Lucene search
K
VulnrichmentRecent

163182 matches found

Vulnrichment
Vulnrichment
added 2 hours ago4 views

CVE-2026-58559

DoS vulnerability in the vibration service. Impact: Successful exploitation of this vulnerability may affect availability...

6.5CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2 hours ago5 views

CVE-2026-58558

Permission control vulnerability in the file system. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

7.8CVSS6.1AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2 hours ago4 views

CVE-2026-58556

Permission control vulnerability in the Bluetooth module. Impact: Successful exploitation of this vulnerability may affect availability...

5.1CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2 hours ago4 views

CVE-2026-15779 Samba-winbind: samba: pam_winbind mkhomedir chowns critical system paths without validation

A flaw was found in samba's pamwinbind. When mkhomedir is enabled, pamwinbind chowns the target account's home directory without validating the path is not a critical system directory such as /. On affected systems, accounts with / as their home directory a common default for system accounts can...

6.1CVSS6.1AI score
Exploits0References5
Vulnrichment
Vulnrichment
added 2 hours ago5 views

CVE-2026-15809 Github.com/cri-o/cri-o: fix bypass for cve-2022-4318 — /etc/passwd injection via home env

A flaw was found in CRI-O. The fix for a previous vulnerability CVE-2022-4318 was incorrect, allowing it to be bypassed. An attacker capable of setting environment variables on a container can inject a newline character into the HOME environment variable. This issue allows the addition of arbitra...

7.8CVSS6.1AI score
Exploits0References5
Vulnrichment
Vulnrichment
added 2 hours ago4 views

CVE-2026-58557

Design defect vulnerability in Expedition mode. Impact: Successful exploitation of this vulnerability may affect availability...

4.8CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 3 hours ago3 views

CVE-2026-58554

Permission control vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

6.6CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 3 hours ago3 views

CVE-2026-58555

Permission bypass vulnerability in the card module. Impact: Successful exploitation of this vulnerability may affect availability...

6.6CVSS6.1AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 3 hours ago3 views

CVE-2026-58553

Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

4CVSS6.1AI score
Exploits0References4
Vulnrichment
Vulnrichment
added 3 hours ago2 views

CVE-2026-58552

Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

5.1CVSS
Exploits0References4
Vulnrichment
Vulnrichment
added 3 hours ago2 views

CVE-2026-58551

Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

5.1CVSS
Exploits0References4
Vulnrichment
Vulnrichment
added 3 hours ago3 views

CVE-2026-58550

Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

4CVSS
Exploits0References4
Vulnrichment
Vulnrichment
added 3 hours ago2 views

CVE-2026-58549

Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

4CVSS
Exploits0References4
Vulnrichment
Vulnrichment
added 4 hours ago2 views

CVE-2026-61872 ImageMagick before 7.1.2-26 Memory Leak via TIFF Encoder

ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the TIFF encoder when an invalid tiff:tile-geometry is specified. Supplying malformed tile geometry parameters causes allocated memory not to be released, which can lead to increased memory consumption...

2.5CVSS
Exploits0References2
Vulnrichment
Vulnrichment
added 4 hours ago2 views

CVE-2026-61871 ImageMagick before 7.1.2-26 Memory Leak in ICON decoder

ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the ICON decoder that occurs when a memory allocation fails. Processing a crafted ICON file that triggers an allocation failure leaks memory, which may lead to a denial of service...

6.3CVSS6.1AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 4 hours ago1 views

CVE-2026-61868 ImageMagick before 7.1.2-26 Memory Leak in YUV Decoder

ImageMagick before 7.1.2-26 and 6.9.x before 6.9.13-51 contains a memory leak in the YUV decoder that occurs when opening of the blob fails. Repeated triggering can lead to resource exhaustion denial of service...

6.3CVSS
Exploits0References2
Vulnrichment
Vulnrichment
added 4 hours ago3 views

CVE-2026-61867 ImageMagick before 7.1.2-26 Memory Leak in TIFF Encoder

ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the TIFF encoder when memory allocation fails. Attackers can trigger allocation failures during TIFF image processing to cause memory exhaustion and denial of service...

2.9CVSS6.1AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 4 hours ago3 views

CVE-2026-61865 ImageMagick before 7.1.2-26 Memory Leak in Hough Lines

ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the hough lines operation: when a specific operation fails, a small memory leak occurs...

2.9CVSS
Exploits0References2
Vulnrichment
Vulnrichment
added 4 hours ago3 views

CVE-2026-61864 ImageMagick before 7.1.2-26 Memory Leak in Log Colorspace

ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in color transformation to the log colorspace: when the operation fails, a small amount of memory is not released...

2.9CVSS6.1AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 4 hours ago2 views

CVE-2026-61862 ImageMagick before 7.1.2-26 Information Disclosure via identify

ImageMagick before 7.1.2-26 and 6.9.13-51 contains an information disclosure vulnerability: when a profile is displayed with the identify command and the profile value is not printable, a single byte at the end of the profile can be printed read past the profile boundary. This behavior occurs whe...

2.9CVSS
Exploits0References2
Vulnrichment
Vulnrichment
added 4 hours ago3 views

CVE-2026-61860 ImageMagick before 7.1.2-26 Use-After-Free via freetype

ImageMagick before 7.1.2-26 and 6.9.13-51 contains a use-after-free vulnerability that occurs when freetype initialization fails: the method does not exit and continues to use memory that was already freed. This can be triggered during image processing and may lead to a denial of service...

6.3CVSS6.1AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 4 hours ago1 views

CVE-2026-61464 ImageMagick before 7.1.2-26 Heap Buffer Over-Write via X11

ImageMagick before 7.1.2-26 and 6.9.13-51 contains a heap-based buffer over-write vulnerability that occurs when running an X11 import with a crafted window title, which can result in heap memory corruption and denial of service...

1.8CVSS
Exploits0References2
Vulnrichment
Vulnrichment
added 4 hours ago3 views

CVE-2026-61457 Grav before 1.0.3 Remote Code Execution via File Upload Extension Bypass

The Grav API plugin getgrav/grav-plugin-api before 1.0.3 contains a file upload extension bypass in the API media controller. HandlesMediaUploads::validateFileExtension inspects only the final file extension via pathinfo$filename, PATHINFOEXTENSION, so a user with api.media.write permission can...

8.8CVSS6.3AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 4 hours ago3 views

CVE-2026-61452 Grav before 2.0.4 Improper Session Invalidation JWT Access Tokens

The Grav API plugin getgrav/grav-plugin-api before 2.0.4 contains an improper session invalidation vulnerability where JWT access tokens are issued without a jti JWT ID claim and therefore cannot be revoked server-side. Unlike refresh tokens, access tokens remain valid for their full lifetime...

6.9CVSS
Exploits0References2
Vulnrichment
Vulnrichment
added 4 hours ago3 views

CVE-2026-61451 Grav before 1.0.4 Password Reset Token Poisoning via admin_base_url

The Grav API plugin grav-plugin-api before 1.0.4 does not validate the origin of the client-supplied adminbaseurl field in the POST /api/v1/auth/forgot-password endpoint. The sanitizeHttpUrl function only checks that the URL scheme is http/https and never verifies the host against the server's ow...

9.6CVSS6.2AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 4 hours ago1 views

CVE-2026-61446 PraisonAI before 1.6.78 Remote Code Execution via Plugin Auto-Discovery

PraisonAI praisonaiagents before 1.6.78 contains a remote code execution vulnerability in the plugin manager, which loads and executes arbitrary Python .py files from project-level and user-home .praisonai/plugins/ directories using importlib specfromfilelocation and execmodule without code...

8.6CVSS
Exploits0References2
Vulnrichment
Vulnrichment
added 4 hours ago3 views

CVE-2026-61443 PraisonAI before 1.6.78 Remote Code Execution via SkillTools

PraisonAI before 1.6.78 contains a remote code execution vulnerability in SkillTools.runskillscript that executes scripts without path containment validation. Attackers can supply absolute file paths to execute arbitrary scripts from any filesystem location, including those outside the intended...

8.6CVSS6.6AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 4 hours ago2 views

CVE-2026-61438 PraisonAI before 4.6.78 Remote Code Execution via Broken AST Sandbox

PraisonAI before 4.6.78 contains a remote code execution vulnerability in JobWorkflowExecutor.execinlinepython due to insufficient AST validation of workflow script steps. Attackers can create malicious YAML workflow files with import os statements followed by os.system calls that bypass sandbox...

7.3CVSS
Exploits0References2
Vulnrichment
Vulnrichment
added 4 hours ago3 views

CVE-2026-61436 PraisonAI before 4.6.78 Missing Webhook Signature Verification

PraisonAI before 4.6.78 fails to verify Svix webhook signatures in AgentMail webhook mode, allowing unauthenticated attackers to forge message.received events. Attackers can send crafted JSON payloads to the webhook endpoint to invoke configured agents with arbitrary sender addresses and message...

8.8CVSS6.2AI score
Exploits0References4
Vulnrichment
Vulnrichment
added 4 hours ago3 views

CVE-2026-61430 PraisonAI before 1.6.78 DNS Rebinding SSRF via web_crawl

PraisonAI before 1.6.78 contains a server-side request forgery vulnerability in the webcrawl tool that validates hostnames at check time but re-resolves them at connection time without IP pinning. Attackers can use DNS rebinding to bypass SSRF protection and retrieve internal HTTP response bodies...

8.5CVSS6.1AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 4 hours ago2 views

CVE-2026-61433 PraisonAI before 4.6.78 Code Injection via API deployment generator

PraisonAI before 4.6.78 fails to safely encode deployment configuration values when generating Python source code for API servers. Attackers can inject arbitrary Python expressions through the deploy.api.host and agentsfile configuration parameters that execute when the generated server starts or...

8.5CVSS
Exploits0References3
Vulnrichment
Vulnrichment
added 4 hours ago3 views

CVE-2026-60085 PraisonAI before 4.6.78 Unenforced Security Policy in Subprocess Sandbox

PraisonAI before 4.6.78 contains an unenforced security policy vulnerability in the default Subprocess Sandbox backend where blockedcommands, blockedpaths, blockedimports, allowsubprocess, and allowfilewrite restrictions are completely ignored. Attackers can execute arbitrary subprocess commands,...

8.7CVSS6.3AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 4 hours ago3 views

CVE-2026-60087 PraisonAI before 1.6.78 Tool Approval Cache Bypass

PraisonAI before 1.6.78 caches tool approval decisions by tool name only, allowing attackers to reuse initial approvals for subsequent calls with arbitrary arguments. Attackers can exploit this by obtaining approval for a benign operation and then executing dangerous file write operations with...

6.9CVSS
Exploits0References2
Vulnrichment
Vulnrichment
added 4 hours ago3 views

CVE-2026-58655 Grav Flex Objects - Server-Side Template Injection via Dynamic Titles

The bundled Grav Flex Objects plugin getgrav/grav-plugin-flex-objects before 1.4.0 contains a stored server-side template injection vulnerability. When rendering dynamic collection or object titles, the plugin passes user-controlled frontmatter values page.header.flex.collection.title or...

8.8CVSS6.3AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 4 hours ago3 views

CVE-2026-59254 n8n - External Secrets Disclosure via Workflow Node Expressions

n8n before 2.28.1 contains an information disclosure vulnerability where external secrets are incorrectly resolved in workflow node expressions outside credentials scope. Authenticated project editors can read plaintext external secret values by referencing them in node expressions without...

6.3CVSS
Exploits0References2
Vulnrichment
Vulnrichment
added 4 hours ago2 views

CVE-2026-56699 Wazuh Manager - NDJSON Injection in inventory_sync via Agent-Controlled DataValue.index

Wazuh Manager before 5.0.0-beta3 fails to escape the DataValue.index field when constructing OpenSearch bulk requests, allowing enrolled agents to inject arbitrary NDJSON operations. Attackers can smuggle delete, index, or update operations into bulk requests executed under the manager's admin...

10CVSS6.2AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 4 hours ago3 views

CVE-2026-56764 Hono - Timing Attack in basicAuth and bearerAuth Middleware

Hono before 4.11.10 contains a timing attack vulnerability in the basicAuth and bearerAuth middlewares due to non-constant-time string comparison in the timingSafeEqual function. Attackers can exploit early termination of string equality checks to infer valid credentials through precise timing...

6.3CVSS
Exploits0References2
Vulnrichment
Vulnrichment
added 4 hours ago3 views

CVE-2026-56375 ImageMagick - Memory Leak in ASHLAR Coder Action Failure

ImageMagick through 7.1.2-18 contains a memory leak vulnerability in the ASHLAR coder when an action fails. Attackers can trigger failed actions to exhaust memory resources and cause denial of service...

4.8CVSS6.1AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 4 hours ago3 views

CVE-2026-56398 Open WebUI - Stored Cross-Site Scripting via OAuth Picture Claim SVG Data URI

Open WebUI before 0.9.5 contains a stored cross-site scripting vulnerability in the OAuth authentication flow where the picture claim URL MIME type is inferred from file extension rather than Content-Type header, allowing SVG files to bypass the profile image validator and be stored as data URIs...

8.5CVSS
Exploits0References2
Vulnrichment
Vulnrichment
added 4 hours ago2 views

CVE-2026-56352 n8n - Arbitrary File Read and Execution via ExecuteWorkflow localFile Parameter

n8n before 2.19.3 contains a file path restriction bypass in the legacy ExecuteWorkflow node's localFile source option, which reads workflow files from disk without the file-access checks enforced by other file-reading nodes. Although hidden from the UI since v1.2, it remains reachable via the RE...

6.4CVSS
Exploits0References2
Vulnrichment
Vulnrichment
added 4 hours ago3 views

CVE-2026-56349 n8n - Guardrail Node Bypass via Crafted Input

n8n before version 2.10.0 contains an input validation vulnerability in the Guardrail node that allows attackers to bypass default guardrail instructions. End users can craft malicious inputs to circumvent guardrail protections and compromise workflow integrity...

6.3CVSS6.1AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 4 hours ago3 views

CVE-2026-59236 Authorization bypass in Prospero Flow CRM Excel import allows cross-tenant record injection

Authorization Bypass Through User-Controlled Key CWE-639 in the Excel import handlers CustomerImport, LeadImport, ProductImport in Roskus Prospero Flow CRM before 5.14.0 allows a remote, authenticated user of any role or company to create customer, lead, and product records inside another company...

6.9CVSS6.1AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 4 hours ago3 views

CVE-2026-59235 Missing authorization in Prospero Flow CRM allows low-privileged users to read all bank accounts

Missing Authorization CWE-862 in BankAccountListController app/Http/Controllers/Api/BankAccount/BankAccountListController.php, exposed at GET /api/bank-account, in Prospero Flow CRM companyid-get, performing only company scoping and no role or permission check before returning the data. This...

8.7CVSS6.2AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 6 hours ago2 views

CVE-2026-57821 Apache Fineract: Office list: SQL Injection via Subquery in orderBy

A SQL Injection vulnerability exists in Apache Fineract's Office Search API GET /api/v1/offices in versions up to and including 1.14.0. The orderBy request parameter is concatenated into a SQL query without sufficient validation, allowing an authenticated user with permission to view offices to...

6.1AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 6 hours ago1 views

CVE-2026-35152 Apache Fineract: SQL injection in runreports endpoint

A SQL Injection vulnerability exists in Apache Fineract's Report Execution API runreports endpoint in versions up to and including 1.14.0. Report parameter values are incorporated into the generated SQL query without sufficient validation, allowing an authenticated user with permission to run...

Exploits0References3
Vulnrichment
Vulnrichment
added 6 hours ago3 views

CVE-2026-58077 Joomla Extension - weeblr.com - Unauthenticated stored XSS in 4Analytics < 5.0.2

The Joomla extension 4Analytics is vulnerable to an unauthenticated stored XSS. A specially crafted unauthenticated request may result in website takeover under some circumstances...

8.7CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 6 hours ago3 views

CVE-2026-57833 Joomla Extension - weeblr.com - Unauthenticated stored XSS in 4Analytics < 5.0.2

The Joomla extension 4Analytics is vulnerable to an unauthenticated stored XSS in relation to the AI analysis feature...

8.6CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 7 hours ago1 views

CVE-2026-57832 Joomla Extension - joomdonation.com - Unauthenticated blind SQL injection in EDocman < 3.9

The Joomla extension EDocman is vulnerable to an unauthenticated SQL injection...

8.7CVSS
Exploits0References1
Vulnrichment
Vulnrichment
added 7 hours ago3 views

CVE-2026-57831 Joomla Extension - digital-peak.com - Unauthenticated blind SQL injection in DP Calendar 8.18.0 - 10.11.2

The Joomla extension DP Calendar is vulnerable to an unauthenticated SQL injection...

8.7CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 7 hours ago3 views

CVE-2026-15804 MetaGuru|HCM - SQL Injection

The HCM developed by MetaGuru has a SQL Injection vulnerability. Authenticated remote attackers can inject SQL commands via specific parameters, thereby compromising the confidentiality, integrity, and availability of database data...

8.8CVSS6.2AI score
Exploits0References2
Total number of security vulnerabilities163182