Lucene search
+L
VulnrichmentRecent

163619 matches found

vulnrichment
vulnrichment
added yesterday5 views

CVE-2026-46515 Frogman: Multiple read-tier tools expose admin-grade data and arbitrary GraphQL execution

Frogman provides headless PBX control through MCP and HTTP API. Prior to 1.6.3, PERMREAD access was sufficient to call fmlistmanagers, fmlistpinsets, fmshowcontext, fmgetmcpconfig, fmbackupstatus, fmwhoscalling, fmrunsavedquery, and fmdiagnosetrunk, exposing AMI manager secrets, outbound dial PIN...

9.3CVSS6.2AI score
Exploits0References6
vulnrichment
vulnrichment
added yesterday5 views

CVE-2026-46514 Frogman: Plaintext passwords and secrets persisted to audit log

Frogman provides headless PBX control through MCP and HTTP API. Prior to 1.6.2, fmresetpassword in Tools/ResetPassword.php:48-53 returned a plaintext password and fmaddextension in Tools/AddExtension.php:172 returned a plaintext secret; Frogman.class.php:2207-2211 used auditOutcome to JSON-encode...

6.5CVSS6.1AI score
Exploits0References4
vulnrichment
vulnrichment
added yesterday4 views

CVE-2026-46353 BigBlueButton API checksum bypass via presentationUploadExternalUrl

BigBlueButton is an open-source virtual classroom. Prior to 3.0.21, bbb-web checksum validation could be bypassed when a presentationUploadExternalUrl parameter was supplied to API request handling in CreateMeeting.java and ValidationService.java, allowing a user to send valid requests to some...

8.1CVSS6.1AI score0.00036EPSS
Exploits0References3
vulnrichment
vulnrichment
added yesterday5 views

CVE-2026-46377 Dasel: Index-out-of-range panic in dasel selector lexer on trailing backslash in quoted string

Dasel is a command-line tool and library for querying, modifying, and transforming data structures. From 3.0.0 until 3.10.1, the escape sequence handler in Tokenizer.parseCurRune in selector/lexer/tokenize.go increments past a trailing backslash in a quoted string such as "\ or '\ and then reads...

6.2CVSS6.1AI score0.00052EPSS
Exploits0References3
vulnrichment
vulnrichment
added yesterday5 views

CVE-2026-15737 Sensitive content disclosure via OpenTelemetry spans in AgentCore Python SDK

AWS Bedrock AgentCore Python SDK is an open-source Python library that provides client tools for building AI agents on the Amazon Bedrock AgentCore platform. Unintended logging of sensitive user content in the OpenTelemetry instrumentation in AWS Bedrock AgentCore Python SDK versions 1.4.8 and...

5.7CVSS6.1AI score
Exploits0References3
vulnrichment
vulnrichment
added yesterday6 views

CVE-2026-46687 Emlog Local File Inclusion (LFI)

Emlog is an open source website building system. In 2.6.13 and earlier, the article publishing interface stores a path-traversal template parameter from apicontroller.php without validation, and logcontroller.php later checks fileexists and calls include View::getView$template, allowing an...

7.7CVSS6.2AI score0.00177EPSS
Exploits0References1
vulnrichment
vulnrichment
added yesterday6 views

CVE-2026-46686 Emlog Reflected Cross-Site Scripting

Emlog is an open source website building system. In 2.6.13 and earlier, the admin backend user search module's keyword parameter from admin/user.php is processed with addslashes but not HTML-escaped before being rendered into the value attribute in admin/views/user.php, allowing reflected...

8.5CVSS6AI score0.0003EPSS
Exploits0References1
vulnrichment
vulnrichment
added yesterday5 views

CVE-2026-10590

A potential missing authentication vulnerability could allow a local privileged attacker to use WMI commands to arbitrarily trigger a System Management Interrupt handler...

6.7CVSS6.1AI score
Exploits0References1
vulnrichment
vulnrichment
added yesterday5 views

CVE-2026-10589

A potential out of bounds write vulnerability could allow a local privileged attacker to execute code in System Management Mode...

6.8CVSS6.2AI score
Exploits0References1
vulnrichment
vulnrichment
added yesterday6 views

CVE-2026-10588

A potential vulnerability could allow a local privileged attacker to disclose the address of protected System Management Mode memory...

6.7CVSS6.1AI score
Exploits0References1
vulnrichment
vulnrichment
added yesterday5 views

CVE-2026-10587

A potential out-of-bounds write vulnerability could allow a local privileged attacker to modify power management settings in System Management Mode...

6.8CVSS6.1AI score
Exploits0References1
vulnrichment
vulnrichment
added yesterday5 views

CVE-2026-14371

The Lenovo XClarity Integrator for Windows Admin Center plugin version 5.1.1 and below running on the WAC Gateway is vulnerable to Powershell Command Injection when establishing remote PowerShell commands...

8.8CVSS6.1AI score
Exploits0References1
vulnrichment
vulnrichment
added yesterday5 views

CVE-2026-13104

A potential vulnerability was reported in Lenovo App Store, distributed exclusively in the Chinese market, that could allow a local authenticated user to execute arbitrary code with elevated privileges...

7.3CVSS6.3AI score
Exploits0References1
vulnrichment
vulnrichment
added yesterday5 views

CVE-2026-13103

A potential path traversal vulnerability was reported in Lenovo App Store, distributed exclusively in the Chinese market, that could allow a local authenticated user to execute arbitrary code...

7.3CVSS6.3AI score
Exploits0References1
vulnrichment
vulnrichment
added yesterday5 views

CVE-2026-9046

A potential insecure permissions vulnerability was reported in Legion Zone and the Lenovo App Store Windows applications, distributed exclusively in the Chinese market, that when installed on a non‑system partition, could allow a local user to execute arbitrary code...

7.3CVSS6.3AI score
Exploits0References1
vulnrichment
vulnrichment
added yesterday5 views

CVE-2026-6511

During an internal security assessment, a potential improper access control vulnerability was discovered in Lenovo Smart Connect for Windows that could allow a local authenticated user to access files owned by a different user on the same system...

6.8CVSS6.1AI score
Exploits0References2
vulnrichment
vulnrichment
added yesterday5 views

CVE-2026-45576 zrok copy writes attacker-controlled WebDAV paths outside the destination root

zrok is software for sharing web services, files, and network resources. From 0.4.23 until 2.0.3, zrok2 copy stores attacker-controlled WebDAV or zrok drive paths such as /../outside.txt in the source inventory and passes them to FilesystemTarget.WriteStream, allowing the sync pipeline to write...

8.3CVSS6.1AI score0.00061EPSS
Exploits0References3
vulnrichment
vulnrichment
added yesterday5 views

CVE-2026-63088 stoatchat < 0.14.0 SSRF via DNS-based IP Blocklist Bypass

stoatchat before 0.14.0 contains a server-side request forgery SSRF vulnerability that allows unauthenticated network-accessible attackers to bypass the DNS-based IP blocklist by exploiting incomplete address validation in the urlisblacklisted function, which inspects only the first resolved...

8.6CVSS6.1AI score
Exploits0References4
vulnrichment
vulnrichment
added yesterday5 views

CVE-2026-45795 Janssen Project: JWE Request Object Signature Verification Bypass in jans-auth-server

The Janssen Project is an open-source identity and access management IAM platform. Prior to 2.0.0, jans-auth-server accepts unsigned JWE request objects because JwtAuthorizationRequest skips inner signature validation when jwe.getSignedJWTPayload returns null, and...

5.3CVSS6.1AI score0.00044EPSS
Exploits0References4
vulnrichment
vulnrichment
added yesterday5 views

CVE-2026-45612 rz-libdemangle: Out of bound read in rust demangler

rz-libdemangle is a Rizin library for demangling symbols. Prior to 6bf56d3, the Rust demangler in src/rust/rustv0.c can perform an out-of-bounds read when the demangler structure is not yet initialized. This issue is fixed in commit 6bf56d3...

5.5CVSS6.1AI score
Exploits0References3
vulnrichment
vulnrichment
added yesterday4 views

CVE-2026-55548 Yamcs: Insecure Direct Object Reference (IDOR) in PacketsApi allows unprivileged users to dump all telemetry packets

Yamcs is a mission control framework. Prior to 5.12.8 and 5.13.2, the PacketsApi.exportPackets endpoint in yamcs-core/src/main/java/org/yamcs/http/api/PacketsApi.java failed to enforce object-level ReadPacket privileges when a request omitted specific packet names: with an empty name list the...

4.3CVSS6.1AI score
Exploits0References5
vulnrichment
vulnrichment
added yesterday5 views

CVE-2026-46621 Yamcs: Authenticated Remote Code Execution (RCE) via Jython Algorithm Code Injection

Yamcs is a mission control framework. Prior to 5.12.7, the Yamcs script evaluation engine for Python algorithms dynamically compiled and evaluated user-controlled algorithm text using Jython through the JSR-223 ScriptEngine API without enforcing a secure sandbox, so an authenticated user with the...

9.1CVSS6.6AI score0.00473EPSS
Exploits0References5
vulnrichment
vulnrichment
added yesterday7 views

CVE-2026-46562 Yamcs: Remote Code Execution via Mission Database algorithm override

Yamcs is a mission control framework. Prior to 5.12.7, the Nashorn ScriptEngine used to evaluate user-supplied JavaScript algorithm text in yamcs-core/src/main/java/org/yamcs/algorithms/ScriptAlgorithmExecutorFactory.java was constructed without a ClassFilter, so a user with the...

9.8CVSS6.3AI score0.00562EPSS
Exploits0References5
vulnrichment
vulnrichment
added yesterday4 views

CVE-2026-44632 Yamcs: Server-Side Code Injection (RCE) via Janino Expression Engine in `JavaExprAlgorithmExecutionFactory`

Yamcs is a mission control framework. Prior to 5.12.7, a server-side code injection vulnerability existed in the Yamcs algorithm evaluation engine org.yamcs.algorithms.JavaExprAlgorithmExecutionFactory, which dynamically compiled and evaluated user-controlled algorithm text through the Janino...

9.1CVSS6.5AI score0.00473EPSS
Exploits0References5
vulnrichment
vulnrichment
added yesterday4 views

CVE-2026-63086 text-generation-inference 3.3.7 SSRF via fetch_image in multimodal chat completions

text-generation-inference through 3.3.7 contains a server-side request forgery SSRF vulnerability in the OpenAI-compatible multimodal chat completions endpoint that allows unauthenticated network attackers to coerce the server into issuing arbitrary HTTP GET requests by supplying a crafted imageu...

8.6CVSS6.2AI score
Exploits0References2
vulnrichment
vulnrichment
added yesterday5 views

CVE-2026-55407 Buffa: Memory Exhaustion Denial of Service in decode_unknown_field via Unbounded Allocation

Buffa is a pure-Rust Protocol Buffers implementation with first-class protobuf editions support. Prior to 0.8.0, the decodeunknownfield function in buffa's protobuf decoder allocated heap memory in proportion to untrusted input unknown fields in the serialized protobuf without enforcing an...

6.3CVSS6.1AI score
Exploits0References4
vulnrichment
vulnrichment
added yesterday5 views

CVE-2026-55406 Buffa: Use-After-Free in OwnedView via Unsound 'static Lifetime Promotion in Deref

Buffa is a pure-Rust Protocol Buffers implementation with first-class protobuf editions support. Prior to 0.7.0, a soundness bug in the OwnedView type allowed safe Rust code to trigger a use-after-free: the OwnedView::decode constructor transmuted a borrowed slice to &'static u8, and the Deref...

5.9CVSS6.2AI score
Exploits0References4
vulnrichment
vulnrichment
added yesterday5 views

CVE-2026-45695 Kopia: Unauthenticated RCE via SSH ProxyCommand Injection when --insecure --without-password is used

Kopia is a cross-platform backup tool for Windows, macOS, and Linux with fast incremental backups, client-side end-to-end encryption, compression, and data deduplication. Prior to 0.23.0, Kopia's HTTP server started with --without-password accepts unauthenticated requests to /api/v1/repo/exists a...

9.8CVSS6.1AI score0.00109EPSS
Exploits0References4
vulnrichment
vulnrichment
added yesterday5 views

CVE-2026-55440 Microsoft UFO: COMMAND_RESULTS handler creates unowned sessions, allowing authenticated session-squatting denial of service

Microsoft UFO open-source framework for intelligent automation across devices and platforms. Prior to 3.0.7, the COMMANDRESULTS handler in ufo/server/ws/handler.py called getorcreatesession in ufo/server/services/sessionmanager.py without ownerclientid, allowing an authenticated client to create ...

6.5CVSS6.1AI score
Exploits0References3
vulnrichment
vulnrichment
added yesterday6 views

CVE-2026-63082 Perfect Support Ticketing System 1.7 Broken Access Control via Agent Assignment

Perfect Support Ticketing & Document Management System through 1.7 contains a broken access control vulnerability that allows authenticated attackers with Agent-level privileges to manipulate the Support Agent assignment field of tickets by bypassing intended authorization checks. Attackers can a...

5.4CVSS6.1AI score
Exploits0References2
vulnrichment
vulnrichment
added yesterday5 views

CVE-2026-12379 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in the Dashboard OAuth/OIDC implementation of Axivion

An Open Redirect vulnerability CWE-601 exists in the OAuth/OIDC authentication implementation of the Axivion Dashboard. The login flow did not properly restrict the post-authentication redirect to the application's own origin, so a user who follows a crafted login link can be sent to an untrusted...

6.8CVSS6AI score
Exploits0References1
vulnrichment
vulnrichment
added yesterday5 views

CVE-2026-54568 Microsoft UFO: Missing Authorization in DEVICE_INFO_REQUEST Allows a DEVICE Client to Read Another Device's system_info

Microsoft UFO open-source framework for intelligent automation across devices and platforms. From 3.0.0 until 3.0.6, a client connected to the UFO WebSocket server as a DEVICE could call DEVICEINFOREQUEST with another device's targetid and receive that device's server-side systeminfo through...

4.3CVSS6.1AI score
Exploits0References3
vulnrichment
vulnrichment
added yesterday5 views

CVE-2026-57206 SimpleChat plugin validation endpoints missing authentication and authorization

SimpleChat is a secure AI conversation application with personal and group workspaces for document-grounded interactions. Prior to 0.241.206, several plugin validation routes in application/singleapp/pluginvalidationendpoint.py, including POST /api/admin/plugins/test-instantiation, GET...

8.6CVSS6.1AI score
Exploits0References3
vulnrichment
vulnrichment
added yesterday4 views

CVE-2026-57205 SimpleChat: Authenticated users can access other users' profile metadata through user IDOR endpoints

SimpleChat is a secure AI conversation application with personal and group workspaces for document-grounded interactions. Prior to 0.241.203, the authenticated GET /api/user/info/ and GET /api/user/profile-image/ endpoints in application/singleapp/routebackendusers.py accepted a caller-supplied...

4.3CVSS6.1AI score
Exploits0References3
vulnrichment
vulnrichment
added yesterday4 views

CVE-2026-54733 moodle-local_o365: Authentication bypass via unverified JWT signature in Teams SSO endpoint

The Microsoft 365 and Microsoft Entra ID Plugins for Moodle provide Office 365 and Azure Active Directory integration for Moodle. Prior to 4.5.6, 5.0.5, and 5.1.1, the Microsoft Office 365 Integration plugin localo365 Teams SSO endpoint ssologin.php base64-decodes a JWT payload and authenticates...

9.3CVSS6.1AI score
Exploits0References7
vulnrichment
vulnrichment
added yesterday5 views

CVE-2026-59867 Kiota: Generation-time SSRF + remote/local file inclusion via unrestricted $ref

Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, Kiota resolved OpenAPI $ref values by fetching remote https URLs and reading local absolute or out-of-tree file paths, allowing kiota generate on an attacker-controlled or attacker-influenced description to perform build-time...

7.1CVSS6.2AI score
Exploits0References4
vulnrichment
vulnrichment
added yesterday6 views

CVE-2026-59864 Kiota: Path/URL injection into generated Copilot plugin manifest via x-ai-* extensions

Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, kiota plugin add and kiota plugin generate with -t APIPlugin emitted attacker-controlled statictemplate.file values from x-ai-adaptive-card and x-ai-capabilities into generated Microsoft 365 Copilot and Teams plugin manifests...

9.3CVSS6.1AI score
Exploits0References4
vulnrichment
vulnrichment
added yesterday5 views

CVE-2026-14890 CVE-2026-14890

SGLang uses an expert-parallel backup subsystem that exposes a ZeroMQ PULL socket on a routable network interface that does not contain authentication or deserialization safeguards, allowing an attacker to provide a malicious pickle file that results in unauthenticated remote code execution when...

6.5AI score
Exploits0References2
vulnrichment
vulnrichment
added yesterday5 views

CVE-2026-59863 Kiota: Workspace-config poisoning: out-of-repo file write + generation-time SSRF

Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.5, Kiota honored a poisoned .kiota/workspace.json workspace configuration without validating per-client or per-plugin outputPath values during kiota client generate and kiota plugin generate, allowing a malicious repository or pu...

7CVSS6.2AI score
Exploits0References4
vulnrichment
vulnrichment
added yesterday5 views

CVE-2026-59862 Kiota: Code Generation Literal Injection in the Python Generator

Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.0, Kiota's Python generator let attacker-controlled enum value descriptions from x-ms-enum.values.description flow through KiotaBuilder.SetEnumOptions into Documentation.DescriptionTemplate and...

7.5CVSS6.2AI score
Exploits0References2
vulnrichment
vulnrichment
added yesterday4 views

CVE-2026-59861 Kiota: Code Generation Literal Injection in Kiota Ruby Generator

Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.0, Kiota's Ruby generator embedded OpenAPI default fields, property names, and other schema-derived strings through CodeMethodWriter.cs and SanitizeForQuotedLiteral in Writers/StringExtensions.cs into Ruby double-quoted literals...

7.5CVSS6.2AI score
Exploits0References4
vulnrichment
vulnrichment
added yesterday5 views

CVE-2026-59237 IDOR in Prospero Flow CRM Order API allows cross-tenant read and modification of orders

Authorization Bypass Through User-Controlled Key CWE-639 in the Order and OrderItem REST API controllers in Roskus Prospero Flow CRM before 5.5.3 allows a remote, authenticated user to read, modify, and delete orders and order items belonging to any other company tenant via a sequential numeric i...

6.9CVSS6.1AI score
Exploits0References3
vulnrichment
vulnrichment
added yesterday5 views

CVE-2026-59860 Kiota: XML Doc-Comment Newline Breakout Code Injection

Kiota is an OpenAPI based HTTP Client code generator. Prior to 1.32.3, Kiota is affected by a code-generation injection vulnerability in the C XML documentation-comment sink the description, externalDocs label, and externalDocs link fields emitted as /// … comments. When text from an OpenAPI...

8.7CVSS6.1AI score
Exploits0References4
vulnrichment
vulnrichment
added yesterday5 views

CVE-2026-14254 Improper Restriction of Excessive Authentication Attempts in Delphix Continuous Data

A race condition in the account lockout mechanism in Delphix Continous Data allowed the lockout threshold to be bypassed through concurrent authentication requests. Parallel login attempts were processed before the failed-login counter and lockout status were updated, defeating brute-force...

8.3CVSS6.1AI score
Exploits0References1
vulnrichment
vulnrichment
added yesterday5 views

CVE-2026-5674 Pipewire: pipewire: sandbox escape and arbitrary code execution via malicious library loading

A flaw was found in PipeWire, a multimedia server. This vulnerability allows an attacker to escape sandboxed applications, such as Flatpak, by exploiting PipeWire's PulseAudio compatibility layer. An attacker with minimal permissions within a sandboxed environment can load a malicious library,...

8.8CVSS6.4AI score
Exploits0References2
vulnrichment
vulnrichment
added yesterday5 views

CVE-2026-56456 HCL DFXAnalytics is affected by an Internal File Path Disclosure vulnerability.

HCL DFXAnalytics is affected by an Internal File Path Disclosure vulnerability. The application dashboard inadvertently leaks sensitive information regarding its internal file structure and directory paths through unhandled error messages, system logs, or debugging output, which could allow a...

5.3CVSS6.1AI score
Exploits0References1
vulnrichment
vulnrichment
added yesterday7 views

CVE-2026-56455 HCL DFXAnalytics is affected by a Buffer Overflow vulnerability that can lead to a Denial of Service (DoS).

HCL DFXAnalytics is affected by a Buffer Overflow vulnerability that can lead to a Denial of Service DoS. The application fails to properly validate input sizes, allowing an attacker to pass an excessive amount of information into a memory container, which can cause the system to crash or become...

5.3CVSS6.1AI score
Exploits0References1
vulnrichment
vulnrichment
added yesterday5 views

CVE-2026-56454 HCL DFXAnalytics is affected by a Deprecated Protocol vulnerability due to the use of TLS 1.0 and TLS 1.1.

HCL DFXAnalytics is affected by a Deprecated Protocol vulnerability due to the use of TLS 1.0 and TLS 1.1. These legacy protocols contain numerous cryptographic design flaws that expose data to interception and decryption. To remediate this risk, the application must disable all support for TLS 1...

5.9CVSS6.1AI score
Exploits0References1
vulnrichment
vulnrichment
added yesterday5 views

CVE-2026-56453 HCL DFXAnalytics is affected by an Account Takeover via Response Manipulation vulnerability.

HCL DFXAnalytics is affected by an Account Takeover via Response Manipulation vulnerability. A remote attacker can intercept and alter the contents of the server's HTTP responses before they reach the client application, allowing them to manipulate the authentication or authorization logic to...

5.5CVSS6.1AI score
Exploits0References1
vulnrichment
vulnrichment
added yesterday5 views

CVE-2026-35145 HCL DFXAnalytics is affected by a Missing HTTP Strict-Transport-Security Header vulnerability.

HCL DFXAnalytics is affected by a Missing HTTP Strict-Transport-Security Header vulnerability. The application fails to implement the HTTP Strict Transport Security HSTS policy within its responses, which could allow a remote attacker to downgrade the communication channel to an unencrypted...

3.1CVSS6.1AI score
Exploits0References1
Total number of security vulnerabilities163619