Lucene search
K

4374 matches found

Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.16 views

PT-2026-45474

Nextcloud is an open source content collaboration platform. From versions 1.15.0 to before 1.15.4, 1.16.0 to before 1.16.3, 1.17.0 to before 1.17.1, and 1.18.0 to before 1.18.1, a malicious user with access to an end-to-end encrypted files drop link was able to also drop files into other end-to-e...

3.5CVSS5.7AI score0.00203EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.20 views

Dassault Systèmes Teamwork Cloud和Dassault Systèmes Magic Collaboration Studio 安全漏洞

Dassault Systèmes Teamwork Cloud and Dassault Systèmes Magic Collaboration Studio are both products of Dassault Systèmes, a French company. Dassault Systèmes Teamwork Cloud is a collaborative model version control and storage platform. Dassault Systèmes Magic Collaboration Studio is a cloud-based...

9.8CVSS6.1AI score0.00543EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.9 views

TREK 安全漏洞

TREK is a self-hosted, real-time collaboration travel planning tool developed by Maurice’s individual developer. It supports map management, budget tracking, and itinerary management. Versions of TREK prior to 3.0.18 contained security vulnerabilities. These vulnerabilities stemmed from the login...

5.3CVSS5.8AI score0.00205EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/05/27 3:19 p.m.117 views

wingman

/|\ / | ...

5.9AI score
Exploits0
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.11 views

UFO³ 安全漏洞

UFO³ is an open-source cross-device collaboration multi-agent task orchestration tool developed by Microsoft. Version UFO³ 3.0.1-4-ge2626659 contains a security vulnerability. This vulnerability stems from variable instance fields being overwritten in the shared WebSocket processor instances, whi...

6.3CVSS5.8AI score0.00276EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:57 p.m.9 views

Security Bulletin: SPSS Collaboration and Deployment Services is affected by vulnerabilities in Bouncy Castle Crypto (CVE-2025-14813, CVE-2026-5598)

Summary SPSS Collaboration and Deployment Services is affected by vulnerabilities in Bouncy Castle Crypto CVE-2025-14813, CVE-2026-5598. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-14813 DESCRIPTION: : Use of a Broken or Risky Cryptographic Algorithm...

9.9CVSS7AI score0.00691EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.14 views

OPPO O+ Connect 安全漏洞

OPPO O+ Connect is a multi-device connectivity and data collaboration platform developed by OPPO Corporation in China. There is a security vulnerability in OPPO O+ Connect, which stems from the failure to verify the identity of the caller on the pipeline interface, potentially leading to an...

7.3CVSS5.8AI score0.00106EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/16 12:30 p.m.50 views

CVE-2025-4202 Multicollab: Content Team Collaboration and Editorial Workflow <= 5.2 - Missing Authorization to Authenticated (Subscriber+) Collaboration Comment

The Multicollab: Content Team Collaboration and Editorial Workflow plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cfaddcomment' function in all versions up to, and including, 5.2. This makes it possible for authenticated attackers...

4.3CVSS0.00237EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.12 views

WordPress plugin Multicollab: Content Team Collaboration and Editorial Workflow 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.9AI score0.00237EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/15 6:23 p.m.9 views

EUVD-2026-30589

Mathesar is a web application that makes working with PostgreSQL databases both simple and powerful. From 0.2.0 to before 0.10.0, explorations.get, explorations.replace, and explorations.delete operate on an explorationid without verifying that the requesting user was a collaborator on the...

5.3CVSS5.8AI score0.00278EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 6:23 p.m.7 views

CVE-2026-44718

Mathesar is a web application that makes working with PostgreSQL databases both simple and powerful. From 0.2.0 to before 0.10.0, explorations.get, explorations.replace, and explorations.delete operate on an explorationid without verifying that the requesting user was a collaborator on the...

5.3CVSS5.8AI score0.00278EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.8 views

Mathesar 安全漏洞

Mathesar is an open-source PostgreSQL data collaboration and editing tool developed by the Mathesar Foundation. Versions of Mathesar from 0.2.0 to 0.10.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of verification that the requesting user was indeed a database...

5.3CVSS5.8AI score0.00278EPSS
Exploits0References2
NVD
NVD
added 2026/05/12 8:16 p.m.8 views

CVE-2026-42889

Relay adds real-time collaboration to Obsidian. Relay Server versions 0.9.0 through 0.9.6 contain an authentication bypass in the multi-document WebSocket endpoints. When authentication is configured, WebSocket connections without a token query parameter were incorrectly treated as having full...

9.1CVSS0.00366EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 7:30 p.m.12 views

EUVD-2026-29792

Relay adds real-time collaboration to Obsidian. Relay Server versions 0.9.0 through 0.9.6 contain an authentication bypass in the multi-document WebSocket endpoints. When authentication is configured, WebSocket connections without a token query parameter were incorrectly treated as having full...

9.1CVSS5.8AI score0.00366EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 7:30 p.m.7 views

CVE-2026-42889

Relay adds real-time collaboration to Obsidian. Relay Server versions 0.9.0 through 0.9.6 contain an authentication bypass in the multi-document WebSocket endpoints. When authentication is configured, WebSocket connections without a token query parameter were incorrectly treated as having full...

9.1CVSS5.8AI score0.00366EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/12 7:30 p.m.17 views

CVE-2026-42889

Summary (CVE-2026-42889): Relay Server (used with Obsidian) versions 0.9.0–0.9.6 contain an authentication bypass in the multi-document WebSocket endpoints. When authentication is configured, WebSocket connections without a token query parameter were treated as having full server permissions, all...

9.1CVSS5.8AI score0.00366EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/12 6:51 p.m.9 views

Security Bulletin: SPSS Collaboration and Deployment Services is affected by vulnerabilities in Picomatch (CVE-2026-33671, CVE-2026-33672)

Summary SPSS Collaboration and Deployment Services is affected by vulnerabilities in Picomatch CVE-2026-33671, CVE-2026-33672. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2026-33671 DESCRIPTION: Picomatch is a glob matcher written JavaScript. Versions prior...

7.5CVSS6AI score0.00412EPSS
Exploits0Affected Software1
The Hacker News
The Hacker News
added 2026/05/12 5:18 a.m.14 views

iOS 26.5 Brings Default End-to-End Encrypted RCS Messaging Between iPhone and Android

Apple on Monday officially released iOS 26.5 with support for end-to-end encryption E2EE to Rich Communication Services RCS in beta as part of a "cross-industry effort" to replace traditional SMS with a more secure alternative. To that end, E2EE RCS messaging is rolling out to iPhone users runnin...

5.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.14 views

PT-2026-40422

Relay adds real-time collaboration to Obsidian. Relay Server versions 0.9.0 through 0.9.6 contain an authentication bypass in the multi-document WebSocket endpoints. When authentication is configured, WebSocket connections without a token query parameter were incorrectly treated as having full...

9.1CVSS5.8AI score0.00366EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.13 views

PT-2026-39281

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description The ydoc:document:update Socket.IO event handler fails to verify if a sender has write permissions, checking only if the sender is a member of the document's Socket.IO room. Users with read-only...

5.4CVSS5.8AI score0.0022EPSS
Exploits1References4
Rows per page
Query Builder