Lucene search
+L
VulnrichmentRecent

163587 matches found

vulnrichment
vulnrichment
added 1 hour ago2 views

CVE-2026-46687 Emlog Local File Inclusion (LFI)

Emlog is an open source website building system. In 2.6.13 and earlier, the article publishing interface stores a path-traversal template parameter from apicontroller.php without validation, and logcontroller.php later checks fileexists and calls include View::getView$template, allowing an...

7.7CVSS0.00177EPSS
Exploits0References1
vulnrichment
vulnrichment
added 1 hour ago2 views

CVE-2026-46686 Emlog Reflected Cross-Site Scripting

Emlog is an open source website building system. In 2.6.13 and earlier, the admin backend user search module's keyword parameter from admin/user.php is processed with addslashes but not HTML-escaped before being rendered into the value attribute in admin/views/user.php, allowing reflected...

8.5CVSS0.0003EPSS
Exploits0References1
vulnrichment
vulnrichment
added 1 hour ago2 views

CVE-2026-10590

A potential missing authentication vulnerability could allow a local privileged attacker to use WMI commands to arbitrarily trigger a System Management Interrupt handler...

6.7CVSS
Exploits0References1
vulnrichment
vulnrichment
added 1 hour ago2 views

CVE-2026-10589

A potential out of bounds write vulnerability could allow a local privileged attacker to execute code in System Management Mode...

6.8CVSS
Exploits0References1
vulnrichment
vulnrichment
added 1 hour ago2 views

CVE-2026-10588

A potential vulnerability could allow a local privileged attacker to disclose the address of protected System Management Mode memory...

6.7CVSS
Exploits0References1
vulnrichment
vulnrichment
added 1 hour ago2 views

CVE-2026-10587

A potential out-of-bounds write vulnerability could allow a local privileged attacker to modify power management settings in System Management Mode...

6.8CVSS
Exploits0References1
vulnrichment
vulnrichment
added 1 hour ago2 views

CVE-2026-14371

The Lenovo XClarity Integrator for Windows Admin Center plugin version 5.1.1 and below running on the WAC Gateway is vulnerable to Powershell Command Injection when establishing remote PowerShell commands...

8.8CVSS
Exploits0References1
vulnrichment
vulnrichment
added 1 hour ago2 views

CVE-2026-13104

A potential vulnerability was reported in Lenovo App Store, distributed exclusively in the Chinese market, that could allow a local authenticated user to execute arbitrary code with elevated privileges...

7.3CVSS
Exploits0References1
vulnrichment
vulnrichment
added 1 hour ago2 views

CVE-2026-13103

A potential path traversal vulnerability was reported in Lenovo App Store, distributed exclusively in the Chinese market, that could allow a local authenticated user to execute arbitrary code...

7.3CVSS
Exploits0References1
vulnrichment
vulnrichment
added 1 hour ago2 views

CVE-2026-9046

A potential insecure permissions vulnerability was reported in Legion Zone and the Lenovo App Store Windows applications, distributed exclusively in the Chinese market, that when installed on a non‑system partition, could allow a local user to execute arbitrary code...

7.3CVSS
Exploits0References1
vulnrichment
vulnrichment
added 1 hour ago2 views

CVE-2026-6511

During an internal security assessment, a potential improper access control vulnerability was discovered in Lenovo Smart Connect for Windows that could allow a local authenticated user to access files owned by a different user on the same system...

6.8CVSS
Exploits0References2
vulnrichment
vulnrichment
added 1 hour ago2 views

CVE-2026-45576 zrok copy writes attacker-controlled WebDAV paths outside the destination root

zrok is software for sharing web services, files, and network resources. From 0.4.23 until 2.0.3, zrok2 copy stores attacker-controlled WebDAV or zrok drive paths such as /../outside.txt in the source inventory and passes them to FilesystemTarget.WriteStream, allowing the sync pipeline to write...

8.3CVSS0.00061EPSS
Exploits0References3
vulnrichment
vulnrichment
added 1 hour ago2 views

CVE-2026-63088 stoatchat < 0.14.0 SSRF via DNS-based IP Blocklist Bypass

stoatchat before 0.14.0 contains a server-side request forgery SSRF vulnerability that allows unauthenticated network-accessible attackers to bypass the DNS-based IP blocklist by exploiting incomplete address validation in the urlisblacklisted function, which inspects only the first resolved...

8.6CVSS
Exploits0References4
vulnrichment
vulnrichment
added 1 hour ago2 views

CVE-2026-45795 Janssen Project: JWE Request Object Signature Verification Bypass in jans-auth-server

The Janssen Project is an open-source identity and access management IAM platform. Prior to 2.0.0, jans-auth-server accepts unsigned JWE request objects because JwtAuthorizationRequest skips inner signature validation when jwe.getSignedJWTPayload returns null, and...

5.3CVSS0.00044EPSS
Exploits0References4
vulnrichment
vulnrichment
added 1 hour ago2 views

CVE-2026-45612 rz-libdemangle: Out of bound read in rust demangler

rz-libdemangle is a Rizin library for demangling symbols. Prior to 6bf56d3, the Rust demangler in src/rust/rustv0.c can perform an out-of-bounds read when the demangler structure is not yet initialized. This issue is fixed in commit 6bf56d3...

5.5CVSS
Exploits0References3
vulnrichment
vulnrichment
added 2 hours ago2 views

CVE-2026-46621 Yamcs: Authenticated Remote Code Execution (RCE) via Jython Algorithm Code Injection

Yamcs is a mission control framework. Prior to 5.12.7, the Yamcs script evaluation engine for Python algorithms dynamically compiled and evaluated user-controlled algorithm text using Jython through the JSR-223 ScriptEngine API without enforcing a secure sandbox, so an authenticated user with the...

9.1CVSS0.00473EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2 hours ago4 views

CVE-2026-46562 Yamcs: Remote Code Execution via Mission Database algorithm override

Yamcs is a mission control framework. Prior to 5.12.7, the Nashorn ScriptEngine used to evaluate user-supplied JavaScript algorithm text in yamcs-core/src/main/java/org/yamcs/algorithms/ScriptAlgorithmExecutorFactory.java was constructed without a ClassFilter, so a user with the...

9.8CVSS0.00562EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2 hours ago2 views

CVE-2026-44632 Yamcs: Server-Side Code Injection (RCE) via Janino Expression Engine in `JavaExprAlgorithmExecutionFactory`

Yamcs is a mission control framework. Prior to 5.12.7, a server-side code injection vulnerability existed in the Yamcs algorithm evaluation engine org.yamcs.algorithms.JavaExprAlgorithmExecutionFactory, which dynamically compiled and evaluated user-controlled algorithm text through the Janino...

9.1CVSS6.5AI score0.00473EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2 hours ago1 views

CVE-2026-63086 text-generation-inference 3.3.7 SSRF via fetch_image in multimodal chat completions

text-generation-inference through 3.3.7 contains a server-side request forgery SSRF vulnerability in the OpenAI-compatible multimodal chat completions endpoint that allows unauthenticated network attackers to coerce the server into issuing arbitrary HTTP GET requests by supplying a crafted imageu...

8.6CVSS
Exploits0References2
vulnrichment
vulnrichment
added 2 hours ago3 views

CVE-2026-55406 Buffa: Use-After-Free in OwnedView via Unsound 'static Lifetime Promotion in Deref

Buffa is a pure-Rust Protocol Buffers implementation with first-class protobuf editions support. Prior to 0.7.0, a soundness bug in the OwnedView type allowed safe Rust code to trigger a use-after-free: the OwnedView::decode constructor transmuted a borrowed slice to &'static u8, and the Deref...

5.9CVSS6.2AI score
Exploits0References4
vulnrichment
vulnrichment
added 2 hours ago2 views

CVE-2026-45695 Kopia: Unauthenticated RCE via SSH ProxyCommand Injection when --insecure --without-password is used

Kopia is a cross-platform backup tool for Windows, macOS, and Linux with fast incremental backups, client-side end-to-end encryption, compression, and data deduplication. Prior to 0.23.0, Kopia's HTTP server started with --without-password accepts unauthenticated requests to /api/v1/repo/exists a...

9.8CVSS0.00109EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2 hours ago3 views

CVE-2026-55440 Microsoft UFO: COMMAND_RESULTS handler creates unowned sessions, allowing authenticated session-squatting denial of service

Microsoft UFO open-source framework for intelligent automation across devices and platforms. Prior to 3.0.7, the COMMANDRESULTS handler in ufo/server/ws/handler.py called getorcreatesession in ufo/server/services/sessionmanager.py without ownerclientid, allowing an authenticated client to create ...

6.5CVSS6.1AI score
Exploits0References3
vulnrichment
vulnrichment
added 2 hours ago4 views

CVE-2026-63082 Perfect Support Ticketing System 1.7 Broken Access Control via Agent Assignment

Perfect Support Ticketing & Document Management System through 1.7 contains a broken access control vulnerability that allows authenticated attackers with Agent-level privileges to manipulate the Support Agent assignment field of tickets by bypassing intended authorization checks. Attackers can a...

5.4CVSS6.1AI score
Exploits0References2
vulnrichment
vulnrichment
added 2 hours ago3 views

CVE-2026-12379 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in the Dashboard OAuth/OIDC implementation of Axivion

An Open Redirect vulnerability CWE-601 exists in the OAuth/OIDC authentication implementation of the Axivion Dashboard. The login flow did not properly restrict the post-authentication redirect to the application's own origin, so a user who follows a crafted login link can be sent to an untrusted...

6.8CVSS6AI score
Exploits0References1
vulnrichment
vulnrichment
added 2 hours ago2 views

CVE-2026-54568 Microsoft UFO: Missing Authorization in DEVICE_INFO_REQUEST Allows a DEVICE Client to Read Another Device's system_info

Microsoft UFO open-source framework for intelligent automation across devices and platforms. From 3.0.0 until 3.0.6, a client connected to the UFO WebSocket server as a DEVICE could call DEVICEINFOREQUEST with another device's targetid and receive that device's server-side systeminfo through...

4.3CVSS
Exploits0References3
vulnrichment
vulnrichment
added 3 hours ago2 views

CVE-2026-57205 SimpleChat: Authenticated users can access other users' profile metadata through user IDOR endpoints

SimpleChat is a secure AI conversation application with personal and group workspaces for document-grounded interactions. Prior to 0.241.203, the authenticated GET /api/user/info/ and GET /api/user/profile-image/ endpoints in application/singleapp/routebackendusers.py accepted a caller-supplied...

4.3CVSS6.1AI score
Exploits0References3
vulnrichment
vulnrichment
added 3 hours ago2 views

CVE-2026-54733 moodle-local_o365: Authentication bypass via unverified JWT signature in Teams SSO endpoint

The Microsoft 365 and Microsoft Entra ID Plugins for Moodle provide Office 365 and Azure Active Directory integration for Moodle. Prior to 4.5.6, 5.0.5, and 5.1.1, the Microsoft Office 365 Integration plugin localo365 Teams SSO endpoint ssologin.php base64-decodes a JWT payload and authenticates...

9.3CVSS6.1AI score
Exploits0References7
vulnrichment
vulnrichment
added 3 hours ago3 views

CVE-2026-59867 Kiota: Generation-time SSRF + remote/local file inclusion via unrestricted $ref

Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, Kiota resolved OpenAPI $ref values by fetching remote https URLs and reading local absolute or out-of-tree file paths, allowing kiota generate on an attacker-controlled or attacker-influenced description to perform build-time...

7.1CVSS6.2AI score
Exploits0References4
vulnrichment
vulnrichment
added 3 hours ago4 views

CVE-2026-59864 Kiota: Path/URL injection into generated Copilot plugin manifest via x-ai-* extensions

Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, kiota plugin add and kiota plugin generate with -t APIPlugin emitted attacker-controlled statictemplate.file values from x-ai-adaptive-card and x-ai-capabilities into generated Microsoft 365 Copilot and Teams plugin manifests...

9.3CVSS6.1AI score
Exploits0References4
vulnrichment
vulnrichment
added 3 hours ago3 views

CVE-2026-59863 Kiota: Workspace-config poisoning: out-of-repo file write + generation-time SSRF

Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, Kiota honored a poisoned .kiota/workspace.json workspace configuration without validating per-client or per-plugin outputPath values during kiota client generate and kiota plugin generate, allowing a malicious repository or pu...

7CVSS6.2AI score
Exploits0References4
vulnrichment
vulnrichment
added 3 hours ago2 views

CVE-2026-59861 Kiota: Code Generation Literal Injection in Kiota Ruby Generator

Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.0, Kiota's Ruby generator embedded OpenAPI default fields, property names, and other schema-derived strings through CodeMethodWriter.cs and SanitizeForQuotedLiteral in Writers/StringExtensions.cs into Ruby double-quoted literals...

7.5CVSS6.2AI score
Exploits0References4
vulnrichment
vulnrichment
added 3 hours ago3 views

CVE-2026-59237 IDOR in Prospero Flow CRM Order API allows cross-tenant read and modification of orders

Authorization Bypass Through User-Controlled Key CWE-639 in the Order and OrderItem REST API controllers in Roskus Prospero Flow CRM before 5.5.3 allows a remote, authenticated user to read, modify, and delete orders and order items belonging to any other company tenant via a sequential numeric i...

6.9CVSS6.1AI score
Exploits0References3
vulnrichment
vulnrichment
added 3 hours ago3 views

CVE-2026-59860 Kiota: XML Doc-Comment Newline Breakout Code Injection

Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.3, Kiota is affected by a code-generation injection vulnerability in the C XML documentation-comment sink the description, externalDocs label, and externalDocs link fields emitted as /// … comments. When text from an OpenAPI...

8.7CVSS6.1AI score
Exploits0References4
vulnrichment
vulnrichment
added 4 hours ago3 views

CVE-2026-14254 Improper Restriction of Excessive Authentication Attempts in Delphix Continuous Data

A race condition in the account lockout mechanism in Delphix Continous Data allowed the lockout threshold to be bypassed through concurrent authentication requests. Parallel login attempts were processed before the failed-login counter and lockout status were updated, defeating brute-force...

8.3CVSS6.1AI score
Exploits0References1
vulnrichment
vulnrichment
added 5 hours ago3 views

CVE-2026-5674 Pipewire: pipewire: sandbox escape and arbitrary code execution via malicious library loading

A flaw was found in PipeWire, a multimedia server. This vulnerability allows an attacker to escape sandboxed applications, such as Flatpak, by exploiting PipeWire's PulseAudio compatibility layer. An attacker with minimal permissions within a sandboxed environment can load a malicious library,...

8.8CVSS6.4AI score
Exploits0References2
vulnrichment
vulnrichment
added 5 hours ago3 views

CVE-2026-56456 HCL DFXAnalytics is affected by an Internal File Path Disclosure vulnerability.

HCL DFXAnalytics is affected by an Internal File Path Disclosure vulnerability. The application dashboard inadvertently leaks sensitive information regarding its internal file structure and directory paths through unhandled error messages, system logs, or debugging output, which could allow a...

5.3CVSS6.1AI score
Exploits0References1
vulnrichment
vulnrichment
added 5 hours ago5 views

CVE-2026-56455 HCL DFXAnalytics is affected by a Buffer Overflow vulnerability that can lead to a Denial of Service (DoS).

HCL DFXAnalytics is affected by a Buffer Overflow vulnerability that can lead to a Denial of Service DoS. The application fails to properly validate input sizes, allowing an attacker to pass an excessive amount of information into a memory container, which can cause the system to crash or become...

5.3CVSS6.1AI score
Exploits0References1
vulnrichment
vulnrichment
added 5 hours ago3 views

CVE-2026-56454 HCL DFXAnalytics is affected by a Deprecated Protocol vulnerability due to the use of TLS 1.0 and TLS 1.1.

HCL DFXAnalytics is affected by a Deprecated Protocol vulnerability due to the use of TLS 1.0 and TLS 1.1. These legacy protocols contain numerous cryptographic design flaws that expose data to interception and decryption. To remediate this risk, the application must disable all support for TLS 1...

5.9CVSS6.1AI score
Exploits0References1
vulnrichment
vulnrichment
added 5 hours ago3 views

CVE-2026-56453 HCL DFXAnalytics is affected by an Account Takeover via Response Manipulation vulnerability.

HCL DFXAnalytics is affected by an Account Takeover via Response Manipulation vulnerability. A remote attacker can intercept and alter the contents of the server's HTTP responses before they reach the client application, allowing them to manipulate the authentication or authorization logic to...

5.5CVSS6.1AI score
Exploits0References1
vulnrichment
vulnrichment
added 5 hours ago4 views

CVE-2026-35145 HCL DFXAnalytics is affected by a Missing HTTP Strict-Transport-Security Header vulnerability.

HCL DFXAnalytics is affected by a Missing HTTP Strict-Transport-Security Header vulnerability. The application fails to implement the HTTP Strict Transport Security HSTS policy within its responses, which could allow a remote attacker to downgrade the communication channel to an unencrypted...

3.1CVSS6.1AI score
Exploits0References1
vulnrichment
vulnrichment
added 5 hours ago3 views

CVE-2026-35143 HCL DFXAnalytics is affected by a Missing SameSite Attribute vulnerability.

HCL DFXAnalytics is affected by a Missing SameSite Attribute vulnerability. The application fails to set the "SameSite" attribute on session cookies generated during authentication, which could allow a remote attacker to execute Cross-Site Request Forgery CSRF attacks if additional mitigations,...

3CVSS6.2AI score
Exploits0References1
vulnrichment
vulnrichment
added 5 hours ago3 views

CVE-2026-35142 HCL DFXAnalytics is affected by an Internal IP Address Disclosure vulnerability.

HCL DFXAnalytics is affected by an Internal IP Address Disclosure vulnerability. The application includes internal IP address details within its generated server responses, which could allow a remote attacker to gather sensitive network topology information and use it to map the internal...

2.6CVSS6.1AI score
Exploits0References1
vulnrichment
vulnrichment
added 5 hours ago3 views

CVE-2026-35141 HCL DFXAnalytics is affected by a Login Replay Attack vulnerability

HCL DFXAnalytics is affected by a Login Replay Attack vulnerability. The application allows a remote attacker to intercept, delay, or fraudulently retransmit valid authentication data to achieve unauthorized access. To mitigate this risk, the application must implement a mechanism to include...

2.6CVSS6.2AI score
Exploits0References1
vulnrichment
vulnrichment
added 5 hours ago3 views

CVE-2026-35140 HCL DFXAnalytics is affected by a Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability

HCL DFXAnalytics is affected by a Missing Secure Attribute in Encrypted Session SSL Cookie vulnerability. The application fails to set the "secure" attribute on session cookies generated during authentication, which could allow a remote attacker to intercept network traffic and capture sensitive...

3CVSS6.2AI score
Exploits0References1
vulnrichment
vulnrichment
added 6 hours ago3 views

CVE-2026-63306 stoatchat before 0.13.5 Unauthenticated SSRF via proxy and embed endpoints

stoatchat before 0.13.5 contains an unauthenticated server-side request forgery vulnerability in the /proxy and /embed endpoints that accept arbitrary URLs without DNS resolution filtering or private IP range validation. Attackers can enumerate internal services, fingerprint applications, and rea...

9.2CVSS6.2AI score
Exploits0References2
vulnrichment
vulnrichment
added 6 hours ago2 views

CVE-2026-63304 AVideo through 29.0 OS Command Injection via listFFmpegProcesses

AVideo through 29.0 contains an OS command injection vulnerability in plugin/API/standAlone/functions.php where the listFFmpegProcesses function interpolates unsanitized keyword parameters inside single quotes without escaping. Attackers who can craft a valid encrypted codeToExec payload can brea...

9.2CVSS
Exploits0References2
vulnrichment
vulnrichment
added 6 hours ago2 views

CVE-2025-71388 stoatchat 20241213-1 Webhook Token Disclosure via Read Permissions

stoatchat delta/Revolt versions from 20241213-1 before 20250210-1 allow users with only ViewChannel read permission on a channel to fetch that channel's webhooks, including their tokens, because the webhook fetch endpoint checked for ViewChannel instead of ManageWebhooks. Using a retrieved token,...

7.6CVSS6.2AI score
Exploits0References3
vulnrichment
vulnrichment
added 6 hours ago5 views

CVE-2025-71377 stoatchat before 20250210-1 Unrestricted Message History Fetch

stoatchat delta versions before 20250210-1 0.8.2 contain a logic error in the query messages route. When fetching messages 'nearby' another message, the database query can be given a message limit of zero, which the database interprets as 'no limit'. A remote unauthenticated attacker can craft...

8.7CVSS6.1AI score
Exploits0References3
vulnrichment
vulnrichment
added 6 hours ago2 views

CVE-2026-12391 ubuntu-pro-client Local Privilege Escalation and Information Disclosure via Symlink Arbitrary File Read in collect-logs

An insecure symlink following vulnerability exists in Canonical ubuntu-pro-client formerly ubuntu-advantage-tools within the pro collect-logs command framework. The utility creates or utilizes predictable temporary file paths or user-accessible log directories when gathering diagnostic informatio...

5CVSS6.1AI score
Exploits0References1
vulnrichment
vulnrichment
added 6 hours ago4 views

CVE-2026-11386 ubuntu-pro-client Input Validation Vulnerability Leading to Arbitrary APT Directive Injection and Remote Code Execution

An input validation and injection vulnerability exists in Canonical ubuntu-pro-client formerly ubuntu-advantage-tools. The client constructs APT source files such as /etc/apt/sources.list.d/ubuntu-.list or their DEB822 equivalents using data received directly from the contract server response via...

9CVSS6.4AI score
Exploits0References1
Total number of security vulnerabilities163587