Lucene search
K

368585 matches found

CVE
CVE
added 3 days ago12 views

CVE-2026-58467

Cockpit CMS prior to release 364 is affected by a path traversal and local file inclusion vulnerability. Unauthenticated attackers can craft a request (via the URL’s PATH_INFO in REQUEST_URI) to reach arbitrary files; if the resolved path ends with .php, it may be passed to include(), enabling lo...

8.2CVSS6AI score0.0042EPSS
Exploits0References3
CVE
CVE
added 3 days ago9 views

CVE-2026-58466

AutoBangumi prior to version 3.2.8 contains a hard-coded default-credentials vulnerability. When the users table is empty, a default administrator account is seeded at startup via add_default_user() in the database user module, allowing unauthenticated attackers to authenticate as admin by submit...

9.8CVSS5.8AI score0.00505EPSS
Exploits0References4
CVE
CVE
added 3 days ago9 views

CVE-2026-52739

Technical details are not publicly available in the provided documents. This CVE entry is reserved; monitor for updates.

Exploits0References7
CVE
CVE
added 3 days ago11 views

CVE-2026-58381

CVE-2026-58381 affects GIMP's PSP file format parser. A double-free in read_layer_block() when processing a specially crafted PSP file can cause memory corruption, potentially leading to denial of service or arbitrary code execution. The provided data includes a CVSSv3.1 vector (AV:L/AC:L/PR:L/UI...

6.1CVSS6.1AI score0.00118EPSS
Exploits0References4
CVE
CVE
added 3 days ago10 views

CVE-2026-52738

Technical details are not publicly available in the provided documents. Monitor for updates to CVE-2026-52738 for potential disclosure, affected products, impact, or remedies.

Exploits0References4
CVE
CVE
added 3 days ago7 views

CVE-2026-52737

Technical details for CVE-2026-52737 are not publicly available in the provided documents. No affected products, vectors, or remediation are stated. Monitor for updates as new information is published.

Exploits0References4
CVE
CVE
added 3 days ago12 views

CVE-2026-59102

CVE-2026-59102 affects Forgejo prior to 15.0.3, with a stored XSS in the Actions run page when DEFAULT_SHOW_FULL_NAME is enabled. The description shows that an authenticated attacker can inject an HTML payload into the full name, which is interpolated into an HTML string via a translation functio...

5.4CVSS6AI score0.00199EPSS
Exploits0References4
CVE
CVE
added 3 days ago15 views

CVE-2026-59101

AutoBangumi

6.9CVSS6AI score0.00321EPSS
Exploits0References4
CVE
CVE
added 3 days ago9 views

CVE-2026-52735

Technical details for CVE-2026-52735 are not publicly available in the provided documents. Monitor for updates as information becomes available.

Exploits0References8
CVE
CVE
added 3 days ago9 views

CVE-2026-59100

CVE-2026-59100 affects LobeChat up to version 2.2.9. It describes a broken object level authorization allowing authenticated attackers to access and modify other users’ chat-group agent data by supplying arbitrary group identifiers. Attackers can call getGroupAgents, updateAgentInGroup, and remov...

5CVSS5.9AI score0.0018EPSS
Exploits0References4
CVE
CVE
added 3 days ago8 views

CVE-2026-52736

Technical details for CVE-2026-52736 are not provided in the supplied documents; no affected products, vectors, or remediation are disclosed. Monitor for updates.

Exploits0References6
CVE
CVE
added 3 days ago16 views

CVE-2026-59099

Apereo CAS: vulnerability in 7.3.0 prior to 8.0.0-RC6 due to AES-GCM IV reuse across server lifetime, enabling remote unauthenticated attackers to recover plaintext webflow conversation state by known-plaintext analysis on multiple client-side webflow tokens collected from the unauthenticated log...

9.3CVSS6AI score0.00356EPSS
Exploits0References5
CVE
CVE
added 3 days ago9 views

CVE-2026-59098

CVE-2026-59098 affects LobeChat up to version 2.2.9. A broken access control in the retrieval-augmented-generation semantic search functionality allows an authenticated attacker to access another user’s data by exploiting missing user-identifier predicates in the chunk model semanticSearch method...

7.1CVSS5.9AI score0.00238EPSS
Exploits0References4
CVE
CVE
added 3 days ago8 views

CVE-2026-59097

Taiga (software) prior to version 6.10.2 contains a missing authorization vulnerability that lets unauthenticated remote attackers create default due-date records in any project by abusing unprotected POST endpoints on the user-story, task, and issue due-date API viewsets. An arbitrary project id...

6.9CVSS6AI score0.00344EPSS
Exploits0References5
CVE
CVE
added 3 days ago9 views

CVE-2026-59096

Dapr Sentry’s OIDC discovery endpoint can be poisoned: the issuer and jwks_uri in /.well-known/openid-configuration are derived from the request Host via an attacker-controlled X-Forwarded-Host when oidc-allowed-hosts is not configured, and the document is cached for one hour. This allows remote ...

8.2CVSS5.8AI score0.00246EPSS
Exploits0References4
CVE
CVE
added 3 days ago10 views

CVE-2026-59095

CVE-2026-59095 affects LobeChat prior to 2.2.10-canary.18. It is a server-side request forgery (SSRF) vulnerability where authenticated attackers can supply input to the skill import service (importFromUrl) and topic cover update (fetchImageFromUrl) endpoints that use the global fetch without the...

8.3CVSS5.9AI score0.00235EPSS
Exploits0References3
CVE
CVE
added 3 days ago8 views

CVE-2026-59094

Affected software: Pathway, affected up to v0.31.1. Vulnerability: document store applies a caller-supplied glob pattern to indexed document paths via a hand-written recursive matcher that branches on each ** token without memoization, yielding exponential worst-case complexity. The pattern from ...

8.7CVSS5.9AI score0.0047EPSS
Exploits0References4
CVE
CVE
added 3 days ago10 views

CVE-2026-59093

Weaviate prior to 1.38.0 fails to verify that a principal granting RBAC roles actually has permissions within those roles. The assignRoleToUser and assignRoleToGroup endpoints (POST /authz/users/{id}/assign, /authz/groups/{id}/assign) only check that the caller may assign roles, not the permissio...

8.8CVSS5.8AI score0.00289EPSS
Exploits0References4
CVE
CVE
added 3 days ago9 views

CVE-2026-59092

JuiceFS

7.7CVSS5.9AI score0.00266EPSS
Exploits0References4
CVE
CVE
added 3 days ago11 views

CVE-2026-58580

LobeChat up to version 2.2.9 is affected by broken object-level authorization in MessageModel. An authenticated user who knows another user’s non-enumerable message identifier can overwrite that victim’s plugin tool‑call metadata, plugin state/error, and TTS/translation records via tRPC message p...

6CVSS5.8AI score0.00154EPSS
Exploits0References2
Rows per page
Query Builder