Lucene search
K

74 matches found

CVE
CVE
added 5 days ago6 views

CVE-2026-59226

Open WebUI vulnerability CVE-2026-59226 affects versions prior to 0.10.0 of the Open WebUI platform. The issue stems from execute_automation rehydrating automation owners without rechecking that they were still active or had features.automations, and from check_model_access only enforcing private...

4.3CVSS6AI score0.00303EPSS
Exploits0References4Affected Software1
CVE
CVE
added 6 days ago7 views

CVE-2026-59805

Gumroad before 2026.07.06.2 contains a broken access control vulnerability in the PurchasesController. Authenticated sellers can manipulate purchase access for other sellers' products by issuing PUT requests to revoke_access and undo_revoke_access without validating ownership. This lets attackers...

7.1CVSS6.1AI score0.0022EPSS
Exploits0References5
Snyk
Snyk
added 2026/07/03 10:18 p.m.4 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the Notification API after access revocation. An attacker can obtain unauthorized access to private issue metadata by querying the API after their access has been revoked. Remediation Upgrade...

7.5CVSS5.9AI score0.00298EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:18 p.m.5 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the Notification API after access revocation. An attacker can obtain unauthorized access to private issue metadata by querying the API after their access has been revoked. Remediation Upgrade...

7.5CVSS5.9AI score0.00298EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:18 p.m.5 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the Notification API after access revocation. An attacker can obtain unauthorized access to private issue metadata by querying the API after their access has been revoked. Remediation Upgrade...

7.5CVSS5.9AI score0.00298EPSS
Exploits0References2
NVD
NVD
added 2026/07/03 9:17 p.m.8 views

CVE-2026-58419

Notification API leaks private issue metadata after access revocation...

7.5CVSS0.00298EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:54 p.m.7 views

CVE-2026-58419

Notification API leaks private issue metadata after access revocation...

5.9AI score0.00298EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/07/03 8:54 p.m.19 views

CVE-2026-58419

CVE-2026-58419 affects the Go-Gitea project where the Notification API can leak private issue metadata after access revocation. The Snyk notes describe Information Exposure in multiple internal components of the Gitea web feed/routers, convert, and git modules, with affected code paths in the Not...

7.5CVSS5.9AI score0.00298EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/03 8:54 p.m.40 views

CVE-2026-58419 Notification API leaks private issue metadata after access revocation

Notification API leaks private issue metadata after access revocation...

0.00298EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.13 views

PT-2026-55653

Name of the Vulnerable Software and Affected Versions Notification API affected versions not specified Description The Notification API leaks private issue metadata after access has been revoked. Recommendations At the moment, there is no information about a newer version that contains a fix for...

7.5CVSS5.9AI score0.00298EPSS
Exploits0References11
Cvelist
Cvelist
added 2026/06/26 7:41 p.m.27 views

CVE-2026-53322 vfio/pci: Clean up DMABUFs before disabling function

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Clean up DMABUFs before disabling function On device shutdown, make vfiopcicoreclosedevice call vfiopcidmabufcleanup before the function is disabled via vfiopcicoredisable. This ensures that all access via DMABUFs is...

8.8CVSS0.00182EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/26 7:41 p.m.7 views

CVE-2026-53322

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Clean up DMABUFs before disabling function On device shutdown, make vfiopcicoreclosedevice call vfiopcidmabufcleanup before the function is disabled via vfiopcicoredisable. This ensures that all access via DMABUFs is...

8.8CVSS5.7AI score0.00182EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.9 views

CVE-2026-34744

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior permit a user to list and download their own attachments from an Issue created by another user even after it becomes private, bypassing read access revocation. The loss of confidentiality caused by this...

5.3CVSS5.3AI score0.00362EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/01 10:3 p.m.14 views

CVE-2026-48811

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, FreeScout allows a non-admin user to permanently delete an internal note private thread from any conversation, even after that user's access to the mailbox containing the conversation has been...

4.3CVSS5.7AI score0.00155EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/25 8:40 a.m.18 views

CVE-2026-33381

A flaw was found in Grafana. When a user's access to mint tokens for a service account is revoked, the system may temporarily allow the user to continue minting tokens for a few seconds. This could lead to a temporary bypass of access control, potentially enabling unauthorized actions if the toke...

8.1CVSS5.6AI score0.00245EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/21 8:35 p.m.13 views

NocoDB: Shared-base link access can invite arbitrary users as persistent base members

Summary Shared-base sessions were granted the same base-member capabilities as authenticated viewers. Using only the shared-base UUID xc-shared-base-id, an attacker could enumerate base members and invite an arbitrary email into the base as a real member. The invited user could then redeem the...

5.8CVSS5.9AI score0.00296EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/19 11:17 p.m.40 views

CVE-2026-34970 MantisBT Bugnote Revision Page Leaks Private Issue Metadata After Issue Access Is Revoked

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior allow a bugnote author to access the note's Revisions page after losing access to the parent private issue. This issue has been fixed in version 2.28.2...

5.3CVSS0.00372EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/19 11:17 p.m.7 views

CVE-2026-34970 MantisBT Bugnote Revision Page Leaks Private Issue Metadata After Issue Access Is Revoked

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior allow a bugnote author to access the note's Revisions page after losing access to the parent private issue. This issue has been fixed in version 2.28.2...

5.3CVSS5.7AI score0.00372EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/15 1:59 a.m.14 views

SUSE CVE-2026-33381

When a user's access to mint tokens for a service account is revoked, it is sometimes still possible to do so for a few seconds after the event. The user will eventually lose access to do this...

5.9CVSS5.8AI score0.00245EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/13 9:32 p.m.11 views

EUVD-2026-30146

When a user's access to mint tokens for a service account is revoked, it is sometimes still possible to do so for a few seconds after the event. The user will eventually lose access to do this...

5.9CVSS5.8AI score0.00245EPSS
Exploits0References2
Rows per page
Query Builder