Lucene search
+L

144482 matches found

circl
circl
added last week8 views

CVE-2026-55516

creationtimestamp| type| source ---|---|--- 2026-07-10 20:56:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqczwdg25w26 2026-07-11 01:07:42+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdhxyfvrz2y 2026-07-11 17:00:47+00:00| seen|...

7.7CVSS6.1AI score0.00218EPSS
Exploits0References4
cgr
cgr
added last week9 views

GHSA-V853-W46P-FV2H vulnerabilities

Vulnerabilities for packages: apache-tomee, geoserver...

6.1AI score
Exploits0
cvelist
cvelist
added last week31 views

CVE-2026-55479 Snipe-IT: Incorrect permission for legacy license checkin API

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the legacy single-seat license checkin flow authorizes the action with the checkout permission instead of the checkin permission, allowing a user who can assign licenses but not unassign them to directly access the old checkin...

5.3CVSS0.0019EPSS
Exploits0References3
osv
osv
added last week3 views

CVE-2026-55479 Snipe-IT: Incorrect permission for legacy license checkin API

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the legacy single-seat license checkin flow authorizes the action with the checkout permission instead of the checkin permission, allowing a user who can assign licenses but not unassign them to directly access the old checkin...

5.3CVSS6.1AI score0.0019EPSS
Exploits0References5
osv
osv
added last week1 views

MINI-P4PJ-365H-PJ4H

Bulletin has no description...

9.1CVSS6.1AI score0.00466EPSS
Exploits0
osv
osv
added last week1 views

MINI-X7M2-2HCR-MMGM

Bulletin has no description...

5.3CVSS6.5AI score0.00484EPSS
Exploits0
osv
osv
added last week2 views

MINI-42C5-M8RR-5442

Bulletin has no description...

9.1CVSS6.2AI score0.06197EPSS
Exploits0
osv
osv
added last week1 views

MINI-J883-C844-MCC6

Bulletin has no description...

7.8CVSS6.1AI score0.00183EPSS
Exploits0
osv
osv
added last week3 views

MINI-84HQ-MFVC-3Q8M

Bulletin has no description...

7.8CVSS6.1AI score0.00183EPSS
Exploits0
nvd
nvd
added last week7 views

CVE-2026-61460

Krayin CRM through 2.2.3 contains an insecure direct object reference vulnerability in LeadController, PersonController, OrganizationController, QuoteController, and ActivityController that allows authenticated users to edit, update, or delete records owned by other users. Attackers can modify CR...

8.8CVSS0.0028EPSS
Exploits0References3
nvd
nvd
added last week11 views

CVE-2026-59151

Prowler is a cloud security platform. Prior to 5.30.3, Prowler's SAML authentication flow trusted the email domain asserted in a SAMLResponse when deciding which tenant should receive the final token, and the ACS finish logic in api/src/backend/api/v1/views.py recalculated the tenant from...

9.6CVSS0.00296EPSS
Exploits0References5
cvelist
cvelist
added last week35 views

CVE-2026-59151 Prowler: SAML Domain Claiming Enables Cross-Tenant Account Takeover

Prowler is a cloud security platform. Prior to 5.30.3, Prowler's SAML authentication flow trusted the email domain asserted in a SAMLResponse when deciding which tenant should receive the final token, and the ACS finish logic in api/src/backend/api/v1/views.py recalculated the tenant from...

9.6CVSS0.00296EPSS
Exploits0References5
cvelist
cvelist
added last week29 views

CVE-2026-55672 ZITADEL: Missing client_id binding in OIDC authorization code exchange and refresh token flows (RFC 6749 Section 4.1.3 violation)

ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's OAuth2 and OIDC CodeExchange, RefreshToken, and device token flows fail to verify that the requesting client matches the client that initiated the authorization flow, allowing intercepted grants or refre...

7.4CVSS0.00276EPSS
Exploits0References5
circl
circl
added last week6 views

CVE-2026-61437

creationtimestamp| type| source ---|---|--- 2026-07-10 16:42:30+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqclqmets62x 2026-07-10 20:16:10+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqcxopggxy27 2026-07-10 23:31:15+00:00| seen|...

8.5CVSS6.1AI score0.00129EPSS
Exploits0References4
osv
osv
added last week3 views

CVE-2026-59190 Grav Admin Plugin — IDOR Privilege Escalation via saveUser()

grav-plugin-admin is an HTML user interface that provides a way to configure Grav and create and modify pages. In 1.10.52 and earlier, an authenticated attacker with admin.users permission can change the password of any user account, including the super administrator, by sending a direct POST...

8.7CVSS6.1AI score0.00215EPSS
Exploits0References4
nvd
nvd
added last week6 views

CVE-2026-61441

PraisonAI Platform praisonai-platform before 0.1.9 improperly authorizes deletion of issue dependencies. The DELETE dependency route accepts either endpoint of a dependency edge and checks delete permission only against the caller-selected URL issue. A workspace member who cannot delete a...

7.1CVSS0.00239EPSS
Exploits0References3
osv
osv
added last week4 views

CVE-2026-46388 osquery: Unprivileged users can temporarily read file carve contents

osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, an unprivileged attacker can read the contents of an osquery file carve until the carve completes and the temporary files are deleted because in-progress carve directories are not...

4.4CVSS6.2AI score0.00094EPSS
Exploits0References6
osv
osv
added last week2 views

OPENSUSE-SU-2026:21303-1 Security update for gsasl

This update for gsasl fixes the following issue - CVE-2026-56968: improper sanitization of a short challenge in gsaslntlmclientstep of the NTLM client can lead to memory disclosure bsc1268885...

5.3CVSS6.1AI score0.00241EPSS
Exploits1References2
cve
cve
added last week8 views

CVE-2026-61441

PraisonAI Platform before version 0.1.9 suffers an authorization bypass in the DELETE dependency endpoint: the route validates permissions against the caller-selected URL issue but allows deletion via a member-owned issue endpoint if the dependency edge is related to a member, bypassing owner/adm...

7.1CVSS6.1AI score0.00239EPSS
Exploits0References3
euvd
euvd
added last week9 views

EUVD-2026-42893

n8n before 2.28.0 and before 1.123.58 on the 1.x branch contains a disk space exhaustion vulnerability in the data-table file upload endpoint. The per-request quota check does not account for files already written to the shared temporary directory, allowing an authenticated user to repeatedly...

5.3CVSS6.1AI score0.00225EPSS
Exploits0References2
Rows per page
Query Builder