Lucene search
+L

1875 matches found

cve
cve
added 2 days ago10 views

CVE-2026-52892

Summary: CVE-2026-52892 affects Wekan, an open‑source Kanban app built on Meteor. Before version 9.32, REST handlers in server/models/customFields.js checked read‑level access (Authentication.checkBoardAccess) for mutating custom-field routes, instead of write‑level access (Authentication.checkBo...

6.5CVSS6.1AI score0.00259EPSS
Exploits0References3
nvd
nvd
added 2 days ago5 views

CVE-2026-61440

PraisonAI Platform before 0.1.9 fails to properly authorize label and issue-label mutations, allowing workspace members to rename and recolor shared labels and add or remove labels on owner-created issues. Attackers with workspace member privileges can exploit PATCH and POST/DELETE endpoints to...

7.1CVSS0.00213EPSS
Exploits0References3
cvelist
cvelist
added 4 days ago34 views

CVE-2026-62197 OpenClaw < 2026.6.6 Policy Bypass via CDP Discovery

OpenClaw before 2026.6.6 contains a policy bypass vulnerability in browser CDP discovery that accepts blocked WebSocket URLs. Attackers with lower-trust access can reach network destinations that should have been blocked by OpenClaw policy when the affected feature is enabled...

8.5CVSS0.00199EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/07/10 12:0 a.m.7 views

PT-2026-57187

Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions prior to 2026.1.2 Description Improper permission checks allow for unauthorized modification of pipelines. Recommendations Update to version 2026.1.2...

8.1CVSS6.1AI score0.00248EPSS
Exploits0References4
cvelist
cvelist
added 2026/07/09 3:51 p.m.32 views

CVE-2026-59214 Open WebUI: Stored web worker XSS via Pyodide

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, Open WebUI runs client-side Python with Pyodide in a same-origin web worker, allowing stored chat payloads that use pyodide.http.pyfetch or the js module fetch and XMLHttpRequest APIs to issue...

7.3CVSS0.00285EPSS
Exploits0References1
euvd
euvd
added 2026/07/09 10:33 a.m.8 views

EUVD-2026-42578

Out-of-bounds read, Reachable assertion vulnerability in Samsung Open Source Escargot allows Overread Buffers, Input Data Manipulation. This issue affects Escargot: before 2dee22f5c7b8bf31cb7252d7731fae8c07f2842c...

6.1CVSS5.9AI score0.00107EPSS
Exploits0References2
cve
cve
added 2026/07/08 10:36 p.m.14 views

CVE-2026-15128

CVE-2026-15128 concerns an inappropriate implementation in Forms in Google Chrome prior to 150.0.7871.115 that could allow a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. The Chrome stable update notes indicate the fix was delivered in the 150.0.7871.114/115 ...

6.1CVSS6.1AI score0.00139EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/07/08 10:35 p.m.7 views

CVE-2026-15108

Integer overflow in Extensions API in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted Chrome Extension. Chromium security severity: High...

6AI score0.00125EPSS
Exploits0References3Affected Software1
osv
osv
added 2026/07/08 1:16 p.m.3 views

UBUNTU-CVE-2026-14454

Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed. Imager mishandled large EXIF IFD entry count values, treating them as negative numbers. This could lead to an attempt to allocate a block nearly the size of the address space, which fails and kills the process. ...

9.8CVSS6.1AI score0.00394EPSS
Exploits0References3
nvd
nvd
added 2026/07/07 8:16 a.m.12 views

CVE-2026-7380

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in Armiya Information Technologies Ltd. Co. Access Control System GKS allows XSS Targeting HTML Attributes. This issue affects Access Control System GKS: before Version 2...

6.1CVSS0.00149EPSS
Exploits0References1
cve
cve
added 2026/07/07 7:25 a.m.14 views

CVE-2026-8377

CVE-2026-8377 affects Armiya Information Technologies Ltd. Co. Access Control System (GKS) prior to version 2. The vulnerability is described as Missing/Improper Authorization allowing data collection from common resource locations. According to the connected records, the issue enables network-ba...

8.2CVSS5.9AI score0.00198EPSS
Exploits0References1
cvelist
cvelist
added 2026/07/07 7:25 a.m.34 views

CVE-2026-8377 Improper Authorization in Armiya Technologies' Access Control System

Missing Authorization vulnerability in Armiya Information Technologies Ltd. Co. Access Control System GKS allows Collect Data from Common Resource Locations. This issue affects Access Control System GKS: before Version 2...

8.2CVSS0.00198EPSS
Exploits0References1
cve
cve
added 2026/07/07 7:2 a.m.14 views

CVE-2026-8306

CVE-2026-8306 describes a Stored XSS in Armiya Information Technologies Ltd. Co. Access Control System (GKS) prior to version 2, caused by improper neutralization of input during web page generation. The vulnerability allows stored cross-site scripting in the GKS web interface. CVSS3.1 base score...

6.1CVSS5.9AI score0.00149EPSS
Exploits0References1
euvd
euvd
added 2026/07/07 7:2 a.m.8 views

EUVD-2026-42017

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Armiya Information Technologies Ltd. Co. Access Control System GKS allows Stored XSS. This issue affects Access Control System GKS: before Version 2...

6.1CVSS5.9AI score0.00149EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/07/07 7:2 a.m.5 views

CVE-2026-8306

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Armiya Information Technologies Ltd. Co. Access Control System GKS allows Stored XSS. This issue affects Access Control System GKS: before Version 2...

6.1CVSS5.9AI score0.00149EPSS
Exploits0References2
cvelist
cvelist
added 2026/07/07 7:2 a.m.32 views

CVE-2026-8306 Stored XSS in Armiya Technologies' Access Control System

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Armiya Information Technologies Ltd. Co. Access Control System GKS allows Stored XSS. This issue affects Access Control System GKS: before Version 2...

6.1CVSS0.00149EPSS
Exploits0References1
cve
cve
added 2026/07/07 6:57 a.m.13 views

CVE-2026-7380

The CVE-2026-7380 entry concerns Armiya Information Technologies Ltd. Co. Access Control System (GKS). It describes an improper neutralization of Script-Related HTML tags in a web page, enabling basic HTML attribute-based XSS. Affected: GKS Access Control System before version 2. The vulnerabilit...

6.1CVSS5.9AI score0.00149EPSS
Exploits0References1
euvd
euvd
added 2026/07/07 6:57 a.m.8 views

EUVD-2026-42016

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in Armiya Information Technologies Ltd. Co. Access Control System GKS allows XSS Targeting HTML Attributes. This issue affects Access Control System GKS: before Version 2...

6.1CVSS5.9AI score0.00149EPSS
Exploits0References1
nvd
nvd
added 2026/07/07 4:17 a.m.10 views

CVE-2026-42143

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, user-controlled persistent volume names are interpolated into shell commands executed on managed servers without escaping or validation, allowing an authenticated member to...

8.8CVSS0.00435EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/07/07 12:0 a.m.14 views

PT-2026-56173

Name of the Vulnerable Software and Affected Versions PcVue versions prior to 17.0.0 Description Credentials for built-in users are stored insecurely within the User directory of projects. This allows a local attacker to retrieve these credentials. Active Directory accounts are not affected by th...

6.8CVSS6.1AI score0.00092EPSS
Exploits0References9
Rows per page
Query Builder