Lucene search
K
VulnrichmentRecent

161712 matches found

Vulnrichment
Vulnrichment
added 2026/06/18 4:31 a.m.18 views

CVE-2026-11357 Kadence Blocks <= 3.7.5 - Authenticated (Contributor+) Sensitive Information Exposure via Block Editor proData Localization

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.7.5 via the editorassetsvariables. This makes it possible for authenticated attackers, with contributor-level access and abov...

4.3CVSS5.2AI score0.00243EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/06/18 4:31 a.m.9 views

CVE-2026-11776 Form Maker by 10Web <= 1.15.43 - Authenticated (Adminsitrator+) SQL Injection via 'groupids' Parameter

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to generic SQL Injection via the 'groupids' parameter in all versions up to, and including, 1.15.43 due to insufficient escaping on the user supplied parameter and lack of sufficient...

4.9CVSS5.8AI score0.00355EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/06/18 4:31 a.m.12 views

CVE-2026-10029 Event Koi Lite <= 1.3.13.1 - Missing Authorization to Unauthenticated Sensitive Information Exposure via REST API Endpoints

The Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.13.1 via the getevents. This makes it possible for unauthenticated attackers to extract sensitive data including...

5.3CVSS5.1AI score0.0031EPSS
Exploits0References12
Vulnrichment
Vulnrichment
added 2026/06/18 4:31 a.m.11 views

CVE-2026-11777 Form Maker by 10Web <= 1.15.43 - Authenticated (Administrator+) SQL Injection via 'name' Parameter

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to generic SQL Injection via the 'name' parameter in all versions up to, and including, 1.15.43 due to insufficient escaping on the user supplied parameter and lack of sufficient...

4.9CVSS5.8AI score0.00355EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/06/18 4:31 a.m.10 views

CVE-2026-12120 FireBox Popups <= 3.1.7 - Unauthenticated Sensitive Information Exposure in 'form_id' Parameter

The FireBox Popups – Increase Sales and Grow Your Email List plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.7 via the 'formid' parameter. This makes it possible for unauthenticated attackers to extract download a full CSV export of a...

5.3CVSS5.4AI score0.00331EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/06/18 4:31 a.m.9 views

CVE-2026-9860 Offload, AI & Optimize with Cloudflare Images <= 1.10.2 - Authenticated (Author+) Remote Code Execution via 'api-key' / 'account-id' Parameters in cf_images_do_setup AJAX Action

The Offload, AI & Optimize with Cloudflare Images plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.10.2 via the 'account-id' parameter parameter. This is due to insufficient privilege enforcement on the cfimagesdosetup AJAX handler, which require...

8.8CVSS5.9AI score0.00577EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/18 4:31 a.m.11 views

CVE-2026-9199 Equalize Digital Accessibility Checker <= 1.42.1 - Missing Authorization to Authenticated (Author+) Arbitrary Accessibility Issue Modification via 'largeBatch' Parameter

The Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.42.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This mak...

4.3CVSS5.3AI score0.00245EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/06/18 3:41 a.m.11 views

CVE-2026-12407 E2Pdf <= 1.32.26 - Missing Authorization to Authenticated (Custom+) Arbitrary Option Update / Privilege Escalation via 'screen_action' Parameter

The E2Pdf – Export Pdf Tool for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.32.26. This is due to the screenaction function lacking a dedicated capability check and nonce verification — when invoked via the ?action=screen routing path...

8.8CVSS5.3AI score0.00387EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/06/18 3:41 a.m.12 views

CVE-2026-10023 Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 5.0.3 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Order Modification via Multiple AJAX Handlers

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.3 via the changeorderstatus, addordernote, deleteordernote,...

4.3CVSS5.6AI score0.0025EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/06/18 3:34 a.m.12 views

CVE-2026-12505 Cifs-utils: local privilege escalation via forged cifs.spnego key description in cifs.upcall

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS5.8AI score0.0012EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/18 12:11 a.m.14 views

CVE-2026-12569 Remote Code Execution (RCE) vulnerability in Windchill PDMlink

A critical remote code execution RCE vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data. This advisory also applies to all CPS versions The identified vulnerability also impacts Windchill and...

9.3CVSS6.3AI score0.01247EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/18 12:0 a.m.10 views

CVE-2026-38717

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a command injection vulnerability in the file upload function. The vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input...

5.8AI score0.01316EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/18 12:0 a.m.10 views

CVE-2026-38714

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a command injection vulnerability in the Python configuration function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input...

5.9AI score0.01316EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/18 12:0 a.m.9 views

CVE-2026-38715

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a command injection vulnerability in the log viewing function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input...

5.9AI score0.01316EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/18 12:0 a.m.9 views

CVE-2026-38716

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a command injection vulnerability in the Python application export function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input...

5.9AI score0.01316EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/18 12:0 a.m.10 views

CVE-2026-38718

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a buffer overflow vulnerability in the device registration function. This vulnerability could allow an attacker to cause a denial of service attack on the remote target device...

5.7AI score0.00329EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 11:29 p.m.11 views

CVE-2026-48764 TypeBot has SSRF in HTTP request and script fetch flows via DNS rebinding bypass

TypeBot is a chatbot builder tool. In versions prior to 3.17.2, SSRF validation is implemented by resolving a hostname once and checking whether the resolved IP belongs to a forbidden range allowing for DNS rebinding bypass. The root cause is a time-of-check to time-of-use gap in the SSRF guard...

8.2CVSS5.3AI score0.00271EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/17 11:13 p.m.9 views

CVE-2026-48768 TypeBot: Unauthenticated arbitrary s3 object write in generate-upload-url via unsanitized fileName

TypeBot is a chatbot builder tool. In versions 3.16.1 and earlier, POST /api/blocks/file-input/v3/generate-upload-url is unauthenticated and uses unsanitized fileName input to construct public/ S3 object keys, while issuing presigned PUT URLs that do not bind Content-Type. As a result, any...

9.3CVSS5.3AI score0.00268EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/17 10:53 p.m.12 views

CVE-2026-53676

ThingsBoard contains a prototype pollution vulnerability which may lead to arbitrary code execution within a sandboxed context by a user who can log in to the affected product with the tenant administrator privilege TENANTADMIN...

8.6CVSS7.8AI score0.00603EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/17 10:32 p.m.9 views

CVE-2026-45357 LiquidJS: Memory and render limit bypass via unbounded width padding in `date` filter (strftime)

LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, the date filter's strftime implementation parses width specifiers like %9999999d and forwards the captured width unchecked into pad/padStart, leading to memory and render limit...

7.5CVSS5.1AI score0.00385EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/17 10:25 p.m.10 views

CVE-2026-44646 LiquidJS: `{% render %}` tag silently bypasses per-render `ownPropertyOnly:true` via `Context.spawn()`

LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, Context.spawn creates a child Context for the % render % tag but does not propagate the parent context's resolved ownPropertyOnly value, resulting in a silent bypass. The new...

5.3CVSS5.2AI score0.00271EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/17 10:17 p.m.10 views

CVE-2026-54533 vantage6 node has an Improper Access Control issue

vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, malicious algorithms can potentially access other algorithms input and output files. Version 5.0.0 fixes the issue. As a workaround, verify and restrict the algorithm containers that are allowed to...

6.9CVSS5.2AI score0.00285EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/17 10:14 p.m.9 views

CVE-2026-54445 Vantage6: Set admin user and password from environment or configuration

vantage6 is an open-source infrastructure for privacy preserving analysis. Versions prior to 5.0.0 provide an initial user with username root and password root. This is not ideal because attackers know that almost all vantage6 servers have a user with username root that probably has admin rights,...

6.9CVSS5.2AI score0.00292EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/17 10:14 p.m.14 views

CVE-2026-45617 LiquidJS: ReDoS via Quadratic Backtracking in `strip_html` Filter Regex

LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, the built-in striphtml filter uses a regex containing four flawed lazy-quantified alternatives, leading to ReDoS via quadratic backtracking. When the input contains many script...

7.5CVSS5.2AI score0.00385EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/17 10:12 p.m.9 views

CVE-2024-27928 Vantage6: 2FA can be circumvented with hacked email access

vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, if an attacker hacks into a vantage6 user's email account, they can 1 reset the password via email and then 2 reset the 2FA token via email. This way they reduce 2FA to 1FA email access. Note that...

5.9CVSS5.2AI score0.00278EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/17 10:8 p.m.9 views

CVE-2026-44645 LiquidJS has a renderLimit DoS guard bypass via empty `{% for %}` body

LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, the renderLimit option can be fully bypassed by a % for % or % tablerow % tag whose body is empty. The renderLimit option is documented in docs/source/tutorials/dos.md as the...

6.5CVSS5.1AI score0.00317EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/17 10:7 p.m.10 views

CVE-2024-24769 Vantage6: No limit on emails sent for password/MFA reset

vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, users can reset their MFA token via API routes that send them an email. Currently the number of emails that is sent is not limited. This gives attackers the option to flood someones mailbox with a l...

2.1CVSS5.3AI score0.00278EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/17 10:1 p.m.11 views

CVE-2026-50268 Steeltoe: OAEP setting silently selects PKCS#1 v1.5 padding

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Configuration.Encryption 4.0.0 through 4.1.0, configuring encrypt:rsa:algorithm=OAEP does not enable OAEP encryption. Due to an incorrect BouncyCastle...

1.9CVSS5.2AI score0.00046EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/17 9:57 p.m.11 views

CVE-2026-50267 Steeltoe: TLS private keys written to /tmp with default permissions, never deleted

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Configuration.Abstractions 4.0.0 through 4.1.0, when MySQL or PostgreSQL service bindings from VCAPSERVICES include TLS client credentials, the Connectors libra...

4.7CVSS5.2AI score0.00065EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/17 9:56 p.m.11 views

CVE-2026-48759 TypeBot: Cross-Workspace Theme Template IDOR (Modification and Deletion)

TypeBot is a chatbot builder tool. Versions 3.15.2 and below have an Insecure Direct Object Reference vulnerability through cross-workspace Theme Template modification and deletion. The handleSaveThemeTemplate and handleDeleteThemeTemplate handlers validate that the authenticated user is a...

7.1CVSS5.3AI score0.00202EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/17 9:53 p.m.11 views

CVE-2026-12568 Arbitrary File Write in postman_download module

The postmandownload module uses the workspace name field from the Postman API to construct the local directory path without sanitization. If a malicious workspace has a name containing path traversal characters, pathlib resolves the path outside the intended output directory, allowing an attacker...

6.5CVSS5.4AI score0.00251EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:53 p.m.13 views

CVE-2026-50202 Steeltoe's static JWKS cache shared across schemes and never invalidated

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Security.Authentication.CloudFoundryBase prior to version 3.4.0, Steeltoe.Security.Authentication.JwtBearer prior to version 4.2.0, and...

5.9CVSS5.3AI score0.0029EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/17 9:51 p.m.11 views

CVE-2026-12567 Symlink-following arbitrary write via github_workflows module

The githubworkflows module constructs local directory paths from user-controlled repository names without validating for symlinks. A local attacker sharing the scan directory can plant a symlink at the predictable output path, causing workflow data to be written to an attacker-chosen location...

2.2CVSS5.2AI score0.00091EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:50 p.m.10 views

CVE-2026-44644 LiquidJS's strip_html filter bypass via newline characters in HTML tags enables XSS

LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. Versions 10.25.7 and below are vulnerable to XSS through a flaw in the striphtml filter logic. The striphtml filter is intended to remove HTML tags from a string before rendering, and is widely used as an XS...

6.1CVSS5.3AI score0.00203EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/17 9:48 p.m.11 views

CVE-2026-12566 SSRF via unvalidated WWW-Authenticate realm in docker_pull module

The dockerpull module uses the realm parameter from a Docker registry's WWW-Authenticate response header as the authentication endpoint without validation. An attacker in a man-in-the-middle position between bbot and a Docker registry could modify this header to redirect the authentication reques...

3.1CVSS5.5AI score0.00167EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:46 p.m.11 views

CVE-2026-50201 Steeltoe's sensitive actuators (heapdump/env) only require Restricted permission

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Management.Endpoint prior to version 4.2.0 and Steeltoe.Management.EndpointCore prior to version 3.4.0, all Steeltoe actuator endpoints default to...

6.5CVSS5.2AI score0.00231EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/17 9:45 p.m.12 views

CVE-2026-12565 Path Traversal (Zip-Slip) in unarchive module

The unarchive internal module's archive extraction commands perform no code-level validation on extracted file paths, relying entirely on the behavior of external tools e.g. GNU tar which varies by platform. While CVE-2025-10284 addressed git-specific RCE vectors, the underlying archive extractio...

5.3CVSS5.3AI score0.00208EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:44 p.m.11 views

CVE-2026-50200 Steeltoe's env sanitizer misses connection strings — leaks embedded DB passwords

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Management.Endpoint prior to version 4.2.0 and Steeltoe.Management.EndpointCore prior to version 3.4.0, the Sanitizer component in the Environment actuator...

7.5CVSS5.2AI score0.00185EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/17 9:42 p.m.13 views

CVE-2026-48997 e107: Command Injection via shell expansion in ImageMagick resize destination path

e107 is a content management system CMS. Versions 2.3.5 and earlier contain a command injection vulnerability in the ImageMagick resize destination path. In resizeimage, the source path is escaped with escapeshellarg, but the destination path is inserted inside raw double quotes in the convert...

7.1CVSS5.2AI score0.00747EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/17 9:37 p.m.9 views

CVE-2026-54386 marimo < 0.23.9 XSS via file Query Parameter in assets.py

marimo before 0.23.9 contains a reflected cross-site scripting vulnerability in the notebook page that allows unauthenticated attackers to inject arbitrary JavaScript by exploiting improper escaping of single quotes in the file query parameter reflected into an inline JavaScript string literal...

6.1CVSS5AI score0.00239EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/17 9:32 p.m.10 views

CVE-2026-48991 XianYuLauncher: Legacy Microsoft account OAuth sign-in flow lacks PKCE and state validation

XianYuLauncher is a Minecraft Java Edition launcher. In versions prior to 1.5.5, sensitive authentication artifacts could be exposed during a user-initiated login under certain local attack conditions. Affected versions relied on a fixed localhost redirect URI without PKCE or state validation...

5.5CVSS5.2AI score0.00127EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/17 9:19 p.m.9 views

CVE-2026-48820 CakePHP: View::element() is missing a path containment check

CakePHP is a rapid development framework for PHP. In versions 4.5.11 and earlier, 4.6.0 through 4.6.3, 5.0.0 through 5.1.6, 5.2.0 through 5.2.12, and 5.3.0 through 5.3.5, View::getElementFileName does not check that the resolved element path is within the application/plugin view template paths...

6.3CVSS5.4AI score0.00258EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:18 p.m.10 views

CVE-2026-50196 Steeltoe.Discovery.Eureka: Unrecognized DataCenterInfo.Name poisons entire registry fetch

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Discovery.Eureka prior to versions 4.2.0 and 3.4.0, DataCenterInfo.FromJson throws ArgumentException for any name value other than "MyOwn" or "Amazon", despite...

7.5CVSS5.4AI score0.00339EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/17 9:8 p.m.9 views

CVE-2026-48990 joserfc: b64=false RFC7797 JWS payloads bypass JWSRegistry payload-size limits during deserialization

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In versions 1.3.4 through 1.6.5, joserfc accepts oversized RFC7797 b64=false JWS payloads without applying JWSRegistry.maxpayloadlength, which can lead to resource exhaustion...

5.3CVSS5.3AI score0.00163EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/17 9:5 p.m.8 views

CVE-2026-8050 CVE-2026-8050

In SignalRGB versions prior to 1.3.7.0, seven of the thirteen IOCTL handlers dereference the SystemBuffer pointer without first verifying that it is non-NULL. Sending an IOCTL with an empty input buffer causes a NULL pointer dereference, resulting in a kernel crash...

5.5AI score0.00278EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:5 p.m.5 views

CVE-2026-8049 CVE-2026-8049

In SignalRGB versions prior to 1.3.7.0, the \.\SignalIo device object is created without an explicit SDDL security descriptor and without FILEDEVICESECUREOPEN. This results in overly permissive default access control, allowing any authenticated local user to obtain a handle to the device and issu...

5.9AI score0.00087EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/17 9:5 p.m.8 views

CVE-2026-12530 Improper neutralization of argument delimiters in AWS Bedrock AgentCore Python SDK install_packages()

Improper neutralization of argument delimiters in the installpackages method in AWS Bedrock AgentCore Python SDK versions = 1.1.3 and 1.6.1 might allow a remote authenticated user to execute arbitrary commands within the Code Interpreter sandbox via crafted package name arguments. To mitigate thi...

8.4CVSS6AI score0.00302EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/17 9:3 p.m.7 views

CVE-2026-50194 Steeltoe vulnerable to management-port isolation bypass via spoofed Host header

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. When Steeltoe management endpoints versions 3.2.2 through 3.3.0 and 4.1.0 are configured to listen on an alternate port Management:Endpoints:Port is configured, the...

8.2CVSS5.4AI score0.00238EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/17 9:2 p.m.11 views

CVE-2026-48989 Windows-MCP: HTTP transports expose unauthenticated PowerShell control with wildcard CORS

Windows-MCP is an open-source project that integrates AI agents with Windows. In versions prior to 0.7.5, certain HTTP modes exposed the MCP control plane without authentication while enabling wildcard CORS alloworigins=, allowmethods=, allowheaders=. Because the same server also exposed a...

9.3CVSS5.5AI score0.00397EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/17 8:54 p.m.8 views

CVE-2026-48988 markdown-it: Quadratic complexity DoS in smartquotes rule via replaceAt string operations

markdown-it is a Markdown parser. Versions 14.1.1 and below contain a denial-of-service vulnerability when typographer: true is enabled, due to quadratic On^2 processing in the smartquotes rule. The issue stems from repeatedly modifying strings with replaceAt, which performs On slicing and...

5.3CVSS5.2AI score0.00306EPSS
Exploits1References2
Total number of security vulnerabilities161712