Lucene search
K

161571 matches found

Snyk
Snyk
added 2026/05/04 7:26 p.m.10 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the errors middleware process. An attacker can obtain sensitive authentication headers, such as Authorization and Cookie, by triggering a backend response that matches the configured...

6.9CVSS5.8AI score0.00445EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/04 7:21 p.m.7 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation in the metadata field processing. An attacker can rename, move, or change permissions of files within the container by submitting specially crafted tag names such as System:FileName, System:Directory, or...

8.8CVSS5.9AI score0.00347EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/04 7:21 p.m.5 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation in the metadata field processing. An attacker can rename, move, or change permissions of files within the container by submitting specially crafted tag names such as System:FileName, System:Directory, or...

8.8CVSS5.9AI score0.00347EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2026/05/04 7:17 p.m.92 views

Exploit for Missing Authentication for Critical Function in Cpanel

A recente vulnerabilidade CVE-2026-41940 trouxe grande preocupaç...

9.8CVSS6AI score0.981EPSS
Exploits64
NVD
NVD
added 2026/05/04 7:16 p.m.12 views

CVE-2026-42231

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the xml2js library used to parse XML request bodies in n8n's webhook handler allowed prototype pollution via a crafted XML payload. An authenticated user with permission to create or modi...

9.4CVSS0.00851EPSS
Exploits1References1
OSV
OSV
added 2026/05/04 7:8 p.m.6 views

GHSA-C839-4QXR-J4X3 Incus has an OVN TLS Verification that Accepts Peer-Supplied Roots

Summary Broken TLS validation logic in the OVN database connection logic could allow connections to an attacker's OVN database. OVN uses mTLS for authentication, so the attacker cannot actually perform a full man in the middle attack as they won't be able to authenticated with the real OVN...

2.3CVSS5.8AI score0.00173EPSS
Exploits1References7
Snyk
Snyk
added 2026/05/04 7:8 p.m.7 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication in the OVN database connection process. An attacker can gain unauthorized access to sensitive network configuration data by presenting a rogue self-signed certificate chain during the TLS handshake, which is...

4.8CVSS5.8AI score0.00173EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/04 7:8 p.m.10 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication in the OVN database connection process. An attacker can gain unauthorized access to sensitive network configuration data by presenting a rogue self-signed certificate chain during the TLS handshake, which is...

4.8CVSS5.8AI score0.00173EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/04 7:8 p.m.6 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication in the OVN database connection process. An attacker can gain unauthorized access to sensitive network configuration data by presenting a rogue self-signed certificate chain during the TLS handshake, which is...

4.8CVSS5.8AI score0.00173EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2026/05/04 6:30 p.m.8 views

org.apache.polaris:polaris-extensions-auth-opa-tests (>=1.3.0-incubating <=1.4.0), org.apache.polaris:polaris-runtime-spark-tests (>=1.0.0-incubating <=1.4.0) +3 more potentially affected by CVE-2026-42812 via org.apache.polaris:polaris-runtime-service (>=1.0.0-incubating <=1.4.0)

org.apache.polaris:polaris-runtime-service MAVEN version =1.0.0-incubating, =1.3.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.4.0 Source cves: CVE-2026-42812 Source advisory: OSV:GHSA-W76P-3CGP-QFCM...

9.9CVSS5.8AI score0.00364EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/04 6:26 p.m.3 views

CVE-2026-42227

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with a valid API key scoped to variable:list could read variables from projects they are not a member of by supplying an arbitrary projectId query parameter to the public API...

6CVSS5.8AI score0.00203EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/04 6:26 p.m.24 views

CVE-2026-42227

The CVE affects n8n (open source workflow automation) prior to versions 1.123.32, 2.17.4, and 2.18.1. An authenticated user with a valid API key scoped to variable:list could read variables from projects they are not a member of by supplying a projectId to the public API variables endpoint. The h...

6.5CVSS5.8AI score0.00203EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/04 6:26 p.m.6 views

CVE-2026-42226

n8n is an open source workflow automation platform. Prior to versions 1.123.33 and 2.17.5, the dynamic-node-parameters endpoints did not verify whether the authenticated caller was authorized to use a supplied credential reference. An authenticated user with access to a shared workflow could supp...

7.1CVSS5.9AI score0.0026EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/05/04 6:16 p.m.9 views

CVE-2026-42092

titra is an open source time tracking project. In version 0.99.52, the globalsettings Meteor publication returns all global settings without any admin or role check. Any authenticated user can subscribe via DDP and receive sensitive configuration fields such as googlesecret, openaiapikey, and...

6.5CVSS0.00219EPSS
Exploits0References1
NVD
NVD
added 2026/05/04 6:16 p.m.6 views

CVE-2026-32834

Easy PayPal Events & Tickets plugin for WordPress before version 1.4 contains a hardcoded authentication bypass vulnerability in the QR code scanning functionality that allows unauthenticated remote attackers to bypass hash verification by supplying 'test' as the hash parameter. Attackers can...

8.7CVSS0.00448EPSS
Exploits0References3
NVD
NVD
added 2026/05/04 6:16 p.m.7 views

CVE-2026-0073

In adbdtlsverifycert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead to remote proximal/adjacent code execution as the shell user with no additional execution privileges needed. User interaction is not needed for...

8.8CVSS0.00541EPSS
Exploits12References1
Cvelist
Cvelist
added 2026/05/04 6:0 p.m.33 views

CVE-2026-0073

In adbdtlsverifycert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead to remote proximal/adjacent code execution as the shell user with no additional execution privileges needed. User interaction is not needed for...

0.00541EPSS
Exploits12References1
Vulnrichment
Vulnrichment
added 2026/05/04 6:0 p.m.5 views

CVE-2026-0073

In adbdtlsverifycert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead to remote proximal/adjacent code execution as the shell user with no additional execution privileges needed. User interaction is not needed for...

6.2AI score0.00541EPSS
Exploits12References1
ATTACKERKB
ATTACKERKB
added 2026/05/04 6:0 p.m.8 views

CVE-2026-0073

In adbdtlsverifycert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead to remote proximal/adjacent code execution as the shell user with no additional execution privileges needed. User interaction is not needed for...

8.8CVSS6.2AI score0.00541EPSS
Exploits12References2Affected Software1
EUVD
EUVD
added 2026/05/04 6:0 p.m.9 views

EUVD-2026-27041

In adbdtlsverifycert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead to remote proximal/adjacent code execution as the shell user with no additional execution privileges needed. User interaction is not needed for...

8.8CVSS6.2AI score0.00541EPSS
Exploits12References1
Rows per page
Query Builder