Latest CVE Feed
Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. From version 0.2.5 to before version 0.2.10, an unauthenticated remote code execution (RCE) vulner…
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a remote code execution (RCE) vulnerability exists in the application's d…
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a broken access control vulnerability in the database query tool allows a…
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a DNS rebinding vulnerability in the web_fetch tool allows an unauthentica…
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a cross-tenant authorization bypass in the knowledge base copy endpoint al…
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a vulnerability involving tool name collision and indirect prompt injecti…
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.2, an authorization bypass in tenant management endpoints of WeKnora applicat…
Caddy is an extensible server platform that uses TLS by default. From version 2.10.0 to before version 2.11.2, forward_auth copy_headers does not strip client-supplied headers, allowing identity inje…
Caddy is an extensible server platform that uses TLS by default. From version 2.7.5 to before version 2.11.2, the vars_regexp matcher in vars.go:337 double-expands user-controlled input through the C…
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. From version 9.3.1-alpha.3 to before version 9.5.0-alpha.10, when graphQLPublicIntrospection is…
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.9 and 9.5.0-alpha.9, the file metadata endpoint (GET /files/:appId/metada…
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.8 and 9.5.0-alpha.8, the PagesRouter static file serving route is vulnera…
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.10 and 9.5.0-alpha.11, the Google, Apple, and Facebook authentication ada…
A weakness has been identified in Freedom Factory dGEN1 up to 20260221. This affects the function AndroidEthereum of the component org.ethosmobile.webpwaemul. This manipulation causes improper access…
A security flaw has been discovered in Freedom Factory dGEN1 up to 20260221. The impacted element is the function FakeAppService of the component org.ethosmobile.ethoslauncher. The manipulation resul…
A vulnerability was identified in xlnt-community xlnt up to 1.6.1. The affected element is the function xlnt::detail::xlsx_consumer::read_office_document of the file source/detail/serialization/xlsx_…
league/commonmark is a PHP Markdown parser. Prior to version 2.8.1, the DisallowedRawHtml extension can be bypassed by inserting a newline, tab, or other ASCII whitespace character between a disallow…
PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. Prior to version 0.7.7, a Server-Side Request Forgery (SSRF) vulnerability in the /download endpoint al…
Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.4, an authenticated SSH user can force the server to make HTTP requests to internal/private IP…
mcp-memory-service is an open-source memory backend for multi-agent systems. Prior to version 10.21.0, the /api/health/detailed endpoint returns detailed system information including OS version, Pyth…