| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-34444 | Cri | 0.65 | 10.0 | 0.01 | Apr 6, 2026 | Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attribute_filter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass the intended restrictions and… | ||
| CVE-2026-34208 | Cri | 0.65 | 10.0 | 0.01 | Apr 6, 2026 | SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, SandboxJS blocks direct assignment to global objects (for example Math.random = ...), but this protection can be bypassed through an exposed callable constructor path: this.constructor.call(target, attackerObject).… | ||
| CVE-2026-31151 | Cri | 0.64 | 9.8 | 0.00 | Apr 6, 2026 | An issue in the login mechanism of Kaleris YMS v7.2.2.1 allows attackers to bypass login verification to access the application 's resources. | ||
| CVE-2026-31059 | Cri | 0.64 | 9.8 | 0.01 | Apr 6, 2026 | A remote command execution (RCE) vulnerability in the /goform/formDia component of UTT Aggressive HiPER 520W v3v1.7.7-180627 allows attackers to execute arbitrary commands via a crafted string. | ||
| CVE-2026-26026 | Cri | 0.52 | 9.1 | 0.00 | Apr 6, 2026 | GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, template injection by an administrator lead to RCE. This vulnerability is fixed in 11.0.6. | ||
| CVE-2026-31405 | Cri | 0.57 | 9.8 | 0.01 | Apr 6, 2026 | In the Linux kernel, the following vulnerability has been resolved: media: dvb-net: fix OOB access in ULE extension header tables The ule_mandatory_ext_handlers[] and ule_optional_ext_handlers[] tables in handle_one_ule_extension() are declared with 255 elements (valid indices… | ||
| CVE-2019-25687 | Cri | 0.64 | 9.8 | 0.01 | Apr 5, 2026 | Pegasus CMS 1.0 contains a remote code execution vulnerability in the extra_fields.php plugin that allows unauthenticated attackers to execute arbitrary commands by exploiting unsafe eval functionality. Attackers can send POST requests to the submit.php endpoint with malicious… | ||
| CVE-2018-25254 | Cri | 0.64 | 9.8 | 0.01 | Apr 4, 2026 | NICO-FTP 3.0.1.19 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending crafted FTP commands. Attackers can connect to the FTP service and send oversized data in response handlers to overwrite SEH… | ||
| CVE-2016-20052 | Cri | 0.64 | 9.8 | 0.01 | Apr 4, 2026 | Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files including PHP executables to the snews_files directory. Attackers can upload malicious PHP files through the multipart form-data upload endpoint and… | ||
| CVE-2026-35616 | Cri | 0.78 | 9.8 | 0.89 | KEV | Apr 4, 2026 | A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests. | |
| CVE-2026-34953 | Cri | 0.52 | 9.1 | 0.00 | Apr 3, 2026 | PraisonAI is a multi-agent teams system. Prior to version 4.5.97, OAuthManager.validate_token() returns True for any token not found in its internal store, which is empty by default. Any HTTP request to the MCP server with an arbitrary Bearer token is treated as authenticated,… | ||
| CVE-2026-34952 | Cri | 0.52 | 9.1 | 0.00 | Apr 3, 2026 | PraisonAI is a multi-agent teams system. Prior to version 4.5.97, the PraisonAI Gateway server accepts WebSocket connections at /ws and serves agent topology at /info with no authentication. Any network client can connect, enumerate registered agents, and send arbitrary messages… | ||
| CVE-2026-34938 | Cri | 0.65 | 10.0 | 0.01 | Apr 3, 2026 | PraisonAI is a multi-agent teams system. Prior to version 1.5.90, execute_code() in praisonai-agents runs attacker-controlled Python inside a three-layer sandbox that can be fully bypassed by passing a str subclass with an overridden startswith() method to the _safe_getattr… | ||
| CVE-2026-34935 | Cri | 0.57 | 9.8 | 0.01 | Apr 3, 2026 | PraisonAI is a multi-agent teams system. From version 4.5.15 to before version 4.5.69, the --mcp CLI argument is passed directly to shlex.split() and forwarded through the call chain to anyio.open_process() with no validation, allowlist check, or sanitization at any hop,… | ||
| CVE-2026-34934 | Cri | 0.57 | 9.8 | 0.01 | Apr 3, 2026 | PraisonAI is a multi-agent teams system. Prior to version 4.5.90, the get_all_user_threads function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from the database. An attacker stores a malicious thread ID via update_thread. When the application… | ||
| CVE-2026-34612 | Cri | 0.57 | 9.9 | 0.01 | Apr 3, 2026 | Kestra is an open-source, event-driven orchestration platform. Prior to version 1.3.7, Kestra (default docker-compose deployment) contains a SQL Injection vulnerability that leads to Remote Code Execution (RCE) in the following endpoint "GET /api/v1/main/flows/search". Once a… | ||
| CVE-2021-4477 | Cri | 0.59 | 9.1 | 0.00 | Apr 3, 2026 | Hirschmann HiLCOS OpenBAT and BAT450 products contain a firewall bypass vulnerability in IPv6 IPsec deployments that allows traffic from VPN connections to bypass configured firewall rules. Attackers can exploit this vulnerability by establishing IPv6 IPsec connections (IKEv1 or… | ||
| CVE-2018-25236 | Cri | 0.64 | 9.8 | 0.01 | Apr 3, 2026 | Hirschmann HiOS and HiSecOS products RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, RED, EAGLE contain an authentication bypass vulnerability in the HTTP(S) management module that allows unauthenticated remote attackers to gain administrative access by crafting specially formed… | ||
| CVE-2017-20236 | Cri | 0.64 | 9.8 | 0.01 | Apr 3, 2026 | ProSoft Technology ICX35-HWC versions 1.3 and prior cellular gateways contain an input validation vulnerability in the web user interface that allows remote attackers to inject and execute system commands by submitting malicious input through unvalidated fields. Attackers can… | ||
| CVE-2017-20235 | Cri | 0.59 | 9.1 | 0.00 | Apr 3, 2026 | ProSoft Technology ICX35-HWC version 1.3 and prior cellular gateways contain an authentication bypass vulnerability in the web user interface that allows unauthenticated attackers to gain access to administrative functions without valid credentials. Attackers can bypass the… | ||
| CVE-2017-20234 | Cri | 0.64 | 9.8 | 0.00 | Apr 3, 2026 | GarrettCom Magnum 6K and 10K managed switches contain an authentication bypass vulnerability that allows unauthenticated attackers to gain unauthorized access by exploiting a hardcoded string in the authentication mechanism. Attackers can bypass login controls to access… | ||
| CVE-2026-27634 | Cri | 0.57 | 9.8 | 0.01 | Apr 3, 2026 | Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, the four date filter parameters (f_min_date_available, f_max_date_available, f_min_date_created, f_max_date_created) in ws_std_image_sql_filter() are concatenated directly into SQL without… | ||
| CVE-2018-25237 | Cri | 0.64 | 9.8 | 0.01 | Apr 3, 2026 | Hirschmann HiSecOS devices versions prior to 05.3.03 contain a buffer overflow vulnerability in the HTTPS login interface when RADIUS authentication is enabled that allows remote attackers to crash the device or execute arbitrary code by submitting a password longer than 128… | ||
| CVE-2026-28766 | Cri | 0.60 | 9.3 | 0.00 | Apr 3, 2026 | A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication. | ||
| CVE-2026-25197 | Cri | 0.59 | 9.1 | 0.00 | Apr 3, 2026 | A specific endpoint allows authenticated users to pivot to other user profiles by modifying the id number in the API call. | ||
| CVE-2017-20237 | Cri | 0.64 | 9.8 | 0.01 | Apr 3, 2026 | Hirschmann Industrial HiVision versions prior to 06.0.07 and 07.0.03 contains an authentication bypass vulnerability in the master service that allows unauthenticated remote attackers to execute arbitrary commands with administrative privileges. Attackers can invoke exposed… | ||
| CVE-2026-28798 | Cri | 0.52 | 9.0 | 0.00 | Apr 3, 2026 | ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. Prior to version 1.5.3, a proxy endpoint (/v1/sys/proxy) exposed by ZimaOS's web interface can be abused (via an externally reachable domain using a Cloudflare Tunnel) to make requests… | ||
| CVE-2026-32186 | Cri | 0.65 | 10.0 | 0.01 | Apr 3, 2026 | Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to elevate privileges over a network. | ||
| CVE-2026-0545 | Cri | 0.65 | 9.8 | 0.04 | Apr 3, 2026 | In mlflow/mlflow, the FastAPI job endpoints under `/ajax-api/3.0/jobs/*` are not protected by authentication or authorization when the `basic-auth` app is enabled. This vulnerability affects the latest version of the repository. If job execution is enabled… | ||
| CVE-2026-28373 | Cri | 0.62 | 9.6 | 0.00 | Apr 3, 2026 | The Stackfield Desktop App before 1.10.2 for macOS and Windows contains a path traversal vulnerability in certain decryption functionality when processing the filePath property. A malicious export can write arbitrary content to any path on the victim's filesystem. | ||
| CVE-2026-35216 | Cri | 0.52 | 9.0 | 0.12 | Apr 3, 2026 | Budibase is an open-source low-code platform. Prior to version 3.33.4, an unauthenticated attacker can achieve Remote Code Execution (RCE) on the Budibase server by triggering an automation that contains a Bash step via the public webhook endpoint. No authentication is required… | ||
| CVE-2026-31818 | Cri | 0.55 | 9.6 | 0.00 | Apr 3, 2026 | Budibase is an open-source low-code platform. Prior to version 3.33.4, a server-side request forgery (SSRF) vulnerability exists in Budibase's REST datasource connector. The platform's SSRF protection mechanism (IP blacklist) is rendered completely ineffective because the… | ||
| CVE-2026-31402 | Cri | 0.57 | 9.8 | 0.00 | Apr 3, 2026 | In the Linux kernel, the following vulnerability has been resolved: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache The NFSv4.0 replay cache uses a fixed 112-byte inline buffer (rp_ibuf[NFSD4_REPLAY_ISIZE]) to store encoded operation responses. This size was calculated… | ||
| CVE-2026-23455 | Cri | 0.52 | 9.1 | 0.01 | Apr 3, 2026 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() In DecodeQ931(), the UserUserIE code path reads a 16-bit length from the packet, then decrements it by 1 to skip the protocol discriminator… | ||
| CVE-2026-23450 | Cri | 0.57 | 9.8 | 0.00 | Apr 3, 2026 | In the Linux kernel, the following vulnerability has been resolved: net/smc: fix NULL dereference and UAF in smc_tcp_syn_recv_sock() Syzkaller reported a panic in smc_tcp_syn_recv_sock() [1]. smc_tcp_syn_recv_sock() is called in the TCP receive path (softirq) via… | ||
| CVE-2026-23428 | Cri | 0.57 | 9.8 | 0.00 | Apr 3, 2026 | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free of share_conf in compound request smb2_get_ksmbd_tcon() reuses work->tcon in compound requests without validating tcon->t_state. ksmbd_tree_conn_lookup() checks t_state ==… | ||
| CVE-2026-23427 | Cri | 0.57 | 9.8 | 0.00 | Apr 3, 2026 | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in durable v2 replay of active file handles parse_durable_handle_context() unconditionally assigns dh_info->fp->conn to the current connection when handling a DURABLE_REQ_V2 context… | ||
| CVE-2026-33107 | Cri | 0.65 | 10.0 | 0.01 | Apr 3, 2026 | Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate privileges over a network. | ||
| CVE-2026-33105 | Cri | 0.65 | 10.0 | 0.01 | Apr 3, 2026 | Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network. | ||
| CVE-2026-32213 | Cri | 0.65 | 10.0 | 0.01 | Apr 3, 2026 | Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network. | ||
| CVE-2026-32211 | Cri | 0.59 | 9.1 | 0.01 | Apr 3, 2026 | Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2026-26135 | Cri | 0.62 | 9.6 | 0.01 | Apr 3, 2026 | Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2026-35053 | Cri | 0.57 | 9.8 | 0.01 | Apr 2, 2026 | OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, the Worker service's ManualAPI exposes workflow execution endpoints (GET /workflow/manual/run/:workflowId and POST /workflow/manual/run/:workflowId) without any authentication… | ||
| CVE-2026-34932 | Cri | 0.53 | 9.3 | 0.00 | Apr 2, 2026 | hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is a stored XSS vulnerability that can lead to CSRF. This issue has been patched in version 2026.3.0. | ||
| CVE-2026-34931 | Cri | 0.55 | 9.6 | 0.00 | Apr 2, 2026 | hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is an open redirect vulnerability that leads to token exfiltration. With these tokens, the attacker can sign in as the victim to takeover their account. This issue has been patched in… | ||
| CVE-2026-34838 | Cri | 0.57 | 9.9 | 0.01 | Apr 2, 2026 | Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.156, 25.0.90, and 26.0.12, a vulnerability in the AbstractSettingsCollection model leads to insecure deserialization when these settings are loaded. By injecting a serialized… | ||
| CVE-2024-14034 | Cri | 0.64 | 9.8 | 0.00 | Apr 2, 2026 | Hirschmann HiEOS devices versions prior to 01.1.00 contain an authentication bypass vulnerability in the HTTP(S) management module that allows unauthenticated remote attackers to gain administrative access by sending specially crafted HTTP(S) requests. Attackers can exploit… | ||
| CVE-2026-34758 | Cri | 0.52 | 9.1 | 0.00 | Apr 2, 2026 | OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, unauthenticated access to Notification test and Phone Number management endpoints allows SMS/Call/Email/WhatsApp abuse and phone number purchase. This issue has been patched in version… | ||
| CVE-2026-34745 | Cri | 0.52 | 9.1 | 0.01 | Apr 2, 2026 | Fireshare facilitates self-hosted media and link sharing. Prior to version 1.5.3, the fix for CVE-2026-33645 was applied to the authenticated /api/uploadChunked endpoint but was not applied to the unauthenticated /api/uploadChunked/public endpoint in the same file… | ||
| CVE-2026-34717 | Cri | 0.57 | 9.9 | 0.00 | Apr 2, 2026 | OpenProject is an open-source, web-based project management software. Prior to version 17.2.3, the =n operator in modules/reporting/lib/report/operator.rb:177 embeds user input directly into SQL WHERE clauses without parameterization. This issue has been patched in version… |
- risk 0.65cvss 10.0epss 0.01
Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attribute_filter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass the intended restrictions and…
- risk 0.65cvss 10.0epss 0.01
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, SandboxJS blocks direct assignment to global objects (for example Math.random = ...), but this protection can be bypassed through an exposed callable constructor path: this.constructor.call(target, attackerObject).…
- risk 0.64cvss 9.8epss 0.00
An issue in the login mechanism of Kaleris YMS v7.2.2.1 allows attackers to bypass login verification to access the application 's resources.
- risk 0.64cvss 9.8epss 0.01
A remote command execution (RCE) vulnerability in the /goform/formDia component of UTT Aggressive HiPER 520W v3v1.7.7-180627 allows attackers to execute arbitrary commands via a crafted string.
- risk 0.52cvss 9.1epss 0.00
GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, template injection by an administrator lead to RCE. This vulnerability is fixed in 11.0.6.
- risk 0.57cvss 9.8epss 0.01
In the Linux kernel, the following vulnerability has been resolved: media: dvb-net: fix OOB access in ULE extension header tables The ule_mandatory_ext_handlers[] and ule_optional_ext_handlers[] tables in handle_one_ule_extension() are declared with 255 elements (valid indices…
- risk 0.64cvss 9.8epss 0.01
Pegasus CMS 1.0 contains a remote code execution vulnerability in the extra_fields.php plugin that allows unauthenticated attackers to execute arbitrary commands by exploiting unsafe eval functionality. Attackers can send POST requests to the submit.php endpoint with malicious…
- risk 0.64cvss 9.8epss 0.01
NICO-FTP 3.0.1.19 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending crafted FTP commands. Attackers can connect to the FTP service and send oversized data in response handlers to overwrite SEH…
- risk 0.64cvss 9.8epss 0.01
Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files including PHP executables to the snews_files directory. Attackers can upload malicious PHP files through the multipart form-data upload endpoint and…
- risk 0.78cvss 9.8epss 0.89
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.
- risk 0.52cvss 9.1epss 0.00
PraisonAI is a multi-agent teams system. Prior to version 4.5.97, OAuthManager.validate_token() returns True for any token not found in its internal store, which is empty by default. Any HTTP request to the MCP server with an arbitrary Bearer token is treated as authenticated,…
- risk 0.52cvss 9.1epss 0.00
PraisonAI is a multi-agent teams system. Prior to version 4.5.97, the PraisonAI Gateway server accepts WebSocket connections at /ws and serves agent topology at /info with no authentication. Any network client can connect, enumerate registered agents, and send arbitrary messages…
- risk 0.65cvss 10.0epss 0.01
PraisonAI is a multi-agent teams system. Prior to version 1.5.90, execute_code() in praisonai-agents runs attacker-controlled Python inside a three-layer sandbox that can be fully bypassed by passing a str subclass with an overridden startswith() method to the _safe_getattr…
- risk 0.57cvss 9.8epss 0.01
PraisonAI is a multi-agent teams system. From version 4.5.15 to before version 4.5.69, the --mcp CLI argument is passed directly to shlex.split() and forwarded through the call chain to anyio.open_process() with no validation, allowlist check, or sanitization at any hop,…
- risk 0.57cvss 9.8epss 0.01
PraisonAI is a multi-agent teams system. Prior to version 4.5.90, the get_all_user_threads function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from the database. An attacker stores a malicious thread ID via update_thread. When the application…
- risk 0.57cvss 9.9epss 0.01
Kestra is an open-source, event-driven orchestration platform. Prior to version 1.3.7, Kestra (default docker-compose deployment) contains a SQL Injection vulnerability that leads to Remote Code Execution (RCE) in the following endpoint "GET /api/v1/main/flows/search". Once a…
- risk 0.59cvss 9.1epss 0.00
Hirschmann HiLCOS OpenBAT and BAT450 products contain a firewall bypass vulnerability in IPv6 IPsec deployments that allows traffic from VPN connections to bypass configured firewall rules. Attackers can exploit this vulnerability by establishing IPv6 IPsec connections (IKEv1 or…
- risk 0.64cvss 9.8epss 0.01
Hirschmann HiOS and HiSecOS products RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, RED, EAGLE contain an authentication bypass vulnerability in the HTTP(S) management module that allows unauthenticated remote attackers to gain administrative access by crafting specially formed…
- risk 0.64cvss 9.8epss 0.01
ProSoft Technology ICX35-HWC versions 1.3 and prior cellular gateways contain an input validation vulnerability in the web user interface that allows remote attackers to inject and execute system commands by submitting malicious input through unvalidated fields. Attackers can…
- risk 0.59cvss 9.1epss 0.00
ProSoft Technology ICX35-HWC version 1.3 and prior cellular gateways contain an authentication bypass vulnerability in the web user interface that allows unauthenticated attackers to gain access to administrative functions without valid credentials. Attackers can bypass the…
- risk 0.64cvss 9.8epss 0.00
GarrettCom Magnum 6K and 10K managed switches contain an authentication bypass vulnerability that allows unauthenticated attackers to gain unauthorized access by exploiting a hardcoded string in the authentication mechanism. Attackers can bypass login controls to access…
- risk 0.57cvss 9.8epss 0.01
Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, the four date filter parameters (f_min_date_available, f_max_date_available, f_min_date_created, f_max_date_created) in ws_std_image_sql_filter() are concatenated directly into SQL without…
- risk 0.64cvss 9.8epss 0.01
Hirschmann HiSecOS devices versions prior to 05.3.03 contain a buffer overflow vulnerability in the HTTPS login interface when RADIUS authentication is enabled that allows remote attackers to crash the device or execute arbitrary code by submitting a password longer than 128…
- risk 0.60cvss 9.3epss 0.00
A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication.
- risk 0.59cvss 9.1epss 0.00
A specific endpoint allows authenticated users to pivot to other user profiles by modifying the id number in the API call.
- risk 0.64cvss 9.8epss 0.01
Hirschmann Industrial HiVision versions prior to 06.0.07 and 07.0.03 contains an authentication bypass vulnerability in the master service that allows unauthenticated remote attackers to execute arbitrary commands with administrative privileges. Attackers can invoke exposed…
- risk 0.52cvss 9.0epss 0.00
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. Prior to version 1.5.3, a proxy endpoint (/v1/sys/proxy) exposed by ZimaOS's web interface can be abused (via an externally reachable domain using a Cloudflare Tunnel) to make requests…
- risk 0.65cvss 10.0epss 0.01
Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to elevate privileges over a network.
- risk 0.65cvss 9.8epss 0.04
In mlflow/mlflow, the FastAPI job endpoints under `/ajax-api/3.0/jobs/*` are not protected by authentication or authorization when the `basic-auth` app is enabled. This vulnerability affects the latest version of the repository. If job execution is enabled…
- risk 0.62cvss 9.6epss 0.00
The Stackfield Desktop App before 1.10.2 for macOS and Windows contains a path traversal vulnerability in certain decryption functionality when processing the filePath property. A malicious export can write arbitrary content to any path on the victim's filesystem.
- risk 0.52cvss 9.0epss 0.12
Budibase is an open-source low-code platform. Prior to version 3.33.4, an unauthenticated attacker can achieve Remote Code Execution (RCE) on the Budibase server by triggering an automation that contains a Bash step via the public webhook endpoint. No authentication is required…
- risk 0.55cvss 9.6epss 0.00
Budibase is an open-source low-code platform. Prior to version 3.33.4, a server-side request forgery (SSRF) vulnerability exists in Budibase's REST datasource connector. The platform's SSRF protection mechanism (IP blacklist) is rendered completely ineffective because the…
- risk 0.57cvss 9.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache The NFSv4.0 replay cache uses a fixed 112-byte inline buffer (rp_ibuf[NFSD4_REPLAY_ISIZE]) to store encoded operation responses. This size was calculated…
- risk 0.52cvss 9.1epss 0.01
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() In DecodeQ931(), the UserUserIE code path reads a 16-bit length from the packet, then decrements it by 1 to skip the protocol discriminator…
- risk 0.57cvss 9.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix NULL dereference and UAF in smc_tcp_syn_recv_sock() Syzkaller reported a panic in smc_tcp_syn_recv_sock() [1]. smc_tcp_syn_recv_sock() is called in the TCP receive path (softirq) via…
- risk 0.57cvss 9.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free of share_conf in compound request smb2_get_ksmbd_tcon() reuses work->tcon in compound requests without validating tcon->t_state. ksmbd_tree_conn_lookup() checks t_state ==…
- risk 0.57cvss 9.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in durable v2 replay of active file handles parse_durable_handle_context() unconditionally assigns dh_info->fp->conn to the current connection when handling a DURABLE_REQ_V2 context…
- risk 0.65cvss 10.0epss 0.01
Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate privileges over a network.
- risk 0.65cvss 10.0epss 0.01
Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network.
- risk 0.65cvss 10.0epss 0.01
Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network.
- risk 0.59cvss 9.1epss 0.01
Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information over a network.
- risk 0.62cvss 9.6epss 0.01
Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to elevate privileges over a network.
- risk 0.57cvss 9.8epss 0.01
OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, the Worker service's ManualAPI exposes workflow execution endpoints (GET /workflow/manual/run/:workflowId and POST /workflow/manual/run/:workflowId) without any authentication…
- risk 0.53cvss 9.3epss 0.00
hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is a stored XSS vulnerability that can lead to CSRF. This issue has been patched in version 2026.3.0.
- risk 0.55cvss 9.6epss 0.00
hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is an open redirect vulnerability that leads to token exfiltration. With these tokens, the attacker can sign in as the victim to takeover their account. This issue has been patched in…
- risk 0.57cvss 9.9epss 0.01
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.156, 25.0.90, and 26.0.12, a vulnerability in the AbstractSettingsCollection model leads to insecure deserialization when these settings are loaded. By injecting a serialized…
- risk 0.64cvss 9.8epss 0.00
Hirschmann HiEOS devices versions prior to 01.1.00 contain an authentication bypass vulnerability in the HTTP(S) management module that allows unauthenticated remote attackers to gain administrative access by sending specially crafted HTTP(S) requests. Attackers can exploit…
- risk 0.52cvss 9.1epss 0.00
OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, unauthenticated access to Notification test and Phone Number management endpoints allows SMS/Call/Email/WhatsApp abuse and phone number purchase. This issue has been patched in version…
- risk 0.52cvss 9.1epss 0.01
Fireshare facilitates self-hosted media and link sharing. Prior to version 1.5.3, the fix for CVE-2026-33645 was applied to the authenticated /api/uploadChunked endpoint but was not applied to the unauthenticated /api/uploadChunked/public endpoint in the same file…
- risk 0.57cvss 9.9epss 0.00
OpenProject is an open-source, web-based project management software. Prior to version 17.2.3, the =n operator in modules/reporting/lib/report/operator.rb:177 embeds user input directly into SQL WHERE clauses without parameterization. This issue has been patched in version…