Lucene search
K

363761 matches found

NVD
NVD
added 2026/06/26 5:16 p.m.9 views

CVE-2026-48529

GitHub MCP Server is GitHub's official MCP Server. From 0.22.0 until 1.1.2, when running in HTTP mode with --lockdown-mode enabled, the RepoAccessCache is implemented as a process-global singleton initialized with the first authenticated user's GraphQL client. All subsequent requests from differe...

6CVSS0.00205EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 5:16 p.m.9 views

CVE-2026-45406

Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-includes/ git repository directory to the host and then interpolates their filenames, unescaped, into a single-quoted shell string that is later parsed by eval. A filename...

9CVSS0.00274EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 5:16 p.m.9 views

CVE-2026-45407

Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:auth command creates $DOKKUROOT/.netrc using bash's touch command, which applies the default umask of 0644. This pre-creation defeats the netrc binary's built-in 0600 permission setting, leaving git credentials readable by any local user wh...

5.5CVSS0.00089EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 5:16 p.m.8 views

CVE-2026-45408

Dokku is a docker-powered PaaS. Prior to 0.38.2, the app name validation regex ^a-z0-9^/:A-Z$ permits shell metacharacters. When an authenticated user pushes to a git remote with a crafted app name, the name is embedded unquoted into a bash pre-receive hook script via an unquoted heredoc EOF...

9CVSS0.00234EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 5:16 p.m.10 views

CVE-2026-45405

Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive and certs:add commands extract user-supplied tar/zip archives into temporary directories without sanitizing member paths or preventing symlink traversal. GNU tar creates symlinks during extraction and follows them for subsequen...

9CVSS0.00289EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 5:16 p.m.9 views

CVE-2026-11779

An Improper Authorization vulnerability exists in PayloadCMS version 3.84.1 due to insufficient access control on the account unlock operation...

5.3CVSS0.00235EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 5:16 p.m.9 views

CVE-2026-28385

In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery SSRF vulnerability in the image import functionality allows authenticated users with the cancreateimages entitlement to interact with internal network infrastructure via the /images endpoint. When importing an image from a...

5CVSS0.0017EPSS
Exploits1References2
NVD
NVD
added 2026/06/26 5:16 p.m.9 views

CVE-2026-13434

A flaw was found in KubeVirt's network annotation generator. When a tenant creates a VirtualMachineInstance with a Multus network configuration, the supplied networkName value is written verbatim into the launcher pod's v1.multus-cni.io/default-network annotation without format validation or...

4.9CVSS0.00155EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 5:16 p.m.11 views

CVE-2025-32394

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.32, there is a DoS vulnerability in AITextSummarizerBlock. Malicious users can amplify their input. For example, if a malicious user inputs 10K of content, the...

5.3CVSS0.00247EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 5:16 p.m.9 views

CVE-2025-32423

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.32, there is a DoS vulnerability in ExtractTextInformationBlock. Malicious users can amplify their input. For example, if a malicious user inputs 10K of content,...

5.3CVSS0.00247EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 4:16 p.m.9 views

CVE-2026-9640

A privilege escalation vulnerability exists in LXD from 6.0 before 6.9, 5.21.0 before 5.21.5, and 5.0.0 before 5.0.7 regarding the handling of project-restriction policies during snapshot restoration.. An authenticated project operator in a restricted multi-tenant environment can bypass policy...

7.2CVSS0.00342EPSS
Exploits1References4
NVD
NVD
added 2026/06/26 4:16 p.m.8 views

CVE-2026-9639

Nil-pointer dereference in CreateCustomVolumeFromBackup in LXD up to version 6.8 and 5.21 on Linux allows an authenticated user with cancreatestoragevolumes permissions to cause a denial of service via a specially crafted custom-volume backup tarball that omits the expiresat snapshot field...

6.5CVSS0.00389EPSS
Exploits1References3
NVD
NVD
added 2026/06/26 4:16 p.m.7 views

CVE-2026-5757

Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence...

7.5CVSS0.00551EPSS
Exploits1References3
NVD
NVD
added 2026/06/26 4:16 p.m.9 views

CVE-2026-47214

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.94.0, the HTML backend has unsafe URI and path handling. This vulnerability is fixed in 2.94.0...

7.1CVSS0.00217EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 4:16 p.m.9 views

CVE-2026-44018

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.45.0 until 2.91.0, the METS-GBS backend's XML parsing and the input document format detection lacked security controls. An attacker could craft malicious METS-GBS...

7.1CVSS0.00113EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 4:16 p.m.8 views

CVE-2026-12411

Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device PATCH request over /dev/lxd when security.devlxd.management.volumes is enabled...

9.6CVSS0.00209EPSS
Exploits1References2
NVD
NVD
added 2026/06/26 4:16 p.m.8 views

CVE-2026-45195

Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory read or write outside the permitted range of memory for the host kernel. Addresses passed to the GPU Firmware can be used by the Firmware for more privileged memory accesses...

7.8CVSS0.00106EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 4:16 p.m.12 views

CVE-2026-21734

A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device. An...

7.7CVSS0.00118EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 4:16 p.m.9 views

CVE-2026-0685

Server side template inject SSTI in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achieve remote code execution RCE via crafted template expressions...

9.8CVSS0.00726EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 4:16 p.m.9 views

CVE-2026-0828

Kernel driver ProcessMonitorDriver.sys in Safetica's endpoint client x64 , versions 10.5.75.0 and 11.11.4.0, allows unprivileged user to abuse IOCTL path and terminate protected system processes...

7.5CVSS0.00461EPSS
Exploits2References2
NVD
NVD
added 2026/06/26 4:16 p.m.12 views

CVE-2025-11919

The default JVM can access files and directories under /tmp/ including the $TemporaryDirectory of other users on the same cloud instance /tmp/UserTemporaryFiles/. The -init file for the the JVM initialization exists in the vulnerable directory during the startup of the JVM. An attacker with acces...

9.6CVSS0.004EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 4:16 p.m.8 views

CVE-2023-20540

An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input, potentially leading to a loss of data integrity...

1.8CVSS0.00114EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 4:16 p.m.8 views

CVE-2023-20572

An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the input of an arbitrary message, potentially leading to a loss of data integrity...

5.6CVSS0.00114EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.10 views

CVE-2026-9699

Mattermost Plugins versions =11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI API before logging, which allows a user with access to server logs or support packets to obtain a valid or partially reconstructable OpenAI API key via inspection of mattermost.log entries...

6.8CVSS0.00325EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.10 views

CVE-2026-57662

Contributor SQL Injection in Contest Gallery = 30.0.0 versions...

8.5CVSS0.00211EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.9 views

CVE-2026-57663

Contributor SQL Injection in Recipe Maker For Your Food Blog from Zip Recipes = 8.2.7 versions...

8.5CVSS0.00211EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.7 views

CVE-2026-57665

Unauthenticated Insecure Direct Object References IDOR in GravityView = 3.0.0 versions...

5.3CVSS0.00187EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.8 views

CVE-2026-57661

Subscriber Broken Access Control in WPComplete = 2.9.5.5 versions...

5.4CVSS0.00223EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.10 views

CVE-2026-57664

Unauthenticated Sensitive Data Exposure in Bopo – WooCommerce Product Bundle Builder = 1.1.6 versions...

4.3CVSS0.00176EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.8 views

CVE-2026-57660

Unauthenticated Broken Access Control in Booking and Rental Manager = 2.7.1 versions...

5.3CVSS0.00176EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.9 views

CVE-2026-57667

Sales Representative SQL Injection in Groundhogg = 4.5 versions...

8.5CVSS0.00211EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.8 views

CVE-2026-57659

Unauthenticated Cross Site Request Forgery CSRF in Paid Memberships Pro - Add Member From Admin = 0.7.2 versions...

8.8CVSS0.0013EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.8 views

CVE-2026-57651

Contributor Cross Site Scripting XSS in Ghost Kit = 3.6.0 versions...

6.5CVSS0.0013EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.8 views

CVE-2026-57656

Author Cross Site Scripting XSS in Hester Core = 1.1.8 versions...

5.9CVSS0.0014EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.7 views

CVE-2026-57657

Unauthenticated Cross Site Request Forgery CSRF in Gmail SMTP = 1.2.3.19 versions...

4.3CVSS0.00098EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.6 views

CVE-2026-57658

Administrator Arbitrary File Upload in TemplateSpare = 4.2.0 versions...

9.1CVSS0.00278EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.10 views

CVE-2026-57655

Unauthenticated Cross Site Request Forgery CSRF in Child Theme Wizard = 1.4 versions...

8.2CVSS0.00112EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.9 views

CVE-2026-57653

Contributor SQL Injection in WP Job Portal = 2.5.2 versions...

8.5CVSS0.00211EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.7 views

CVE-2026-57652

Unauthenticated Insecure Direct Object References IDOR in JS Help Desk = 3.1.0 versions...

5.3CVSS0.00187EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.8 views

CVE-2026-57654

Affiliate Broken Access Control in Affiliates Manager = 2.9.49 versions...

6.5CVSS0.00174EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.6 views

CVE-2026-57647

Contributor Local File Inclusion in Panorama Viewer – 360 Degree Image + Video Viewer = 1.6.1 versions...

7.5CVSS0.00259EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.6 views

CVE-2026-57650

Contributor Cross Site Scripting XSS in Magazine Blocks = 1.8.3 versions...

6.5CVSS0.0013EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.9 views

CVE-2026-57646

Subscriber Insecure Direct Object References IDOR in Majestic Support = 1.1.7 versions...

5.4CVSS0.00181EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.8 views

CVE-2026-57644

Contributor SQL Injection in Restaurant Menu by MotoPress = 2.4.10 versions...

8.5CVSS0.00211EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.7 views

CVE-2026-57645

newsletterssubscribers Broken Access Control in Newsletters = 4.13 versions...

8.1CVSS0.00189EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.7 views

CVE-2026-57649

Subscriber Broken Access Control in Shoppable Images Lite = 1.3 versions...

4.3CVSS0.00213EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.7 views

CVE-2026-57648

Contributor Broken Access Control in Nelio Content = 4.3.4 versions...

4.3CVSS0.00152EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.5 views

CVE-2026-57641

Unauthenticated Cross Site Request Forgery CSRF in Real Estate 7 = 3.5.9 versions...

6.5CVSS0.00127EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.7 views

CVE-2026-57643

Contributor SQL Injection in WP Post Author = 3.9.1 versions...

8.5CVSS0.00211EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.9 views

CVE-2026-57636

Contributor SQL Injection in wpForo Forum = 3.0.9 versions...

8.5CVSS0.00211EPSS
Exploits0References1
Total number of security vulnerabilities363761