144482 matches found
CVE-2026-55516
creationtimestamp| type| source ---|---|--- 2026-07-10 20:56:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqczwdg25w26 2026-07-11 01:07:42+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdhxyfvrz2y 2026-07-11 17:00:47+00:00| seen|...
GHSA-V853-W46P-FV2H vulnerabilities
Vulnerabilities for packages: apache-tomee, geoserver...
CVE-2026-55479 Snipe-IT: Incorrect permission for legacy license checkin API
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the legacy single-seat license checkin flow authorizes the action with the checkout permission instead of the checkin permission, allowing a user who can assign licenses but not unassign them to directly access the old checkin...
CVE-2026-55479 Snipe-IT: Incorrect permission for legacy license checkin API
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the legacy single-seat license checkin flow authorizes the action with the checkout permission instead of the checkin permission, allowing a user who can assign licenses but not unassign them to directly access the old checkin...
MINI-P4PJ-365H-PJ4H
Bulletin has no description...
MINI-X7M2-2HCR-MMGM
Bulletin has no description...
MINI-42C5-M8RR-5442
Bulletin has no description...
MINI-J883-C844-MCC6
Bulletin has no description...
MINI-84HQ-MFVC-3Q8M
Bulletin has no description...
CVE-2026-61460
Krayin CRM through 2.2.3 contains an insecure direct object reference vulnerability in LeadController, PersonController, OrganizationController, QuoteController, and ActivityController that allows authenticated users to edit, update, or delete records owned by other users. Attackers can modify CR...
CVE-2026-59151
Prowler is a cloud security platform. Prior to 5.30.3, Prowler's SAML authentication flow trusted the email domain asserted in a SAMLResponse when deciding which tenant should receive the final token, and the ACS finish logic in api/src/backend/api/v1/views.py recalculated the tenant from...
CVE-2026-59151 Prowler: SAML Domain Claiming Enables Cross-Tenant Account Takeover
Prowler is a cloud security platform. Prior to 5.30.3, Prowler's SAML authentication flow trusted the email domain asserted in a SAMLResponse when deciding which tenant should receive the final token, and the ACS finish logic in api/src/backend/api/v1/views.py recalculated the tenant from...
CVE-2026-55672 ZITADEL: Missing client_id binding in OIDC authorization code exchange and refresh token flows (RFC 6749 Section 4.1.3 violation)
ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's OAuth2 and OIDC CodeExchange, RefreshToken, and device token flows fail to verify that the requesting client matches the client that initiated the authorization flow, allowing intercepted grants or refre...
CVE-2026-61437
creationtimestamp| type| source ---|---|--- 2026-07-10 16:42:30+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqclqmets62x 2026-07-10 20:16:10+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqcxopggxy27 2026-07-10 23:31:15+00:00| seen|...
CVE-2026-59190 Grav Admin Plugin — IDOR Privilege Escalation via saveUser()
grav-plugin-admin is an HTML user interface that provides a way to configure Grav and create and modify pages. In 1.10.52 and earlier, an authenticated attacker with admin.users permission can change the password of any user account, including the super administrator, by sending a direct POST...
CVE-2026-61441
PraisonAI Platform praisonai-platform before 0.1.9 improperly authorizes deletion of issue dependencies. The DELETE dependency route accepts either endpoint of a dependency edge and checks delete permission only against the caller-selected URL issue. A workspace member who cannot delete a...
CVE-2026-46388 osquery: Unprivileged users can temporarily read file carve contents
osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, an unprivileged attacker can read the contents of an osquery file carve until the carve completes and the temporary files are deleted because in-progress carve directories are not...
OPENSUSE-SU-2026:21303-1 Security update for gsasl
This update for gsasl fixes the following issue - CVE-2026-56968: improper sanitization of a short challenge in gsaslntlmclientstep of the NTLM client can lead to memory disclosure bsc1268885...
CVE-2026-61441
PraisonAI Platform before version 0.1.9 suffers an authorization bypass in the DELETE dependency endpoint: the route validates permissions against the caller-selected URL issue but allows deletion via a member-owned issue endpoint if the dependency edge is related to a member, bypassing owner/adm...
EUVD-2026-42893
n8n before 2.28.0 and before 1.123.58 on the 1.x branch contains a disk space exhaustion vulnerability in the data-table file upload endpoint. The per-request quota check does not account for files already written to the shared temporary directory, allowing an authenticated user to repeatedly...