πŸ” Search

Found 500 results for "cve"

Showing 241 - 260 of 500 results (limited to 500 results)

πŸ”’ CVE CRITICAL CVSS: 9.9 β€’ March 16, 2026

CVE-2026-32621

Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Prior to 2.9.6, 2.10.5, 2.11.6, 2.12.3, and 2.13.2, a vulnerability exists in query plan execution within the gateway that may allow pollution of Object.prototype in certain scenarios. A malicious client may be able to pollute Object.prototype in gateway directly by crafting operations with field aliases and/or variable names that target prototype-inheritable properties. Alternatively, if a subgraph were to be compromised by a malicious actor, they may be able to pollute Object.prototype in gateway by crafting JSON response payloads that target prototype-inheritable properties. This vulnerability is fixed in 2.9.6, 2.10.5, 2.11.6, 2.12.3, and 2.13.2.

EPSS: 0.0%
πŸ”’ CVE CRITICAL CVSS: 9.9 β€’ March 13, 2026

CVE-2026-32306

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.23, the telemetry aggregation API accepts user-controlled aggregationType, aggregateColumnName, and aggregationTimestampColumnName parameters and interpolates them directly into ClickHouse SQL queries via the .append() method (documented as "trusted SQL"). There is no allowlist, no parameterized query binding, and no input validation. An authenticated user can inject arbitrary SQL into ClickHouse, enabling full database read (including telemetry data from all tenants), data modification, and potential remote code execution via ClickHouse table functions. This vulnerability is fixed in 10.0.23.

EPSS: 0.4%
πŸ”’ CVE CRITICAL CVSS: 9.9 β€’ March 12, 2026

CVE-2026-21708

A vulnerability allowing a Backup Viewer to perform remote code execution (RCE) as the postgres user.

EPSS: 1.1%
πŸ”’ CVE CRITICAL CVSS: 9.9 β€’ March 12, 2026

CVE-2026-21669

A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.

EPSS: 0.2%
πŸ”’ CVE CRITICAL CVSS: 9.9 β€’ March 12, 2026

CVE-2026-21667

A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.

EPSS: 0.3%
πŸ”’ CVE CRITICAL CVSS: 9.9 β€’ March 12, 2026

CVE-2026-21666

A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.

EPSS: 0.3%
πŸ”’ CVE CRITICAL CVSS: 9.9 β€’ March 11, 2026

CVE-2026-27591

Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Prior to 1.0.477, 1.1.12, and 1.2.12, Winter CMS allowed authenticated backend users to escalate their accounts level of access to the system by modifying the roles / permissions assigned to their account through specially crafted requests to the backend while logged in. To actively exploit this security issue, an attacker would need access to the Backend with a user account with any level of access. This vulnerability is fixed in 1.0.477, 1.1.12, and 1.2.12.

EPSS: 0.1%
πŸ”’ CVE CRITICAL CVSS: 9.9 β€’ March 11, 2026

CVE-2025-66956

Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote attackers to access and execute attachments via a computable URL.

EPSS: 0.1%
πŸ”’ CVE CRITICAL CVSS: 9.9 β€’ March 10, 2026

CVE-2026-30957

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, OneUptime Synthetic Monitors allow a low-privileged authenticated project user to execute arbitrary commands on the oneuptime-probe server/container. The root cause is that untrusted Synthetic Monitor code is executed inside Node's vm while live host-realm Playwright browser and page objects are exposed to it. A malicious user can call Playwright APIs on the injected browser object and cause the probe to spawn an attacker-controlled executable. This is a server-side remote code execution issue. It does not require a separate vm sandbox escape. This vulnerability is fixed in 10.0.21.

EPSS: 0.2%
πŸ”’ CVE CRITICAL CVSS: 9.9 β€’ March 10, 2026

CVE-2026-30956

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, a low‑privileged user can bypass authorization and tenant isolation in OneUptime v10.0.20 and earlier by sending a forged is-multi-tenant-query header together with a controlled projectid header. Because the server trusts this client-supplied header, internal permission checks in BasePermission are skipped and tenant scoping is disabled. This allows attackers to access project data belonging to other tenants, read sensitive User fields via nested relations, leak plaintext resetPasswordToken, and reset the victim’s password and fully take over the account. This results in cross‑tenant data exposure and full account takeover. This vulnerability is fixed in 10.0.21.

EPSS: 0.0%
πŸ”’ CVE CRITICAL CVSS: 9.9 β€’ March 10, 2026

CVE-2026-30921

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.20, OneUptime Synthetic Monitors allow low-privileged project users to submit custom Playwright code that is executed on the oneuptime-probe service. In the current implementation, this untrusted code is run inside Node's vm and is given live host Playwright objects such as browser and page. This creates a distinct server-side RCE primitive: the attacker does not need the classic this.constructor.constructor(...) sandbox escape. Instead, the attacker can directly use the injected Playwright browser object to reach browser.browserType().launch(...) and spawn an arbitrary executable on the probe host/container. This vulnerability is fixed in 10.0.20.

EPSS: 0.0%
πŸ”’ CVE CRITICAL CVSS: 9.9 β€’ March 10, 2026

CVE-2026-30887

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.18, OneUptime allows project members to run custom Playwright/JavaScript code via Synthetic Monitors to test websites. However, the system executes this untrusted user code inside the insecure Node.js vm module. By leveraging a standard prototype-chain escape (this.constructor.constructor), an attacker can bypass the sandbox, gain access to the underlying Node.js process object, and execute arbitrary system commands (RCE) on the oneuptime-probe container. Furthermore, because the probe holds database/cluster credentials in its environment variables, this directly leads to a complete cluster compromise. This vulnerability is fixed in 10.0.18.

EPSS: 0.1%
πŸ”’ CVE CRITICAL CVSS: 9.9 β€’ March 07, 2026

CVE-2026-30861

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. From version 0.2.5 to before version 0.2.10, an unauthenticated remote code execution (RCE) vulnerability exists in the MCP stdio configuration validation. The application allows unrestricted user registration, meaning any attacker can create an account and exploit the command injection flaw. Despite implementing a whitelist for allowed commands (npx, uvx) and blacklists for dangerous arguments and environment variables, the validation can be bypassed using the -p flag with npx node. This allows any attacker to execute arbitrary commands with the application's privileges, leading to complete system compromise. This issue has been patched in version 0.2.10.

EPSS: 0.2%
πŸ”’ CVE CRITICAL CVSS: 9.9 β€’ March 07, 2026

CVE-2026-30860

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a remote code execution (RCE) vulnerability exists in the application's database query functionality. The validation system fails to recursively inspect child nodes within PostgreSQL array expressions and row expressions, allowing attackers to bypass SQL injection protections. By smuggling dangerous PostgreSQL functions inside these expressions and chaining them with large object operations and library loading capabilities, an unauthenticated attacker can achieve arbitrary code execution on the database server with database user privileges. This issue has been patched in version 0.2.12.

EPSS: 0.2%
πŸ”’ CVE CRITICAL CVSS: 9.9 β€’ March 06, 2026

CVE-2026-29789

Vito is a self-hosted web application that helps manage servers and deploy PHP applications into production servers. Prior to version 3.20.3, a missing authorization check in workflow site-creation actions allows an authenticated attacker with workflow write access in one project to create/manage sites on servers belonging to other projects by supplying a foreign server_id. This issue has been patched in version 3.20.3.

EPSS: 0.1%
πŸ”’ CVE CRITICAL CVSS: 9.9 β€’ March 05, 2026

CVE-2026-28466

OpenClaw versions prior to 2026.2.14 contain a vulnerability in the gateway in which it fails to sanitize internal approval fields in node.invoke parameters, allowing authenticated clients to bypass exec approval gating for system.run commands. Attackers with valid gateway credentials can inject approval control fields to execute arbitrary commands on connected node hosts, potentially compromising developer workstations and CI runners.

EPSS: 0.1%
πŸ”’ CVE CRITICAL CVSS: 9.9 β€’ March 05, 2026

CVE-2026-24960

Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Charety charety allows Using Malicious Files.This issue affects Charety: from n/a through < 2.0.2.

EPSS: 0.0%
πŸ”’ CVE CRITICAL CVSS: 9.9 β€’ March 05, 2026

CVE-2026-22390

Improper Control of Generation of Code ('Code Injection') vulnerability in Builderall Builderall Builder for WordPress builderall-cheetah-for-wp allows Code Injection.This issue affects Builderall Builder for WordPress: from n/a through <= 3.0.1.

EPSS: 0.1%
πŸ”’ CVE CRITICAL CVSS: 9.9 β€’ March 05, 2026

CVE-2025-68555

Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Nutrie nutrie allows Upload a Web Shell to a Web Server.This issue affects Nutrie: from n/a through < 2.0.1.

EPSS: 0.0%
πŸ”’ CVE CRITICAL CVSS: 9.9 β€’ March 05, 2026

CVE-2025-68554

Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Keenarch keenarch allows Using Malicious Files.This issue affects Keenarch: from n/a through < 2.0.1.

EPSS: 0.0%