Lucene search
K
VulnrichmentRecent

161701 matches found

Vulnrichment
Vulnrichment
added 2026/06/18 6:0 p.m.11 views

CVE-2026-55392 NILFS utilities - Undefined Behavior and Out-of-Memory via Unvalidated s_log_block_size

NILFS utilities through 2.3.0, fixed in commit 26efb5d, nilfssbisvalid function fails to validate slogblocksize field in NILFS2 superblock before bit-shift operations. Attackers supplying crafted NILFS2 images trigger undefined behavior through oversized shifts or out-of-memory conditions, crashi...

6.7CVSS5.3AI score0.00105EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/18 5:53 p.m.11 views

CVE-2026-9692 Mojolicious::Sessions::Storable versions through 0.05 for Perl generate session ids insecurely

Mojolicious::Sessions::Storable versions through 0.05 for Perl generate session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, the heap address of an anonymous hash, and the PID. These are predictable or low-entropy...

5.3AI score0.00274EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/18 5:33 p.m.9 views

CVE-2026-54390 JTL Shop < 5.7.2 Server-Side Template Injection via Smarty Renderer

JTL Shop versions 5.2.0 through 5.7.1 contains a server-side template injection vulnerability that allows unauthenticated attackers to inject malicious template syntax due to unsanitized user-supplied input passed to the Smarty template engine. Attackers can exploit this flaw to read sensitive...

9.8CVSS6.2AI score0.00333EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/06/18 5:30 p.m.9 views

CVE-2026-48985 pam_usb: NULL Dereference Crash in pusb_is_loginctl_local when loginctl Returns Empty Remote Field

pamusb provides hardware authentication for Linux using ordinary removable media. In versions 0.9.1 and below, pusbisloginctllocal can cause a NULL dereference crash when parsing loginctl output. The function calls popen and reads the result; if the Remote field is only a newline, fgets succeeds...

5.5CVSS5.3AI score0.00113EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/18 5:20 p.m.7 views

CVE-2026-48986 pam_usb: Infinite loop DoS in process-tree walk when parent process exits during authentication

pamusb provides hardware authentication for Linux using removable media. In pamusb 0.9.1 and earlier, usbgetprocessparentid can cause an infinite loop DoS because it does not initialize ppid on failure. In pusblocallogin, the same variable is reused as input and output in a process-tree while loo...

4.7CVSS5.7AI score0.00104EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/18 5:6 p.m.9 views

CVE-2026-48984 pam_usb: xfree() does not call explicit_bzero — sensitive cryptographic material may linger in freed heap

pamusb provides hardware authentication for Linux using ordinary removable media. In versions 0.9.1 and below, the xfree memory release helper in calls free without first zeroing the buffer contents, releasing heap-allocated buffers containing sensitive data — including one-time pad bytes read fr...

4.7CVSS5.5AI score0.00109EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/18 4:25 p.m.8 views

CVE-2025-53114 CometD has acknowledgement extension out of memory

CometD is a scalable comet implementation for web messaging. In versions 5.0.0 through 5.0.22, 6.0.0 through 6.0.18, 7.0.0 through 7.0.18, and 8.0.0 through 8.0.8, bad clients that always send a fixed batch value when the server is using the acknowledgement extension may cause the unacknowledged...

7.5CVSS5.2AI score0.00384EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/18 4:22 p.m.9 views

CVE-2026-11982 Stored XSS via missing XSS safety check in Admin2 Pages API partial validation

Grav 2.0.0-rc.9 with Admin2 2.0.0-rc.14 contains a stored cross-site scripting XSS vulnerability in the Admin2 Pages API save flow...

5.1CVSS4.8AI score0.00299EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/18 4:21 p.m.12 views

CVE-2026-55237 AutoGPT SignUp Page has DOM-Based XSS and Open Redirect

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions prior to 0.6.62 have a DOM-based Cross-Site Scripting XSS vulnerability in AutoGPT's signup page. The application improperly trusts a URL parameter next, which is...

8.8CVSS5.5AI score0.00189EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/18 4:21 p.m.11 views

CVE-2026-48617

A flaw in Node.js Permission Model enforcement allows Bypass via process.report.writeReport Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported release lines: Node.js 22,...

1.8CVSS4.7AI score0.00208EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/18 4:20 p.m.8 views

CVE-2025-32437 AutoGPT has a DoS vulnerability in MediaDurationBlock

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, MediaDurationBlock will download and store the video in a temporary directory without deleting before all noded are done. StepThroughItemsBlock can be used t...

8.7CVSS5.3AI score0.00276EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/18 4:18 p.m.4 views

CVE-2025-32436 AutoGPT has a DoS vulnerability in AddAudioToVideoBlock

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, AddAudioToVideoBlock will download and store the video and audio in a temporary directory without deleting before all noded are done. StepThroughItemsBlock c...

7.1CVSS5.8AI score0.00247EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/18 4:14 p.m.8 views

CVE-2025-32424 AutoGPT has a DoS vulnerability in ScreenshotWebPageBlock

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, ScreenshotWebPageBlock will store the captured screenshots in a temporary directory. StepThroughItemsBlock can be used to iterate ScreenshotWebPageBlock...

8.7CVSS5.3AI score0.00276EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/18 4:13 p.m.3 views

CVE-2026-54106 U.S. GAO EPDS and CBCA EDS network access control bypass

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS do not validate X-Forwarded-For HTTP headers, allowing a remote attacker with compromised administrator credentials to bypass network...

5.1CVSS5.9AI score0.00289EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/18 4:13 p.m.3 views

CVE-2026-54105 U.S. GAO EPDS and CBCA EDS user information disclosure

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS expose sensitive account information through the 'update-profile/' API endpoint. A remote, unauthenticated attacker can submit a reque...

6.9CVSS6AI score0.003EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/18 4:12 p.m.5 views

CVE-2026-54104 U.S. GAO EPDS and CBCA EDS client-based privilege escalation

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS trusts client-provided values for the 'epdsroleid' parameter without verification, allowing a remote, authenticated attacker to escala...

8.8CVSS5.9AI score0.004EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/18 4:12 p.m.8 views

CVE-2025-32422 AutoGPT has a DoS vulnerability in FileStoreBlock with StepThroughItemsBlock

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, StepThroughItemsBlock can iterate all the contents in a list and send them to FileStoreBlock for downloading one by one. Although FileStoreBlock has access...

8.7CVSS5.3AI score0.00276EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/18 4:12 p.m.5 views

CVE-2026-54103 U.S. GAO EPDS and CBCA EDS unauthenticated password change

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS does not authenticate password change requests to the '/update-profile/N' API endpoint. A remote, unauthenticated attacker could chang...

9.8CVSS6AI score0.00427EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/18 4:12 p.m.4 views

CVE-2026-56020 Webmin HTTP header authentication bypass

The Webmin HTTP server miniserv.pl allows unauthenticated attackers to impersonate any user with a configured SSL client certificate by sending a forged HTTP header. A remote attacker can spoof certificate DNs and authenticate as any user. Fixed in 2.641...

9.2CVSS6AI score0.00285EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/18 4:11 p.m.3 views

CVE-2026-56021 Webmin information disclosure via regex pattern

Webmin allows unauthenticated attackers to read the contents of any file ending in .conf within module directories, due to a bypassable regex pattern...

6.9CVSS5.9AI score0.0028EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/18 4:11 p.m.3 views

CVE-2026-56022 Webmin MFA bypass

Webmin accepts basic authentication without session cookies when an attacker provides the 'User-Agent: webmin' header, allowing bypass of additional MFA requirements. Fixed in 2.641...

6.9CVSS5.9AI score0.00308EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/18 4:8 p.m.8 views

CVE-2025-32392 AutoGPT has a DoS vulnerability in LoopVideoBlock

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, AutoGPT's LoopVideoBLock allows users to input a video file and process the video, such as looping it 5 times or extending the time, and finally writing it t...

8.7CVSS5.3AI score0.00343EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/18 4:5 p.m.10 views

CVE-2026-55204 HAProxy - NULL Pointer Dereference in hpack_dht_insert Function

HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpackdhtinsert within src/hpack-tbl.c that fails to validate the return value of hpackdhtdefrag when the memory pool is exhausted. An attacker can trigger HPACK dynamic table insertions under memo...

8.7CVSS5.3AI score0.00431EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/18 4:5 p.m.3 views

CVE-2026-55203 HAProxy - Integer Overflow in FCGI Demux Record Length Field

HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgiconn structure's drl field that allows buffer misparse as new FCGI record headers. When contentLength is 65535 and paddingLength is 1 or more, the drl field wraps to 0, causing incorrect record...

9CVSS6.1AI score0.00321EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/18 3:49 p.m.10 views

CVE-2026-55205 Hermes WebUI < 0.51.468 - Resource Exhaustion via Unauthenticated OAuth Flow Endpoint

Hermes WebUI before 0.51.468 contains a resource exhaustion vulnerability in the unauthenticated POST /api/onboarding/oauth/start endpoint that allows unbounded accumulation of in-memory flow state and daemon threads. Attackers can send repeated or concurrent requests to exhaust server memory and...

6.9CVSS5.3AI score0.00301EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/18 3:27 p.m.10 views

CVE-2026-56024 WordPress WP EasyPay plugin <= 4.5.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Saad Iqbal WP EasyPay allows Cross Site Request Forgery. This issue affects WP EasyPay: from n/a through 4.5.0...

6.5CVSS5.8AI score0.00124EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/18 2:44 p.m.11 views

CVE-2026-11791 389-ds-base: 389-ds-base: use-after-free in schema reload via attr_syntax_swap_ht()

A flaw was found in 389 Directory Server. During schema reload, the attrsyntaxswapht function unconditionally frees attribute syntax information nodes, bypassing the refcount-based deferred deletion used elsewhere in the attribute syntax subsystem. If an administrator triggers schema reload while...

5CVSS5.2AI score0.00212EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/18 2:35 p.m.10 views

CVE-2026-44691

In Eclipse Theia versions prior to 1.69.0, custom task definitions in workspace files e.g. .theia/tasks.json, .vscode/tasks.json could be executed without requiring workspace trust. An attacker could craft a malicious repository that, when cloned and opened in Theia, leads to execution of arbitra...

8.4CVSS5.8AI score0.00231EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/18 2:32 p.m.12 views

CVE-2026-22551

In Eclipse Theia versions prior to 1.71.0, the AI chat rendered Markdown image tags from AI responses, triggering HTTP requests to arbitrary external URLs without restriction. Combined with prompt injection in a malicious workspace, an attacker could induce the AI agent to construct image URLs...

6.7CVSS5.5AI score0.00181EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/18 2:31 p.m.8 views

CVE-2025-58175 GeoServer has a Server-Side Request Forgery (SSRF) Vulnerability in its XML Entity Resolution

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26.4 and 2.27.3, a GeoServer that uses ENTITYRESOLUTIONALLOWLIST may allow attacker to perform unauthenticated Server-Side Request Forgery SSRF. This vulnerability requires that GeoServer i...

6.5CVSS5.3AI score0.00287EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/18 2:28 p.m.8 views

CVE-2025-52465 GeoServer has an arbitrary file write vulnerability in its Master Password Dump Page

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26.4 and 2.27.3, a vulnerability exists that allows an authenticated administrator with access to GeoServer's security system to pass arbitrary file names to the Master Password Dump web pa...

7.2CVSS5.4AI score0.00353EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/18 2:26 p.m.11 views

CVE-2026-46580

In Eclipse Theia versions prior to 1.71.0, files matching the pattern .prompts/.prompttemplate in a workspace were automatically loaded and could override or extend the AI agent's system prompts. An attacker could craft a malicious repository containing prompt template files that, when the...

8.4CVSS5.6AI score0.00272EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/18 2:23 p.m.8 views

CVE-2025-27511 GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.27.0 of the GeoServer DB2 DataStore Extension, an administrator can perform a JNDI attack through specially crafted DB2 jdbc url leading to to Remote Code Execution RCE. Version 2.27.0 fixes...

7.2CVSS5.5AI score0.00582EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/18 2:22 p.m.11 views

CVE-2026-44688

In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prompt context without distinguishing them from system instructions. An attacker could craft a malicious repository with adversarial directory or file names that, when analyzed...

8.4CVSS5.7AI score0.00272EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/18 2:13 p.m.10 views

CVE-2026-50141 Woodpecker gRPC agent_id metadata can be spoofed- cross-tenant agent impersonation

Woodpecker is a CI/CD engine. Starting in version 3.0.0 and prior to version 3.14.1, a vulnerability in Woodpecker CI's gRPC layer allowed any authenticated agent to impersonate any other agent on the same server by injecting a forged agentid value into outgoing gRPC metadata. The server correctl...

7.1CVSS5.3AI score0.00246EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/18 2:10 p.m.10 views

CVE-2026-9158

In Eclipse 4diac FORTE versions 3.0.0 to 3.1.0, a specially crafted DELETE connection command to the management interface can lead to a dangling pointer. This allows subsequent commands to access freed memory use-after-free...

7.2CVSS5.3AI score0.00304EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/18 2:2 p.m.10 views

CVE-2026-56012 WordPress Media LIbrary Assistant plugin <= 3.35 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in David Lingren Media LIbrary Assistant allows Blind SQL Injection. This issue affects Media LIbrary Assistant: from n/a through 3.35...

8.5CVSS5.6AI score0.00211EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/18 1:55 p.m.11 views

CVE-2026-12527

A broken authorization boundary in the RTSP media delivery pipeline of Shenzhen Liandian Communication Technology LTD V380 IP Camera firmware AppFHE1V1.0.6.020230803 enables unauthenticated network actors to bypass the device’s credential-enforced live-view workflow and directly retrieve real-tim...

6CVSS5.2AI score0.00154EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/18 1:51 p.m.11 views

CVE-2026-12539 Docker Sandboxes ICMP egress restriction bypass after daemon restart

Docker Sandboxes sbx blocks ICMP egress with an authorizer applied only at network-creation time, and does not re-apply it to networks rebuilt from disk when the Docker daemon restarts, so a restart-surviving sandbox forwards ICMP to arbitrary hosts. A workload inside a sandbox, which the threat...

5.7CVSS5.4AI score0.00097EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/18 1:48 p.m.11 views

CVE-2026-12039 Docker Sandboxes network egress allowlist bypass via unfiltered DNS resolution

Docker Sandboxes sbx enforces an HTTP/S-only egress allowlist but does not apply it to DNS resolution: the per-network embedded DNS server forwards any queried name to the host resolver whenever the network is internet-connected, without consulting the policy. A workload inside a sandbox, which t...

5.7CVSS5.2AI score0.00103EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/18 1:47 p.m.10 views

CVE-2026-42488 x86: mismatched mapcache metadata

Some shadow paging errors paths will switch the page-tables without updating the currently running vCPU reference. This causes a mismatch between the loaded page-tables and the mapcache metadata which can lead to corruption of the mapcache...

5.3AI score0.00353EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/18 1:47 p.m.13 views

CVE-2026-42489 domctl lock open to abuse

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. To create and manage guests, domctl operations are used by the control domain, a possible Xenstore domain, or by a domain controlling a particular guest. Some of these...

5.2AI score0.00078EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/18 1:47 p.m.10 views

CVE-2026-42490 domctl lock open to abuse

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. To create and manage guests, domctl operations are used by the control domain, a possible Xenstore domain, or by a domain controlling a particular guest. Some of these...

5.2AI score0.002EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/18 1:46 p.m.11 views

CVE-2026-42487 x86 HVM I/O port list traversal

HVM guest I/O port accesses are subject to either emulation or at least translation. Translations are managed by the device model via XENDOMCTLioportmapping, and hence the linked list used may changed at any time. Traversal of those lists while handling guest I/O port accesses therefore needs...

5.2AI score0.00095EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/18 12:56 p.m.10 views

CVE-2026-54224 Denial of Service in UBB.threads

UBB.threads is vulnerable to Denial of Service DoS. By sending multiple concurrent requests to view any user profile on instances with many registered users, an authenticated attacker can easily exhaust database resources and completely deny access to the application for other users. Because vend...

7.1CVSS5.3AI score0.00272EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/18 12:56 p.m.13 views

CVE-2026-54223 Remote Code Execution via arbitrary file read and write in UBB.threads

UBB.threads is vulnerable to Path traversal, allowing attackers with privilege to edit templates to read and write any file on the application’s server that application has privileges to, what results in Remote Code Execution. Because vendor contact attempts were unsuccessful, the vulnerability...

8.6CVSS5.5AI score0.00628EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/18 12:56 p.m.10 views

CVE-2026-54222 Blind SQL Injection in UBB.threads

UBB.threads is vulnerable to Blind SQL Injection, allowing attackers with access to the Members in Control Panel to interact with the underlying database. Due to insufficient input sanitization, an attacker can extract sensitive information, such as user credentials, by manipulating SQL queries...

8.6CVSS5.7AI score0.00305EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/18 12:56 p.m.11 views

CVE-2026-54221 Reflected XSS in UBB.threads

UBB.threads is vulnerable to Reflected XSS. The application improperly handles user input in certain requests, enabling attackers to execute arbitrary JavaScript in the context of a victim's browser by tricking them into clicking a crafted link. Because vendor contact attempts were unsuccessful,...

5.1CVSS5.9AI score0.00293EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/18 12:56 p.m.11 views

CVE-2026-54220 Cross-Site Request Forgery in UBB.threads

uBB.threads is vulnerable to a Cross-Site Request Forgery CSRF due to a lack of protective mechanisms. This allows an attacker to trick an authenticated user into executing unintended actions. Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version...

8.6CVSS5.3AI score0.00187EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/18 12:56 p.m.10 views

CVE-2026-54219 Stored XSS in UBB.threads

UBB.threads is vulnerable to Stored XSS via user posts and user profile fields. The application fails to properly sanitize user input, allowing low privileged attackers to inject arbitrary JavaScript that executes in a victim's browser upon viewing. Because vendor contact attempts were...

5.1CVSS5.4AI score0.00293EPSS
Exploits0References2
Total number of security vulnerabilities161701