal user can create a ticket with a reason containing @everyone, @here, user mentions, or role mentions. When the ticket is created, the bot posts the attacker-controlled reason...

6.3CVSS0.00263EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 7:16 p.m.11 views

CVE-2026-47176

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, a user who can configure bot settings can enable logging and choose a logging channel they can read. The bot then logs deleted and edited message contents from every channel it can...

5.7CVSS0.00251EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 7:16 p.m.14 views

CVE-2026-47169

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a user with Manage Server / ManageGuild, but without Manage Roles or Administrator, can configure the bot’s AutoRole feature to assign an arbitrary role to new members. If the select...

7.5CVSS0.00238EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 7:16 p.m.16 views

CVE-2026-47163

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.1, any guild member who can invoke slash commands can use /automod add, /automod remove, and /automod list because the command has no Discord default permission requirement and no runti...

7.2CVSS0.00215EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 7:16 p.m.10 views

CVE-2026-47170

Garlic-Hub manages digital signage network — devices, content, and playlists — from a single self-hosted interface. Prior to version 1.1, authenticated users can cause the server to issue arbitrary HTTP requests to internal services via the uploadFromUrl endpoint. This allows internal port...

7.7CVSS0.00209EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 7:16 p.m.40 views

CVE-2026-47162

Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when serializing browsed directory paths to the history file /.vim/.netrwhist. A...

8.8CVSS0.00219EPSS
Exploits0References6
NVD
NVD
added 2026/06/11 7:16 p.m.12 views

CVE-2026-47167

Vim is an open source, command line text editor. Prior to version 9.2.0496, a code injection vulnerability exists in s:stepmatch in the cucumber filetype plugin runtime/ftplugin/cucumber.vim on Vim builds with +ruby support. Step-definition patterns read from .rb files under the repository's...

5.3CVSS0.00135EPSS
Exploits0References3
NVD
NVD
added 2026/06/11 7:16 p.m.10 views

CVE-2026-46519

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.6.0, mcp-server-kubernetes exposes three environment variables ALLOWONLYREADONLYTOOLS, ALLOWONLYNONDESTRUCTIVETOOLS, ALLOWEDTOOLS documented as access controls for restricting which...

8.8CVSS0.00376EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 7:16 p.m.11 views

CVE-2026-45178

Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit improper access control within internal cluster endpoints. A remote, authenticated attacker possessing standard node-level credentials could leverage these endpoints to potentially retrieve unauthorized secrets or cause a denial ...

8.4CVSS0.00361EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 7:16 p.m.12 views

CVE-2026-45176

Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within high-privileged agent components. A local, low-privileged attacker could exploit this by manipulating an internal communication mechanism or file operation. Under specific circumstances, this coul...

8.9CVSS0.00124EPSS
Exploits0References3
NVD
NVD
added 2026/06/11 7:16 p.m.12 views

CVE-2026-45177

Idira Secrets Manager SaaS Edge versions prior to 1.8 exhibit improper access control within its internal authentication components. A remote, unauthenticated attacker could exploit this by submitting a specially crafted request. Under specific circumstances, this could allow the attacker to...

9.1CVSS0.00503EPSS
Exploits0References1
NVD
NVD
added 2026/06/11 7:16 p.m.13 views

CVE-2026-11774

An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. In sasliostartpacket, adding sizeofuint32t to a crafted SASL packet length prefix of 0xFFFFFFFC causes unsigned wraparound to zero, bypassing the nsslapd-maxsasliosize limit and leading to a heap buffer...

7.6CVSS0.0067EPSS
Exploits0References20
NVD
NVD
added 2026/06/11 7:16 p.m.12 views

CVE-2025-46315

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to access protected user data...

7.5CVSS0.0027EPSS
Exploits0References1
NVD
NVD
added 2026/06/11 7:16 p.m.12 views

CVE-2025-46293

This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data...

5.5CVSS0.0014EPSS
Exploits0References1
NVD
NVD
added 2026/06/11 7:16 p.m.9 views

CVE-2025-46308

An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to leak sensitive user information...

5.3CVSS0.0023EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 7:16 p.m.14 views

CVE-2025-46313

A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data...

5.5CVSS0.0013EPSS
Exploits0References1
NVD
NVD
added 2026/06/11 7:16 p.m.8 views

CVE-2025-43278

This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data...

5.5CVSS0.00151EPSS
Exploits0References1
NVD
NVD
added 2026/06/11 7:16 p.m.11 views

CVE-2025-43339

An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26.1. A malicious app may be able to access sensitive user data...

5.5CVSS0.00112EPSS
Exploits0References1
NVD
NVD
added 2026/06/11 7:16 p.m.13 views

CVE-2025-30431

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious app may be able to access private information...

5.5CVSS0.00127EPSS
Exploits0References3
NVD
NVD
added 2026/06/11 7:16 p.m.10 views

CVE-2025-30459

A privacy issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data...

5.5CVSS0.00122EPSS
Exploits0References1
NVD
NVD
added 2026/06/11 7:16 p.m.10 views

CVE-2025-24284

This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Sequoia 15.4. An app may be able to break out of its sandbox...

8.8CVSS0.00127EPSS
Exploits0References1
NVD
NVD
added 2026/06/11 7:16 p.m.13 views

CVE-2025-31272

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4. An app may be able to bypass launch constraint protections and execute malicious code with elevated privileges...

7.8CVSS0.00115EPSS
Exploits0References1
NVD
NVD
added 2026/06/11 7:16 p.m.12 views

CVE-2025-24268

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data...

5.5CVSS0.0014EPSS
Exploits0References1
NVD
NVD
added 2026/06/11 7:16 p.m.11 views

CVE-2025-24165

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to cause unexpected system termination...

5.5CVSS0.00121EPSS
Exploits0References3
NVD
NVD
added 2026/06/11 6:16 p.m.13 views

CVE-2026-47157

aiograpi is an asynchronous Instagram API for Python. aiograpi versions before 0.9.10 accepted server-supplied signup challenge paths and used them to build request URLs before validating that the paths were relative Instagram API paths. If an attacker can influence a challenge response, for...

6.5CVSS0.00195EPSS
Exploits0References4
NVD
NVD
added 2026/06/11 6:16 p.m.14 views

CVE-2026-48546

KanaDojo before 0.1.18 contains a sandbox escape vulnerability that allows an attacker to execute arbitrary code by exploiting the explicit passing of the global require function into a Node.js vm.runInNewContext sandbox context in the issue-auto-respond.yml workflow. Attackers can submit a pull...

8.5CVSS0.00487EPSS
Exploits0References3
NVD
NVD
added 2026/06/11 6:16 p.m.13 views

CVE-2026-46698

Fediverse Embeds embeds fediverse posts on WordPress sites. Prior to version 1.5.9, Fediverse Embeds registered the unauthenticated AJAX action wpajaxnoprivftfgetsiteinfo includes/SiteInfo.php that verified a nonce ftf-fediverse-embeds-nonce and then called filegethtml$siteurl on the...

5.3CVSS0.00229EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 6:16 p.m.25 views

CVE-2026-49261

MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with wsrepnotifycmd enabled would execute shell commands embedded in the name of the joiner node. This is fixed in...

10CVSS0.00998EPSS
Exploits0References12
NVD
NVD
added 2026/06/11 6:16 p.m.13 views

CVE-2026-11986

A flaw was found in the admin-ui-ext component of Keycloak, which provides extended administrative user interface capabilities. The issue occurs because certain bulk role-removal endpoints fail to perform granular permission checks when deleting role mappings. This allows a delegated administrato...

4.9CVSS0.00201EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 6:16 p.m.15 views

CVE-2026-46697

Fediverse Embeds embeds fediverse posts on WordPress sites. Prior to version 1.5.8, Fediverse Embeds registered an unauthenticated REST route ftf/media-proxy includes/MediaProxy.php with permissioncallback = returntrue that accepted a base64-encoded URL and forwarded it to wpremoteget$url without...

7.5CVSS0.00234EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 6:16 p.m.13 views

CVE-2026-3329

A remote unauthenticated attacker may be able to conduct credential-guessing attacks against user accounts in Sonatype Nexus Repository via authentication endpoints...

8.7CVSS0.00503EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 5:16 p.m.30 views

CVE-2026-49982

tmp is a temporary file and directory creator for node.js. In version 0.2.6, the assertPath guard added to tmp rejects only string values that contain the substring ... It is bypassed when prefix, postfix, or template is supplied as a non-string value Array, Buffer, or any object whose includes'....

8.2CVSS0.00496EPSS
Exploits1References1
NVD
NVD
added 2026/06/11 5:16 p.m.14 views

CVE-2026-44490

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, axios exposes two read-side prototype-pollution gadgets. When Object.prototype is polluted by an upstream dependency in the same process e.g. lodash .merge / CVE-2018-16487, axios silently picks up the...

8.2CVSS0.00287EPSS
Exploits1References1
NVD
NVD
added 2026/06/11 5:16 p.m.14 views

CVE-2026-44705

tmp is a temporary file and directory creator for node.js. Prior to 0.2.6, the tmp npm package contains a path traversal vulnerability that allows escaping the intended temporary directory when untrusted data flows into the prefix, postfix, or dir options. By embedding traversal sequences e.g., ....

8.7CVSS0.00354EPSS
Exploits1References1
NVD
NVD
added 2026/06/11 5:16 p.m.19 views

CVE-2026-44492

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios does not normalise IPv4-mapped IPv6 addresses. When NOPROXY lists an IPv4 address such as 127.0.0.1 or 169.254.169.254, a request URL using the IPv4-mapped IPv6 form ::ffff:7f00:1, ::ffff:a9fe:a9fe...

8.6CVSS0.00921EPSS
Exploits1References27
NVD
NVD
added 2026/06/11 5:16 p.m.13 views

CVE-2026-44495

Axios is a promise based HTTP client for the browser and Node.js. From 0.19.0 to before 0.31.1 and 1.15.2, Axios contains prototype-pollution gadgets in request config processing. If another vulnerability in the same JavaScript process has already polluted Object.prototype.transformResponse,...

7CVSS0.00495EPSS
Exploits0References28
NVD
NVD
added 2026/06/11 5:16 p.m.17 views

CVE-2026-44494

Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.16.0, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution in the application's dependency tree to be escalated into a full Man-in-the-Middle MIT...

8.7CVSS0.01041EPSS
Exploits1References31
NVD
NVD
added 2026/06/11 5:16 p.m.18 views

CVE-2026-44496

Axios is a promise based HTTP client for the browser and Node.js. Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the 1.x line build a regular expression from the configured XSRF cookie name without escaping regex metacharacters. In standard browser environments, an attacker who...

7.5CVSS0.00645EPSS
Exploits1References28
NVD
NVD
added 2026/06/11 5:16 p.m.15 views

CVE-2026-44489

Axios is a promise based HTTP client for the browser and Node.js. From 1.15.2 to before 1.16.0, nested objects created by utils.merge e.g., config.proxy are still constructed as plain with Object.prototype in their chain. The setProxy function at lib/adapters/http.js:209-223 reads proxy.username,...

5.3CVSS0.00228EPSS
Exploits1References1
NVD
NVD
added 2026/06/11 5:16 p.m.13 views

CVE-2026-44486

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’ Node.js HTTP adapter can leak proxy credentials to a redirect target in affected versions. When a request is sent through an authenticated proxy, Axios may add a Proxy-Authorization header. If Axi...

7.5CVSS0.00552EPSS
Exploits1References25
NVD
NVD
added 2026/06/11 5:16 p.m.15 views

CVE-2026-44488

Axios is a promise based HTTP client for the browser and Node.js. Axios versions 1.7.0 through 1.15.x did not enforce configured request and response size limits when requests were sent with the fetch adapter. Applications that selected adapter: 'fetch', or ran in environments where axios resolve...

7.5CVSS0.0063EPSS
Exploits1References29
NVD
NVD
added 2026/06/11 5:16 p.m.14 views

CVE-2026-44487

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’s Node.js HTTP adapter may forward a Proxy-Authorization header to a redirected origin during specific proxy-to-direct redirect flows. This affects Node.js usage, where an initial HTTP request is...

8.2CVSS0.00689EPSS
Exploits1References29
NVD
NVD
added 2026/06/11 5:16 p.m.17 views

CVE-2026-11945

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a JSON document and placing malicious code inside a particular key-value pair. If a superuser calls the importdatabaserules or importrolesrules functions, the malicious code is executed with...

7.5CVSS0.00247EPSS
Exploits1References1
NVD
NVD
added 2026/06/11 4:16 p.m.53 views

CVE-2026-9648

The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names fall outside the issuing CA’s permitted subtrees. This oversight enables an attacker who compromises a name-constrained sub-CA to...

9.1CVSS0.00223EPSS
Exploits0References5
NVD
NVD
added 2026/06/11 4:16 p.m.19 views

CVE-2026-7870

IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege...

8.8CVSS0.00343EPSS
Exploits0References1
NVD
NVD
added 2026/06/11 4:16 p.m.15 views

CVE-2026-7787

IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references...

8.1CVSS0.00248EPSS
Exploits0References1
NVD
NVD
added 2026/06/11 4:16 p.m.16 views

CVE-2026-4096

IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking...

6.5CVSS0.00149EPSS
Exploits0References1
NVD
NVD
added 2026/06/11 4:16 p.m.19 views

CVE-2026-53777

Perry before 0.5.1159 contains a path traversal vulnerability that allows a malicious build server to write arbitrary content to any location writable by the running process by supplying unsanitized path components in the artifactname field of ArtifactReady WebSocket messages. Attackers controlli...

8.6CVSS0.00379EPSS
Exploits0References5
NVD
NVD
added 2026/06/11 4:16 p.m.14 views

CVE-2026-3341

IBM Langflow Desktop 1.0.0 through 1.9.2 IBM Langflow is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

5.4CVSS0.00138EPSS
Exploits0References1
Total number of security vulnerabilities364744