Lucene search
K

219774 matches found

Snyk
Snyk
added 2026/05/07 12:59 a.m.4 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the stampExpression and watermarkExpression parameters in the merge, split, and convert routes. An attacker can access the contents of arbitrary PDF files on the server by supplying a path to a...

6.9CVSS5.9AI score0.00311EPSS
Exploits1References3
Snyk
Snyk
added 2026/05/07 12:59 a.m.5 views

External Control of File Name or Path

Overview github.com/gotenberg/gotenberg/v7/pkg/modules/chromium is a Docker-powered stateless API for PDF files. Affected versions of this package are vulnerable to External Control of File Name or Path via the stampExpression and watermarkExpression parameters in the merge, split, and convert...

6.9CVSS5.9AI score0.00311EPSS
Exploits1References3
Snyk
Snyk
added 2026/05/07 12:59 a.m.6 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the stampExpression and watermarkExpression parameters in the merge, split, and convert routes. An attacker can access the contents of arbitrary PDF files on the server by supplying a path to a...

6.9CVSS5.9AI score0.00311EPSS
Exploits1References3
Snyk
Snyk
added 2026/05/07 12:8 a.m.6 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the processing of search queries involving hasparent or haschild join relations when document-level security is enabled. An attacker can gain unauthorized access to restricted document contents by crafting...

6CVSS5.8AI score
Exploits0References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.8 views

WordPress plugin PDF Poster 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

5.3CVSS5.8AI score0.00182EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.13 views

AlmaLinux 10 : kernel (ALSA-2026:13566)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:13566 advisory. kernel: Linux kernel: Use-after-free in traffic control actct may lead to denial of service or privilege escalation CVE-2026-23270 kernel: nfsd: fix hea...

9.8CVSS6.4AI score0.96775EPSS
Exploits228References6
OSV
OSV
added 2026/05/07 12:0 a.m.6 views

MAL-2026-3640 Malicious code in camelotlabs-config (npm)

Five packages camelotlabs-sdk, camelotlabs-core, camelotlabs-config, camelotlabs-worker, and camelotlabs-utils were published to the public npm registry at version 99.0.0 by the actor madman0619 as a dependency confusion attack targeting the internal npm packages of Camelot Labs. The inflated...

5.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.7 views

PT-2026-41472

Name of the Vulnerable Software and Affected Versions OpenSearch versions prior to 2.19.4 OpenSearch versions prior to 3.2.0 Description A flaw in the OpenSearch Security plugin occurs during the handling of index rollover requests. When a request includes an explicit target index name, the...

2.2CVSS5.8AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.15 views

PT-2026-38423

Name of the Vulnerable Software and Affected Versions Liderahenk versions 2.0.1 through 2.0.1 Description An Origin Validation Error in the application allows attackers to bypass Access Control Lists ACLs, which are sets of rules that define permissions for users or systems. This flaw enables...

9.8CVSS5.8AI score0.00223EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.9 views

Yarbo 访问控制错误漏洞

Yarbo is a modular intelligent courtyard maintenance robot developed by the American company Yarbo. Version 2.3.9 of Yarbo contains an access control vulnerability. This vulnerability stems from the MQTT proxy configuration, which allows anonymous connections without topic-level read/write ACLs. ...

9.8CVSS5.8AI score0.00544EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.10 views

PT-2026-38455

Name of the Vulnerable Software and Affected Versions Ivanti EPMM versions prior to 12.6.1.1 Ivanti EPMM versions prior to 12.7.0.1 Ivanti EPMM versions prior to 12.8.0.1 Description Improper Access Control allows a remote unauthenticated attacker to invoke arbitrary methods. Recommendations Upda...

9.8CVSS6AI score0.00819EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.8 views

Snipe-IT 访问控制错误漏洞

Snipe-IT is a set of open-source IT asset/license management systems developed by Grokability. Versions of Snipe-IT 8.4.0 and earlier contained a access control vulnerability. This vulnerability stemmed from improper permission settings in the app/Http/Controllers/Api/UploadedFilesController.php...

9.8CVSS6.1AI score0.00475EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.13 views

PT-2026-38460

Name of the Vulnerable Software and Affected Versions Yarbo firmware version 2.3.9 Description The embedded MQTT broker is configured to permit anonymous connections and lacks topic-level read or write Access Control Lists ACLs. This allows any host on the same network to subscribe to sensitive...

9.8CVSS5.8AI score0.00544EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.7 views

Microsoft Azure AI Foundry M365 published agents 访问控制错误漏洞

Microsoft Azure AI Foundry M365 Published Agents are a series of enterprise-level intelligent agents provided by the American company Microsoft. There is an access control vulnerability in Microsoft Azure AI Foundry M365 Published Agents. This vulnerability stems from improper access control, whi...

10CVSS5.8AI score0.01164EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.14 views

PT-2026-38356

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs Happy Addons for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Happy Addons for Elementor: from n/a through 3.20.8...

5.3CVSS5.8AI score0.00336EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.13 views

PT-2026-38368

Name of the Vulnerable Software and Affected Versions free5GC versions prior to 4.2.2 Description The PCF Npcf SMPolicyControl service lacks authentication middleware in the NewServer function, where the smPolicyGroup route group is created without attaching the RouterAuthorizationCheck middlewar...

8.2CVSS5.8AI score0.00323EPSS
Exploits1References9
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.7 views

Optoma CinemaX P2 安全漏洞

The Optoma CinemaX P2 is a super-short focal-length 4K laser home projector from Optoma. The Optoma CinemaX P2 has a security vulnerability, which stems from exposing the HTTP API on TCP port 2345 and allowing unauthorized remote control. This vulnerability could allow any device on the same...

9.8CVSS5.9AI score0.00326EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.15 views

PT-2026-38451

Name of the Vulnerable Software and Affected Versions Ivanti EPMM versions prior to 12.6.1.1 Ivanti EPMM versions prior to 12.7.0.1 Ivanti EPMM versions prior to 12.8.0.1 Description Improper Access Control allows a remote authenticated attacker to gain administrative access. Recommendations Upda...

8.8CVSS6AI score0.00714EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.12 views

PT-2026-38365

Missing Authorization vulnerability in bPlugins PDF Poster allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF Poster: from n/a through 2.4.1...

5.3CVSS5.8AI score0.00182EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.8 views

DivvyDrive 安全漏洞

DivvyDrive is a file storage and sharing management platform developed by DivvyDrive Inc. in Turkey. Versions of DivvyDrive prior to 4.8.3.2 contained security vulnerabilities. These vulnerabilities stemmed from improper control over modifications to object properties and unlimited resource...

8.3CVSS5.8AI score0.00221EPSS
Exploits0References1
Rows per page
Query Builder