Lucene search
K

61341 matches found

Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.12 views

PT-2026-49073

Name of the Vulnerable Software and Affected Versions abrt-dbus affected versions not specified Description A time-of-check time-of-use TOCTOU race condition exists in the SetElement method of the abrt-dbus D-Bus service. A TOCTOU race condition occurs when a program checks a condition such as a...

7.8CVSS5.6AI score0.00103EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.14 views

PT-2026-49092

Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.5 Description The KVM/QEMU monitoring engine in the glances/plugins/vms/engines/virsh.py file fails to sanitize VM domain names retrieved from the virsh list --all output. These names are passed into f-string...

7.8CVSS6.3AI score0.00213EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/13 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-54228

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A time-of-check time-of-use TOCTOU race condition was found in the abrt-dbus D-Bus service's SetElement method. Between dump directory creation and post-create...

7.8CVSS5.6AI score0.00103EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/12 11:9 p.m.8 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition via the shell wrapper argv. An attacker can execute unauthorized commands by modifying command arguments after allowlist approval but befor...

8.8CVSS5.5AI score0.00982EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/12 11:9 p.m.8 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition via the system.run safe-bin allowlist validation. An attacker can access arbitrary files and expose sensitive configuration data by injecti...

8.3CVSS5.5AI score0.00191EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 10:16 p.m.11 views

CVE-2026-47120

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks no ownership check. This issue has been patched in version 2.0.8...

7.1CVSS0.00261EPSS
Exploits0References1
OSV
OSV
added 2026/06/12 9:53 p.m.7 views

GHSA-J9JX-HP4C-GHHH File Browser has incorrect access control for public directory shares via rule path rebasing

Summary File Browser's public share handlers rebase the share owner's filesystem root to the shared directory and then evaluate descendant paths against the owner's global and per-user rules using the rebased relative path instead of the original path relative to the owner's scope. As a result, a...

7.5CVSS5.6AI score0.00471EPSS
Exploits0References4
NVD
NVD
added 2026/06/12 9:16 p.m.9 views

CVE-2026-54394

MISP contains a path traversal vulnerability in OrganisationsController::getOrgLogo. The vulnerable code builds organisation logo file paths using organisation-controlled fields such as id, name, and uuid without ensuring that the resolved file remains inside the intended APP/files/img/orgs/...

5.3CVSS0.00319EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/12 9:7 p.m.14 views

File Browser: Improper Access Control Occurs via Pre-Created Public Share for a Non-existent Path

Summary This is similar vulnrability of CVE-2026-0035, which was fixed in Android MediaProvider with high severity. In the original Java issue, MediaStore.createWriteRequest accepted attacker-controlled URIs and created a future grant even when the referenced media item did not exist yet. The...

8.4CVSS5.5AI score0.00175EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2026/06/12 9:7 p.m.5 views

GHSA-3Q2P-72CJ-682C File Browser: Improper Access Control Occurs via Pre-Created Public Share for a Non-existent Path

Summary This is similar vulnrability of CVE-2026-0035, which was fixed in Android MediaProvider with high severity. In the original Java issue, MediaStore.createWriteRequest accepted attacker-controlled URIs and created a future grant even when the referenced media item did not exist yet. The...

7.1CVSS5.6AI score0.00175EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/12 9:2 p.m.7 views

CVE-2026-47120 Nezha Monitoring: RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks (no ownership check)

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks no ownership check. This issue has been patched in version 2.0.8...

7.1CVSS5.2AI score0.00261EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 9:2 p.m.25 views

CVE-2026-47120

CVE-2026-47120 affects Nezha Monitoring: from v1.4.0 to before v2.0.8, a RoleMember can trigger other users’ cron tasks via AlertRule.FailTriggerTasks without ownership checks, enabling admin cron commands to run on all servers. The issue is resolved in v2.0.8. Exploitation details in connected s...

7.1CVSS5.2AI score0.00261EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 9:2 p.m.28 views

CVE-2026-47120 Nezha Monitoring: RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks (no ownership check)

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks no ownership check. This issue has been patched in version 2.0.8...

7.1CVSS0.00261EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 8:55 p.m.6 views

CVE-2026-54397 MISP event editing allows unauthorized assignment to undisclosed sharing groups

A vulnerability in MISP’s non-REST event editing path allowed an authenticated user with event edit permissions to manipulate the submitted form data and set an event’s sharinggroupid to a sharing group they were not authorized to use. When distribution was set to sharing group distribution, the...

6.1CVSS5.2AI score0.00226EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 8:55 p.m.8 views

EUVD-2026-36577

A vulnerability in MISP’s non-REST event editing path allowed an authenticated user with event edit permissions to manipulate the submitted form data and set an event’s sharinggroupid to a sharing group they were not authorized to use. When distribution was set to sharing group distribution, the...

6.1CVSS5.2AI score0.00226EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 8:30 p.m.7 views

CVE-2026-54394 MISP organisation logo path traversal allows retrieval of arbitrary PNG/SVG files

MISP contains a path traversal vulnerability in OrganisationsController::getOrgLogo. The vulnerable code builds organisation logo file paths using organisation-controlled fields such as id, name, and uuid without ensuring that the resolved file remains inside the intended APP/files/img/orgs/...

5.3CVSS5.5AI score0.00319EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 8:30 p.m.23 views

CVE-2026-54394

The CVE-2026-54394 entry describes a path traversal vulnerability in MISP's OrganisationsController::getOrgLogo. The vulnerable code constructs paths to organisation logos using fields like id, name, and uuid without enforcing that the resolved path stays under APP/files/img/orgs/. An attacker ab...

5.3CVSS5.6AI score0.00319EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 8:24 p.m.8 views

EUVD-2026-36557

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, the AI "explain" helper only checks cansee? on the post being explained, not its replytopost, so any authenticated user wi...

4.3CVSS5.3AI score0.00189EPSS
Exploits0References1
NVD
NVD
added 2026/06/12 8:16 p.m.13 views

CVE-2026-54055

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.2, a local privilege escalation vulnerability exists in kitty's file transmission protocol where a child process running in the terminal can write to arbitrary files on the filesystem by exploiting a TOCTOU...

5CVSS0.00072EPSS
Exploits0References1
OSV
OSV
added 2026/06/12 8:16 p.m.4 views

UBUNTU-CVE-2026-54055

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.2, a local privilege escalation vulnerability exists in kitty's file transmission protocol where a child process running in the terminal can write to arbitrary files on the filesystem by exploiting a TOCTOU...

5CVSS5.5AI score0.00072EPSS
Exploits0References3
Rows per page
Query Builder