Search

Found 53,828 results in 4419ms · Match type: Filtered list

CVE	Severity	CVSS	Risk	Flags	OS	Vendor	Published	Description
CVE-2026-47394	unknown	—	—				7d ago	PraisonAI vulnerable to unauthenticated arbitrary file read via MCP workflow.show, workflow.validate, deploy.validate
CVE-2026-47392	unknown	—	—				7d ago	PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode)
CVE-2026-47395	unknown	—	—				7d ago	PraisonAI CLI automatically resolves @url mentions in prompt text and can read loopback URLs into model context
CVE-2026-47393	unknown	—	—				7d ago	PraisonAI `deploy --type api` emits a Flask server with authentication disabled by default
CVE-2026-47396	unknown	—	—				7d ago	PraisonAI call server exposes unauthenticated agent listing, invocation, and deletion when CALL_SERVER_TOKEN is unset
CVE-2026-47390	unknown	—	—				7d ago	PraisonAI spider_tools SSRF protection bypass via alternate loopback host encodings
CVE-2026-47398	unknown	—	—				7d ago	PraisonAI: Arbitrary code execution via unguarded `spec.loader.exec_module` in `agents_generator.py` - sibling of CVE-2026-44334
CVE-2026-47268	unknown	—	—				7d ago	Nezha's authenticated DDNS webhook configuration allows blind SSRF from the dashboard host
CVE-2026-47233	unknown	—	—				7d ago	Admidio: Any logged-in user can delete inventory fields via `mode=field_delete` — incomplete fix of #2024
CVE-2026-47234	unknown	—	—				7d ago	Admidio writes session IDs and auto-login cookie values to application logs
CVE-2026-47232	unknown	—	—				7d ago	Admidio PKCS#12 private key export action lacks CSRF protection
CVE-2026-47231	unknown	—	—				7d ago	Admidio has IDOR in `documents-files.php` `mode=move_save` that lets any folder-uploader exfiltrate files from private folders
CVE-2026-47230	unknown	—	—				7d ago	Admidio: IDOR in documents-files.php allows cross-folder file rename and description changes by unauthorized uploaders
CVE-2026-47229	unknown	—	—				7d ago	Admidio: CSRF in SSO client `enable` action toggles SAML/OIDC clients without token validation
CVE-2026-47228	unknown	—	—				7d ago	Admidio's CSRF in registration `send_login` mode resets arbitrary user passwords
CVE-2026-47227	unknown	—	—				7d ago	Admidio module-administrator can delete or reorder categories owned by other modules via dead authorization check in `modules/categories.php`
CVE-2026-47226	unknown	—	—				7d ago	Admidio: Authorization bypass in file_delete enables cross-folder file removal by authenticated users without delete privileges
CVE-2026-47213	unknown	—	—				7d ago	BoxLite has a Timeout Bypass Vulnerability
CVE-2026-47211	unknown	—	—				7d ago	ouroboros-ai Vulnerable to Remote Code Execution via Untrusted Project-Directory .env
CVE-2026-47203	unknown	—	—				7d ago	Authelia Missing Username Canonicalization in Basic Auth (LDAP)
CVE-2026-47201	high	8.5	8.5			goauthentik	7d ago	authentik's XML Signature Wrapping in SAML Source ACS allows authentication as arbitrary federated user
CVE-2026-47695	unknown	—	—				7d ago	CC-Tweaked has an SSRF Protection Bypass with NAT64
CVE-2026-47184	unknown	—	—				7d ago	zeroconf has unbounded DNS record cache that allows LAN-local memory exhaustion via multicast flood
CVE-2026-48557	high	8.8	8.8				7d ago	Spatie Laravel Media Library before version 11.23.0 contains a file upload restriction bypass in FileAdder::defaultSanitizer(). The sanitizer checks only the final filename suffix, allowing double-ex…
CVE-2026-47123	high	7.5	7.5				7d ago	FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.220, the email processing pipeline in FreeScout's FetchEmails command has two code paths for identifyin…
CVE-2026-46599	high	7.5	7.5		debian		7d ago	The TIFF decoder does not place a limit on the size of PackBits-compressed data. A maliciously-crafted image can exploit this to cause a small image (both in terms of pixel width/height and encoded s…
CVE-2026-46527	high	7.5	7.5		debian sles	yhirose	7d ago	cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has called Server::set_trusted_proxies() with a non-empty trusted-proxy list, an att…
CVE-2026-45151	unknown	—	—				7d ago	NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In 0.24.8 and earlier, quic_stream_recv can dereference a null substream pointer when a substream is in reopen state. The code fi…
CVE-2026-44422	high	7.5	7.5	FIX	debian sles	freerdp	7d ago	FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's RDPEAR NDR parser accepts one non-null NDR pointer ref-id for multiple logical pointer fields without track…
CVE-2026-44421	high	8.8	8.8	FIX	debian sles	freerdp	7d ago	FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs.…
CVE-2026-44420	high	8.8	8.8	FIX	debian sles	freerdp	7d ago	FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard (cliprdr) channel …
CVE-2026-44285	high	7.7	7.7				7d ago	FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery (SSRF) vulnerability allows an authenticated attacker to bypass the global isInternalAddress network pro…
CVE-2026-47183	unknown	—	—				7d ago	zeroconf: Unbounded exception-dedup state retains packet buffers via traceback frame locals, enabling LAN-local memory exhaustion
CVE-2026-47180	unknown	—	—				7d ago	zeroconf has unbounded recursion in DNS compression-pointer decoder that allows LAN-local denial of service
CVE-2026-47260	unknown	—	—				7d ago	Koel Vulnerable to SSRF via Podcast Episode Enclosure URLs
CVE-2026-46705	unknown	—	—				7d ago	russh server userauth state is not reset when authentication principal changes
CVE-2026-46702	unknown	—	—				7d ago	russh: Post-decompression SSH packet size was not bounded, allowing remote oversized compressed packets
CVE-2026-47255	unknown	—	—				7d ago	AgenticMail API/storage and outbound relay hardening fixes
CVE-2026-47248	unknown	—	—				7d ago	Parse Server's GraphQL "Did you mean ...?" validation suggestions disclose schema to unauthenticated callers
CVE-2026-49383	low	3.3	3.3			jetbrains	7d ago	In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible
CVE-2026-49382	high	7.8	7.8			jetbrains	7d ago	In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin
CVE-2026-49374	high	7.6	7.6			jetbrains	7d ago	In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters
CVE-2026-49373	high	8.8	8.8			jetbrains	7d ago	In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings
CVE-2026-49372	high	7.5	7.5			jetbrains	7d ago	In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible
CVE-2026-49371	high	8.2	8.2			jetbrains	7d ago	In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible
CVE-2026-49370	high	7.5	7.5			jetbrains	7d ago	In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requests
CVE-2026-49367	high	8.8	8.8			jetbrains	7d ago	In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account
CVE-2026-49366	high	7.8	7.8			jetbrains	7d ago	In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion
CVE-2026-47740	high	8.1	8.1				7d ago	Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Multiple Filament actions on the admin Order detail and Order shipments table were callable by an authenticated low-privilege user withou…
CVE-2026-42941	high	8.3	8.3			macgregor	7d ago	The Danelec MacGregor Voyage Data Recorder device includes a default username and password, with no enforced password change.
CVE-2026-42929	high	8.3	8.3			macgregor	7d ago	Danelec MacGregor Voyage Data Recorder includes default accounts with hard-coded credentials.
CVE-2026-45324	low	3.3	3.3				7d ago	Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a double free in librz/core/cmd/cmd_search.c:byte_pattern_search() due wrong pointer ownership declared. This vul…
CVE-2026-45613	low	3.3	3.3				7d ago	Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a heap-buffer-overflow in librz/bin/format/omf/omf.c. This vulnerability is fixed by commit e6d0937c8a083e23ed76c…
CVE-2026-38739	unknown	—	—				7d ago	ezsystems/ezpublish-legacy has a SQL injection in dfscleanup
CVE-2026-46690	unknown	—	—				7d ago	unbounded-spsc: Sender::send pointer-as-value transmute causes OOB read and fake-Arc drop under TX/RX race
CVE-2026-47266	unknown	—	—				7d ago	formie's unauthenticated front-end submission editing can overwrite existing submissions
CVE-2026-48555	high	7.4	7.4				7d ago	Spatie Laravel Media Library before version 11.23.0 contains a server-side request forgery vulnerability that allows remote attackers to cause the server to issue arbitrary outbound HTTP requests by …
CVE-2026-4387	unknown	—	—				7d ago	StrongDM Desktop Application before 23.74.0 (Desktop Client before 53.77.0) on Microsoft Windows stores authentication state, including a JSON Web Token and asymmetric key material, in cleartext in a…
CVE-2026-47190	unknown	—	—				7d ago	IPAM controller service account granted unnecessary full access to Secrets
CVE-2026-47141	unknown	—	—				7d ago	NodeVM observability builtins leak host process and HTTP request data
CVE-2026-6824	high	8.4	8.4				7d ago	A stored cross-site scripting (XSS) vulnerability exists in certain 1xxx series NVR devices due to insufficient sanitization of user-supplied input in specific functional modules. Attackers can injec…
CVE-2026-5768	high	8.8	8.8				7d ago	The Frontier X2 device allows unauthenticated BLE read/write access to critical GATT characteristics without enforcing pairing authentication or authorization. This allows attackers within BLE range …
CVE-2026-45668	unknown	—	—				7d ago	Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Prior to 0.102.2, a malicious ZIP archive imported with safe import enabled…
CVE-2026-43917	unknown	—	—				7d ago	Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.19.0 and earlier, the protectedProcedure middleware only verifies the user is authenticated - it does NOT enforce organization scop…
CVE-2026-10108	high	7.5	7.5				7d ago	xiaomusic v0.5.7 contains an unauthenticated path traversal vulnerability in the GET /music/{file_path:path} endpoint that allows unauthenticated attackers to read arbitrary files outside the intende…
CVE-2026-10107	high	7.7	7.7				7d ago	MoviePilot v2 contains a server-side request forgery vulnerability in the image proxy endpoint that allows authenticated attackers to request arbitrary URLs by supplying a resource_token cookie and a…
CVE-2026-10105	high	8.3	8.3				7d ago	agno 2.6.5 contains a SQL injection vulnerability in the ClickHouse vector database backend that allows attackers to inject arbitrary SQL expressions by supplying malicious metadata keys and values t…
CVE-2026-47139	unknown	—	—				7d ago	NodeVM network builtin exclusions bypass via internal _http_client and _http_server
CVE-2026-47140	unknown	—	—				7d ago	NodeVM builtin denylist bypass via process and inspector/promises allows host code execution
CVE-2026-47210	unknown	—	—				7d ago	vm2 sandbox escape via JSPI-backed Promise `.finally()` species bypass
CVE-2026-47137	unknown	—	—				7d ago	vm2 has a CVE-2023-37903 patch bypass: nesting:true without explicit require still allows full RCE
CVE-2026-47209	unknown	—	—				7d ago	vm2's Bridge Proxy set trap ignores receiver parameter, enabling host object property injection via prototype chain
CVE-2026-47135	unknown	—	—				7d ago	vm2 has a sandbox escape via unblocked cross-realm Symbol.for keys + missing bridge write-trap symbol checks
CVE-2026-47208	unknown	—	—				7d ago	vm2 is Vulnerable to Sandbox Breakout Through Promise Species
CVE-2026-47131	unknown	—	—				7d ago	vm2 has a Sandbox Escape issue
CVE-2026-47200	unknown	—	—				7d ago	Nuxt's route middleware is not enforced when rendering `.server.vue` pages via `/__nuxt_island/page_*`
CVE-2026-45742	unknown	—	—				7d ago	Gotenberg has a Race Condition via Multipart `downloadFrom` Handling
CVE-2026-45741	unknown	—	—				7d ago	Gotenberg has an SSRF deny-list bypass in IsPublicIP via IPv6 6to4 / NAT64 / site-local prefixes
CVE-2026-44829	unknown	—	—				7d ago	Gotenberg has path traversal in zip entry name via Windows-style separators in upload filename
CVE-2026-9194	unknown	—	—				7d ago	Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accid…
CVE-2026-45662	high	8.8	8.8				7d ago	Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29.0 and earlier, the deleteRegistry function in Dokploy (packages/server/src/services/registry.ts) executes docker logout ${respon…
CVE-2026-39276	high	7.2	7.2				7d ago	The template upload feature in Emlog Pro v2.6.9 has a path traversal vulnerability, allowing authenticated administrators to execute arbitrary PHP code. By uploading a malicious ZIP archive containin…
CVE-2026-35674	high	8.8	8.8			openclaw	7d ago	OpenClaw before 2026.5.18 contains a scope bypass vulnerability in the Gateway chat.send route that allows scoped clients to execute privileged commands. Attackers with operator.write scope can deliv…
CVE-2026-35630	high	8.0	8.0			openclaw	7d ago	OpenClaw before 2026.5.18 contains an authorization bypass vulnerability in QQBot native approval buttons that fails to enforce configured approver identity. Non-approver users can click approval but…
CVE-2026-33386	unknown	—	—				7d ago	QuickCMS is vulnerable to Cross-Site Scripting (XSS) through its insecure HTTP-based plugin‑fetching mechanism. A malicious attacker can perform a Man‑in‑the‑Middle (MITM) attack by impersonating the…
CVE-2026-33384	unknown	—	—				7d ago	QuickCMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID f…
CVE-2026-32905	high	8.3	8.3			openclaw	7d ago	OpenClaw before 2026.5.4 contains an authorization bypass vulnerability in the bundled device-pair plugin that allows non-owner authorized chat senders to issue device-pairing bootstrap codes without…
CVE-2026-10069	high	7.5	7.5				7d ago	A vulnerability has been found in Shibby Tomato 1.28. The impacted element is an unknown function of the file usr/sbin/miniupnpd. Such manipulation leads to resource consumption. The attack may be la…
CVE-2026-10068	high	7.3	7.3				7d ago	A flaw has been found in Shibby Tomato 1.28. The affected element is the function send of the file usr/sbin/miniupnpd of the component SUBSCRIBE Call Handler. This manipulation causes server-side req…
CVE-2026-10067	high	8.8	8.8				7d ago	A vulnerability was detected in Shibby Tomato 1.28. Impacted is the function sub_90F0 of the file multimon.cgi. The manipulation results in stack-based buffer overflow. The attack can be launched rem…
CVE-2026-10066	high	8.8	8.8				7d ago	A security vulnerability has been detected in Shibby Tomato up to 1.28. This issue affects the function sub_9068 of the file tomatoups.cgi of the component UPS Service. The manipulation leads to stac…
CVE-2026-10065	high	8.8	8.8				7d ago	A weakness has been identified in Shibby Tomato 1.28. This vulnerability affects the function get_ups_field of the file tomatodata.cgi. Executing a manipulation of the argument Date can lead to stack…
CVE-2018-25404	high	8.2	8.2				7d ago	The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ticket_id parameter.…
CVE-2018-25403	high	8.2	8.2				7d ago	The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attack…
CVE-2018-25402	high	8.2	8.2				7d ago	The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attack…
CVE-2018-25401	high	8.2	8.2				7d ago	The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attack…
CVE-2018-25400	high	8.2	8.2				7d ago	The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Atta…
CVE-2018-25399	high	8.2	8.2				7d ago	The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tick_lat and tick_ln…
CVE-2018-25398	high	8.2	8.2				7d ago	The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the frm_passwd parameter…
CVE-2018-25396	high	7.5	7.5				7d ago	Heatmiser Wifi Thermostat 1.7 contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve administrative credentials by accessing the networkSetup.htm page. Attac…