Lucene search
K

59487 matches found

NVD
NVD
added 2026/05/11 9:18 p.m.9 views

CVE-2026-28924

A race condition was addressed with improved handling of symbolic links. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to access Contacts without user consent...

7.5CVSS0.00306EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/11 8:8 p.m.8 views

CVE-2026-28924

A race condition was addressed with improved handling of symbolic links. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to access Contacts without user consent...

5.8AI score0.00306EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/11 8:8 p.m.28 views

CVE-2026-28924

A race condition was addressed with improved handling of symbolic links. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to access Contacts without user consent...

0.00306EPSS
Exploits0References3
CVE
CVE
added 2026/05/11 8:8 p.m.15 views

CVE-2026-28924

A race condition involving symbolic-link handling in macOS was fixed. The CVE CVE-2026-28924 notes that an app could access Contacts without user consent, and Apple mitigated this by shipping fixes in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, and macOS Tahoe 26.5. The connected advisories corrob...

7.5CVSS5.8AI score0.00306EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/11 5:23 p.m.14 views

MAL-2026-3429 Malicious code in openai-spellchecker (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 13911c4c1e0334b4e4d972e3b3256a08f8991d3935d74086c252ed085d3984a0 The package hides code to download and execute a next-stage payload, which then communicates with C2 and listens for next code parts. In the analyzed version,...

6AI score
Exploits0References3
Fedora
Fedora
added 2026/05/11 1:3 a.m.27 views

[SECURITY] Fedora 43 Update: nextcloud-33.0.3-1.fc43

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

9.9CVSS6.4AI score0.01815EPSS
Exploits15
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.15 views

PT-2026-39787

A race condition was addressed with improved handling of symbolic links. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to access Contacts without user consent...

5.8AI score0.00306EPSS
Exploits0References3
Fedora
Fedora
added 2026/05/10 3:23 a.m.39 views

[SECURITY] Fedora 42 Update: nextcloud-33.0.3-1.fc42

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

9.9CVSS6.5AI score0.01815EPSS
Exploits15
Fedora
Fedora
added 2026/05/10 2:55 a.m.34 views

[SECURITY] Fedora 44 Update: nextcloud-33.0.3-1.fc44

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

9.9CVSS6.5AI score0.01815EPSS
Exploits15
Cvelist
Cvelist
added 2026/05/08 9:12 p.m.33 views

CVE-2026-42193 Plunk: SNS webhook forgery

Plunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, the /webhooks/sns endpoint accepts Amazon SNS notification payloads from unauthenticated requests without verifying the SNS signature, certificate, or topic ARN, meaning anyone can forge a valid-looking webhoo...

9.1CVSS0.00127EPSS
Exploits0References2
OSV
OSV
added 2026/05/07 7:18 p.m.12 views

MAL-2026-3370 Malicious code in sufiagent (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f2cfd59dcec981250aeaf0633059cfd0af4d5dac6c87a1d54b9e13ce70957858 Designed to run on Android. Under the mask of an AI agent, the code downloads a remote executable on import, and during usage, silently exfiltrates data like...

5.9AI score
Exploits0References1
NVD
NVD
added 2026/05/07 4:16 a.m.16 views

CVE-2026-41657

Admidio is an open-source user management solution. Prior to version 5.0.9, the contactsdata.php endpoint uses a weaker permission check isAdministratorUsers, requiring only roledituser=true than the frontend UI contacts.php which correctly requires the stronger isAdministrator requiring...

4.9CVSS0.00322EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/07 2:58 a.m.15 views

EUVD-2026-28266

Admidio is an open-source user management solution. Prior to version 5.0.9, the contactsdata.php endpoint uses a weaker permission check isAdministratorUsers, requiring only roledituser=true than the frontend UI contacts.php which correctly requires the stronger isAdministrator requiring...

4.9CVSS5.8AI score0.00322EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/07 2:58 a.m.9 views

CVE-2026-41657 Admidio: Cross-Organization Member Data Exposure via Permission Check Mismatch in contacts_data.php

Admidio is an open-source user management solution. Prior to version 5.0.9, the contactsdata.php endpoint uses a weaker permission check isAdministratorUsers, requiring only roledituser=true than the frontend UI contacts.php which correctly requires the stronger isAdministrator requiring...

4.9CVSS5.8AI score0.00322EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/07 2:58 a.m.6 views

CVE-2026-41657

Admidio is an open-source user management solution. Prior to version 5.0.9, the contactsdata.php endpoint uses a weaker permission check isAdministratorUsers, requiring only roledituser=true than the frontend UI contacts.php which correctly requires the stronger isAdministrator requiring...

4.9CVSS5.8AI score0.00322EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.12 views

Admidio 安全漏洞

Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Versions of Admidio prior to 5.0.9 contained security vulnerabilities. These vulnerabilities...

4.9CVSS5.8AI score0.00322EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/03 1:42 p.m.12 views

Malicious code in metoopro (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6e089d4b8b0fe90a96024c1160f198df5ab7ec0b30f1f5765cf81ef4aa640279 Designed to run on Android. Under the mask of an AI agent, the code downloads a remote executable on import, and during usage, silently exfiltrates data like...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/05/03 1:42 p.m.15 views

MAL-2026-3247 Malicious code in metoopro (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6e089d4b8b0fe90a96024c1160f198df5ab7ec0b30f1f5765cf81ef4aa640279 Designed to run on Android. Under the mask of an AI agent, the code downloads a remote executable on import, and during usage, silently exfiltrates data like...

5.9AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/29 9:44 p.m.37 views

Admidio Exposes Cross-Organization Member Data via Permission Check Mismatch in contacts_data.php

Summary The contactsdata.php endpoint uses a weaker permission check isAdministratorUsers, requiring only roledituser=true than the frontend UI contacts.php which correctly requires the stronger isAdministrator requiring roladministrator=true and the contactsshowall system setting. A user manager...

4.9CVSS5.7AI score0.00322EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/29 9:44 p.m.6 views

GHSA-G8P8-94F2-28GR Admidio Exposes Cross-Organization Member Data via Permission Check Mismatch in contacts_data.php

Summary The contactsdata.php endpoint uses a weaker permission check isAdministratorUsers, requiring only roledituser=true than the frontend UI contacts.php which correctly requires the stronger isAdministrator requiring roladministrator=true and the contactsshowall system setting. A user manager...

4.9CVSS5.9AI score0.00322EPSS
Exploits0References4
Rows per page
Query Builder