Lucene search
K
VulnrichmentRecent

161659 matches found

Vulnrichment
Vulnrichment
added 1 hour ago2 views

CVE-2026-61460 Krayin CRM Insecure Direct Object Reference via Controllers

Krayin CRM through 2.2.3 contains an insecure direct object reference vulnerability in LeadController, PersonController, OrganizationController, QuoteController, and ActivityController that allows authenticated users to edit, update, or delete records owned by other users. Attackers can modify CR...

8.8CVSS6.1AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 1 hour ago2 views

CVE-2026-61461 Dify < 1.16.0-rc1 SQL Injection via MyScale Vector Store search_by_full_text

Dify before 1.16.0-rc1 contains a SQL injection vulnerability in the MyScale vector store backend that allows attackers to execute arbitrary SQL by supplying unsanitized search parameters to the searchbyfulltext method without escaping or parameterization. Attackers can inject malicious SQL throu...

8.8CVSS6.3AI score
Exploits0References5
Vulnrichment
Vulnrichment
added 1 hour ago2 views

CVE-2026-5801 SQLi in Semtek Informatics' SEM-PMP

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Semtek Informatics Software Consulting Trade Ltd. Co. SEM-PMP allows Command Line Execution through SQL Injection. This issue affects SEM-PMP: through 23042026...

9.8CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 1 hour ago2 views

CVE-2026-53450 Coturn: IPv4-mapped 127.0.0.1 bypasses default loopback peer protection

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, coturn rejects loopback peers by default unless allow-loopback-peers is enabled, but the default loopback guard can be bypassed by using the IPv4-mapped IPv6 peer address ::ffff:127.0.0.1 in a TURN...

7.4CVSS6.1AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 1 hour ago2 views

CVE-2026-53448 Coturn: SQL Injection in HTTPS Admin Panel Delete Operations

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.12.0, the coturn HTTPS admin panel passes HTTP query parameters directly into SQL queries via snprintf string interpolation without sanitization. The issecurestring filter that protects the STUN protocol path is not...

7.2CVSS6.2AI score
Exploits0References4
Vulnrichment
Vulnrichment
added 2 hours ago2 views

CVE-2026-2397 SQLi in AdamPOS' MobilMen 20T

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Adam Retail Automation Ltd. MobilMen 20T allows SQL Injection. This issue affects MobilMen 20T: from v3 through 10072026. NOTE: The vendor was contacted early about this disclosure but did not...

9.8CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2 hours ago2 views

CVE-2026-56665 ZITADEL: Missing Token Expiration (`exp`) Validation in JWT IdP Provider

ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL is an open source identity management platform. From 3.0.0-rc.1 through 3.4.11 and from 4.0.0-rc.1 through 4.15.1, ZITADEL's external JWT Identity Provider validation in internal/idp/providers/jwt/session....

4.2CVSS6.1AI score
Exploits0References5
Vulnrichment
Vulnrichment
added 2 hours ago3 views

CVE-2026-56664 ZITADEL: Missing Token Lifecyle Validation (`exp` and `iat`) in JWT IdP Provider

ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's external JWT Identity Provider validation in internal/idp/providers/jwt/session.go skips the maximum token age freshness check when an incoming token omits the iat claim, allowing arbitrarily old tokens...

4.2CVSS6.1AI score
Exploits0References5
Vulnrichment
Vulnrichment
added 2 hours ago2 views

CVE-2026-55672 ZITADEL: Missing client_id binding in OIDC authorization code exchange and refresh token flows (RFC 6749 Section 4.1.3 violation)

ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's OAuth2 and OIDC CodeExchange, RefreshToken, and device token flows fail to verify that the requesting client matches the client that initiated the authorization flow, allowing intercepted grants or refre...

7.4CVSS6.1AI score
Exploits0References5
Vulnrichment
Vulnrichment
added 2 hours ago2 views

CVE-2026-2398 IDOR in AdamPOS' MobilMen 20T

Authorization bypass through User-Controlled key vulnerability in Adam Retail Automation Ltd. MobilMen 20T allows Privilege Escalation. This issue affects MobilMen 20T: from v3 through 10072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

8.8CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2 hours ago2 views

CVE-2026-55669 ZITADEL: Missing Token Audience Validation (`aud`) in JWT IdP Provider

ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's external JWT Identity Provider validates a token's signature and issuer iss but not the audience aud claim, allowing a validly signed token from a trusted issuer for another relying party to be accepted ...

4.2CVSS6.1AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2 hours ago2 views

CVE-2026-55783 NanaZip: NULL pointer dereference in Extract() of all seven NanaZip custom archive handlers when extracting/testing the whole archive

NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's seven in-house IInArchive handlers in NanaZip.Codecs unconditionally dereference the caller-supplied Indices array inside Extract when the archive engine signals extract everything by passin...

2.4CVSS6.1AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2 hours ago3 views

CVE-2026-3251 XSS in Webremium's Mezunum Satiyorum

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Webremium Istanbul Web Design Mezunum Satiyorum allows Stored XSS. This issue affects Mezunum Satiyorum: from 1.2.504 through 10072026. NOTE: The vendor was contacted early about this disclosure bu...

6.4CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2 hours ago3 views

CVE-2026-57167 PeerTube: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

PeerTube is an ActivityPub-federated video streaming platform. Prior to 8.2.2, server-side-rendered video watch pages embed a schema.org JSON-LD block by JSON.stringify-ing video metadata without escaping less-than, greater-than, or slash characters, allowing a value containing the byte sequence...

5.1CVSS6.2AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2 hours ago2 views

CVE-2026-59193 Grav CMS — Improper Handling of Highly Compressed Data in Installer::unZip()

Grav is a file-based Web platform. Prior to 2.0.0, an authenticated admin.super user can crash Grav or fill the disk by uploading a specially crafted ZIP archive through the Direct Install tool because Installer::unZip calls ZipArchive::extractTo without limits on uncompressed size, entry count, ...

6.9CVSS6.1AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2 hours ago2 views

CVE-2026-59190 Grav Admin Plugin — IDOR Privilege Escalation via saveUser()

grav-plugin-admin is an HTML user interface that provides a way to configure Grav and create and modify pages. In 1.10.52 and earlier, an authenticated attacker with admin.users permission can change the password of any user account, including the super administrator, by sending a direct POST...

8.7CVSS6.1AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2 hours ago2 views

CVE-2026-1667 SEO Plugin by Squirrly SEO <= 14.0.0 - Unauthenticated Arbitrary Post Creation and Stored Cross-Site Scripting via savePost()

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Arbitrary Post Creation and Stored Cross-Site Scripting in all versions up to, and including, 14.0.0 due to a leak of an API token and insufficient input sanitization and output escaping. This makes it possible for unauthenticat...

7.2CVSS6.2AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 3 hours ago3 views

CVE-2026-58492 grav-plugin-database: SQL Injection in PDO::tableExists() due to Unsanitized Table Name Interpolation

grav-plugin-database is the database plugin for Grav CMS. Prior to 1.2.0, the PDO::tableExists method interpolates its table argument directly into a raw SQL query string without sanitization, escaping, quoting, or whitelisting, allowing attacker-controlled table names passed by consuming plugin ...

9.2CVSS6.3AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 3 hours ago2 views

CVE-2026-55890 Grav: Stored CSS injection via Markdown image ?style=… reaches MediaObjectTrait::style()

Grav is a file-based Web platform. Prior to 2.0.0-rc.9, Grav's incomplete fix for stored XSS through the Markdown media attribute action CVE-2026-42841 leaves the sibling MediaObjectTrait::style method reachable through the same Markdown excerpt-action pipeline, allowing an editor to save Markdow...

4.8CVSS6.1AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 3 hours ago4 views

CVE-2026-15377 Eleveo Call Recording Software sendlogfile improper authorization

A vulnerability was determined in Eleveo Call Recording Software 9.7.0. Affected by this vulnerability is an unknown functionality of the file /callrec/sendlogfile. This manipulation causes improper authorization. The attack may be initiated remotely. The exploit has been publicly disclosed and m...

5.3CVSS5.9AI score
Exploits0References5
Vulnrichment
Vulnrichment
added 3 hours ago3 views

CVE-2026-54919 cpp-httplib: TLS certificate chain verification bypassed for IP-literal hosts on Mbed TLS and wolfSSL backends

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In affected Mbed TLS backend versions from 0.31.0 through 0.46.1 and wolfSSL backend versions from 0.33.0 through 0.46.1, when cpp-httplib is built with CPPHTTPLIBMBEDTLSSUPPORT or CPPHTTPLIBWOLFSSLSUPPORT and a...

7.4CVSS6.9AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 3 hours ago3 views

CVE-2026-59180 Apprise forwards configured auth headers across cross-origin HTTP redirects

Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. Prior to 1.11.0, Apprise HTTP-based notification plugins and HTTP attachment and config loaders in apprise/attachment/http.py and apprise/config/http.py...

3.1CVSS6.1AI score
Exploits0References4
Vulnrichment
Vulnrichment
added 3 hours ago2 views

CVE-2026-54063 Excelize: Unbounded Row Index Allocation in Worksheet Parser (checkSheet OOM/Panic DoS)

Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the checkSheet function in github.com/xuri/excelize/v2 uses an attacker-controlled XML attribute value directly as the length argument to makexlsxRow, row without validating it against the Exc...

7.5CVSS6.1AI score0.0007EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 3 hours ago2 views

CVE-2026-59162 Excelize: Negative shared-string index causes panic in GetCellValue and GetRows

Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, Excelize parses shared-string cell values with strconv.Atoi and checks only the upper bound before indexing the shared string slice, allowing an XLSX file containing a shared-string cell with ...

6.9CVSS6.1AI score
Exploits0References4
Vulnrichment
Vulnrichment
added 3 hours ago3 views

CVE-2026-56675 9router: Reverse proxy locality collapse allows unauthenticated access to 9router /v1 APIs

9Router is an AI router & token saver. Prior to 0.5.2, 9router treats loopback requests as trusted and allows /v1/ access without an API key, so a same-host reverse proxy that forwards public traffic to the backend through 127.0.0.1 causes src/dashboardGuard.js to misclassify external requests as...

8.3CVSS6.1AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 3 hours ago3 views

CVE-2026-55638 9router: Unauthenticated LLM proxy access via /codex rewrite authorization bypass

9Router is an AI router & token saver. Prior to 0.5.2, 9router protects /v1, /v1beta, /api/v1, and /api/v1beta in src/dashboardGuard.js but omits /codex before next.config.mjs rewrites /codex/ to /api/v1/responses. A remote unauthenticated attacker can send requests to /codex/ to bypass the API-k...

8.6CVSS6.1AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 3 hours ago2 views

CVE-2026-55641 9router: Unauthenticated `/v1` proxy access via `Host`-header spoofing → open AI relay + SSRF

9Router is an AI router & token saver. Prior to 0.5.2, 9router determines whether a /v1 LLM proxy request is local by reading the client-controlled Host header, allowing a remote unauthenticated attacker to send Host: localhost and bypass API-key authentication. In the default configuration, this...

8.2CVSS6.1AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 4 hours ago4 views

CVE-2026-55500 9router: Exposure of Sensitive Information and Unprotected Database Import/Export Allows Complete Credential Theft and Database Takeover

9Router is an AI router & token saver. Prior to 0.4.80, the /api/settings/database endpoint allows full database export containing all credentials, API keys, OAuth tokens, and settings and full database import complete overwrite without any authentication requirement beyond the ALWAYSPROTECTED...

9.9CVSS6.1AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 4 hours ago5 views

CVE-2026-15143 Guardrails-detectors: guardrails-detectors: ssrf and local file read via user-supplied xml schema (xml-with-schema:)

A flaw was found in the filetype content detector of guardrails-detectors. This vulnerability allows a remote attacker to supply an arbitrary XML Schema Definition XSD string, which is processed without proper restrictions. This can lead to server-side requests to arbitrary URLs or local file...

9.3CVSS6.1AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 4 hours ago3 views

CVE-2026-55501 9router: Login brute-force protection bypass via spoofed X-Forwarded-For header

9Router is an AI router & token saver. Prior to 0.4.80, the dashboard login rate limiter in src/lib/auth/loginLimiter.js derives the client identity from the attacker-controlled X-Forwarded-For HTTP header, and src/app/api/auth/login/route.js uses that spoofable value for checkLock and recordFail...

7.3CVSS6.2AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 4 hours ago3 views

CVE-2026-54149 MaxKB MCP tool import validation bypass allows post-authentication remote code execution

MaxKB is an open-source AI assistant for enterprise. Prior to 2.10.0-lts, MaxKB tool import functionality in apps/tools/serializers/tool.py and MCP referencing mode in apps/application/chatpipeline/step/chatstep/impl/basechatstep.py do not consistently validate MCP transport type, allowing an...

8.8CVSS6.2AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 4 hours ago3 views

CVE-2026-15374 Eleveo Call Recording Software Group roleAddAction.do improper authorization

A flaw has been found in Eleveo Call Recording Software 9.7.0. This affects an unknown function of the file /callrec/roleAddAction.do of the component Group Interface. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been...

6.5CVSS6.3AI score
Exploits0References5
Vulnrichment
Vulnrichment
added 4 hours ago3 views

CVE-2026-8595 Stored XSS in the table panel (TableNG)

A user with Editor permissions can craft a dashboard whose table TableNG panel contains a malicious field name that executes as a script in the browser of any user who views the dashboard stored cross-site scripting...

6.8CVSS6AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 4 hours ago3 views

CVE-2026-8609 Pre-authentication denial of service via the OAuth login route

An unauthenticated attacker can repeatedly call Grafana's OAuth login route with unique values, causing unbounded memory growth that can eventually exhaust memory and crash the Grafana instance denial of service...

5.3CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 4 hours ago2 views

CVE-2026-33382 Denial of service via unbounded request body size

Several Grafana API endpoints, some of them unauthenticated, do not limit the size of the request body before processing it. An attacker can send very large payloads that force excessive memory allocation, potentially exhausting memory and causing a denial of service...

7.5CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 4 hours ago2 views

CVE-2026-15373 Eleveo Call Recording Software userAddAction.do improper authorization

A vulnerability was detected in Eleveo Call Recording Software 9.7.0. The impacted element is an unknown function of the file /callrec/userAddAction.do. Performing a manipulation of the argument role results in improper authorization. It is possible to initiate the attack remotely. The exploit is...

6.5CVSS6.5AI score
Exploits0References5
Vulnrichment
Vulnrichment
added 4 hours ago2 views

CVE-2026-46388 osquery: Unprivileged users can temporarily read file carve contents

osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, an unprivileged attacker can read the contents of an osquery file carve until the carve completes and the temporary files are deleted because in-progress carve directories are not...

4.4CVSS6.2AI score
Exploits0References4
Vulnrichment
Vulnrichment
added 5 hours ago3 views

CVE-2026-61492

In JetBrains YouTrack before 2026.2.17394 stored XSS via article titles in digest emails was possible...

3.5CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 5 hours ago3 views

CVE-2026-59796

In JetBrains TeamCity before 2026.1.2 pipeline modification was possible due to improper permission checks...

8.1CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 5 hours ago3 views

CVE-2026-59795

In JetBrains TeamCity before 2026.1.2 stored XSS via unauthenticated agent registration was possible...

8.1CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 5 hours ago3 views

CVE-2026-59794

In JetBrains TeamCity before 2026.1.2 stored XSS on the cloud profile page was possible via agent-reported data...

7.3CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 5 hours ago3 views

CVE-2026-59793

In JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the Perforce VCS integration...

8.8CVSS6.2AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 5 hours ago3 views

CVE-2026-59792

In JetBrains IntelliJ IDEA before 2026.1.4, 2026.2 code execution via path traversal in project workspace ID handling was possible...

9.6CVSS6.4AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 5 hours ago3 views

CVE-2026-59791

In JetBrains YouTrack before 2026.2.17012 cSS injection via Mermaid diagram rendering was possible...

3.5CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 5 hours ago3 views

CVE-2026-38059 ST Engineering iDirect iQ-Series Terminals Missing authentication for critical function

The iDirect iQ200 exposes the /api/identity and /api/ REST API endpoints without authentication. An unauthenticated attacker with network access can retrieve sensitive device information including the serial number, Device ID DID, Terminal Private Key identifier TPK, MAC address, and exact firmwa...

8.7CVSS6.1AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 5 hours ago3 views

CVE-2026-38057 ST Engineering iDirect iQ-Series Terminals Cross-Site request forgery

The iDirect iQ200 does not validate CSRF tokens on state-changing API endpoints after authentication. The /api/reboot endpoint accepts POST requests authenticated solely by a session cookie that lacks the SameSite attribute. A remote attacker can host a malicious web page that, when visited by an...

8.1CVSS6.1AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 5 hours ago3 views

CVE-2026-29519 Lucee CFML Server Reflected XSS via URL Path Parsing

Lucee CFML Server versions across the 5.3.x, 6.1.x, 6.2.x, and 7.0.x release lines contain a reflected cross-site scripting vulnerability in URL path parsing that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser by embedding HTML or JavaScript payloads...

8.2CVSS6.3AI score
Exploits1References2
Vulnrichment
Vulnrichment
added 5 hours ago3 views

CVE-2026-61455 Grav before 2.0.1 Decompression Bomb via ZipArchiver

Grav before 2.0.1 contains a decompression bomb vulnerability in ZipArchiver::extract that lacks limits on uncompressed size, file count, and nesting depth. Attackers can supply a crafted ZIP archive that expands to fill available disk space, causing denial of service by exhausting storage...

7.1CVSS6.1AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 5 hours ago2 views

CVE-2026-61441 PraisonAI Platform before 0.1.9 Authorization Bypass via Dependencies

PraisonAI Platform praisonai-platform before 0.1.9 improperly authorizes deletion of issue dependencies. The DELETE dependency route accepts either endpoint of a dependency edge and checks delete permission only against the caller-selected URL issue. A workspace member who cannot delete a...

7.1CVSS6.1AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 5 hours ago3 views

CVE-2026-61431 PraisonAI before 4.6.78 Path Traversal via ContextGatherer

PraisonAI before 4.6.78 contains a path traversal vulnerability in ContextGatherer that fails to validate include paths in .praisoncontext and .praisoninclude files. Attackers can supply absolute paths or parent directory traversal sequences to read arbitrary files outside the workspace and inclu...

6.8CVSS6.2AI score
Exploits0References3
Total number of security vulnerabilities161659