Lucene search
K

23 matches found

NVD
NVD
added 2 days ago5 views

CVE-2026-14794

A flaw has been found in Craft CMS up to 4.18.0.1. Affected by this vulnerability is the function actionGetNewUsersData of the file src/controllers/ChartsController.php of the component Charts Endpoint. This manipulation of the argument userGroupId causes improper authorization. The attack is...

5.3CVSS0.00222EPSS
Exploits0References6
NVD
NVD
added 2 days ago7 views

CVE-2026-14793

A vulnerability was detected in Craft CMS up to 4.18.0.1. Affected is the function actionReorderSets of the file src/controllers/GlobalsController.php of the component reorder-sets Endpoint. The manipulation results in authorization bypass. The attack can be executed remotely. Upgrading to versio...

5.3CVSS0.00224EPSS
Exploits0References6
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-14794 Craft CMS Charts Endpoint ChartsController.php actionGetNewUsersData improper authorization

A flaw has been found in Craft CMS up to 4.18.0.1. Affected by this vulnerability is the function actionGetNewUsersData of the file src/controllers/ChartsController.php of the component Charts Endpoint. This manipulation of the argument userGroupId causes improper authorization. The attack is...

5.3CVSS0.00222EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2 days ago5 views

CVE-2026-14794

A flaw has been found in Craft CMS up to 4.18.0.1. Affected by this vulnerability is the function actionGetNewUsersData of the file src/controllers/ChartsController.php of the component Charts Endpoint. This manipulation of the argument userGroupId causes improper authorization. The attack is...

5.3CVSS5.5AI score0.00222EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2 days ago10 views

CVE-2026-14794

Craft CMS vulnerability CVE-2026-14794 affects the Charts Endpoint (ChartsController.php, actionGetNewUsersData). The issue arises from input manipulation of userGroupId causing improper authorization, enabling a remote attack. Affected versions are Craft CMS up to 4.18.0.1; a fix is available in...

5.3CVSS5.5AI score0.00222EPSS
Exploits0References6
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-41804

A vulnerability was detected in Craft CMS up to 4.18.0.1. Affected is the function actionReorderSets of the file src/controllers/GlobalsController.php of the component reorder-sets Endpoint. The manipulation results in authorization bypass. The attack can be executed remotely. Upgrading to versio...

5.3CVSS5.7AI score0.00224EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/05/14 4:55 p.m.18 views

Critical: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.18.1 for Spring Boot release.

Red Hat build of Apache Camel 4.18.1 for Spring Boot patch release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

10CVSS7.3AI score0.10629EPSS
Exploits8References24
EUVD
EUVD
added 2026/04/27 9:42 a.m.7 views

EUVD-2026-25806

The Camel-Mail component is vulnerable to Camel message header injection. The custom header filter strategy used by the component MailHeaderFilterStrategy only filters the 'out' direction via setOutFilterStartsWith, while it does not configure the 'in' direction via setInFilterStartsWith. As a...

9.4CVSS5.3AI score0.00621EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/27 12:0 a.m.11 views

Apache Camel 安全漏洞

Apache Camel is an open-source integration framework based on the Enterprise Integration Pattern EIP, developed by the Apache Foundation in the United States. This framework provides implementations of Java objects following the EIP pattern, and routing and mediation rules are configured through...

10CVSS6.1AI score0.06157EPSS
Exploits2References1
Snyk
Snyk
added 2026/03/31 11:2 p.m.7 views

Arbitrary Code Injection

Overview lodash is a modern JavaScript utility library delivering modularity, performance, & extras. Affected versions of this package are vulnerable to Arbitrary Code Injection due the improper validation of options.imports key names in .template. An attacker can execute arbitrary code at templa...

9.8CVSS7.5AI score0.2241EPSS
Exploits2References2
Snyk
Snyk
added 2026/03/31 11:2 p.m.6 views

Arbitrary Code Injection

Overview lodash-amd is a Lodash exported as AMD modules. Affected versions of this package are vulnerable to Arbitrary Code Injection due the improper validation of options.imports key names in .template. An attacker can execute arbitrary code at template compilation time by injecting malicious...

9.8CVSS7.5AI score0.2241EPSS
Exploits2References2
Snyk
Snyk
added 2026/03/31 11:2 p.m.8 views

Arbitrary Code Injection

Overview lodash.template is a The Lodash method .template exported as a Node.js module. Affected versions of this package are vulnerable to Arbitrary Code Injection due the improper validation of options.imports key names in .template. An attacker can execute arbitrary code at template compilatio...

9.8CVSS7.5AI score0.2241EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.4 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003365)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003365 advisory. arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks...

5.5CVSS6.5AI score0.00551EPSS
Exploits0References21
Snyk
Snyk
added 2025/12/31 10:40 p.m.5 views

Improper Validation of Specified Quantity in Input

Overview pocketmine/pocketmine-mp is a highly customisable, open source server software for Minecraft: Bedrock Edition written in PHP Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input via improper validation in the handleNormalTransaction...

7.1CVSS6.8AI score0.0036EPSS
Exploits0References2
NVD
NVD
added 2025/12/31 10:15 p.m.34 views

CVE-2023-7332

PocketMine-MP versions prior to 4.18.1 contain an improper input validation vulnerability in inventory transaction handling. A remote attacker with a valid player session can request that the server drop more items than are available in the player's hotbar, triggering a server crash and resulting...

7.1CVSS0.0036EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-4517

Malicious code in bioql PyPI...

8.4CVSS6.3AI score0.00459EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2025/03/14 2:57 a.m.4 views

SUSE CVE-2025-27088

oxyno-zeta/s3-proxy is an aws s3 proxy written in go. In affected versions a Reflected Cross-site Scripting XSS vulnerability enables attackers to create malicious URLs that, when visited, inject scripts into the web application. This can lead to session hijacking or phishing attacks on a trusted...

8.2CVSS6.1AI score0.00459EPSS
Exploits1References2
CVE
CVE
added 2025/02/20 10:33 p.m.90 views

CVE-2025-27088

The CVE-2025-27088 issue affects oxyno-zeta/s3-proxy (Go) and is caused by rendering the Request.URL.Path into HTML in the folder-list template without proper sanitization, enabling reflected XSS via crafted URLs. Public advisories state that affected versions are vulnerable to script injection, ...

8.4CVSS5.5AI score0.00459EPSS
Exploits1References3Affected Software1
OpenVAS
OpenVAS
added 2024/09/10 12:0 a.m.15 views

Fedora: Security Advisory (FEDORA-2023-8892fc09e9)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.7CVSS7.1AI score0.00719EPSS
Exploits0References7
OSV
OSV
added 2024/06/15 12:0 a.m.21 views

OPENSUSE-SU-2024:12831-1 ctdb-4.18.1+git.298.4ccf830b2a4-1.1 on GA media

These are all security issues fixed in the ctdb-4.18.1+git.298.4ccf830b2a4-1.1 package on the GA media of openSUSE Tumbleweed...

7.7CVSS6.1AI score0.00719EPSS
Exploits0References3
Rows per page
Query Builder