Lucene search
K

219834 matches found

OSV
OSV
added 2026/05/04 12:30 a.m.6 views

GHSA-9F6M-65V9-X9G2 MindsDB has an Improper Access Control Issue

A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byomhandler/procwrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit ha...

7.3CVSS6.7AI score0.00284EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/05/04 12:30 a.m.19 views

MindsDB has an Improper Access Control Issue

A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byomhandler/procwrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit ha...

7.5CVSS6.7AI score0.00284EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/05/04 12:16 a.m.6 views

CVE-2026-6948

Velociraptor versions prior to 0.76.4 contain a resource exhaustion vulnerability in the server's agent control channel. This allows a compromised or rogue Velociraptor client to crash the server via out-of-memory OOM by sending crafted messages through the normal client communication channel...

4.9CVSS0.00344EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/04 12:1 a.m.8 views

Malicious code in @w3m-app/is_connected (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 793804fbeaedf1325065aa857a03e0aba4bacd06b686728efeeb4a406f2e2668 The package @w3m-app/isconnected was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/04 12:1 a.m.5 views

Malicious code in @bcs-bank-react-ui/swiper-slider (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ecc6cabd59042f5fc22327d81efedc2ed1926f8f9457d124906fde72fbf65d46 The package @bcs-bank-react-ui/swiper-slider was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/04 12:1 a.m.7 views

MAL-2026-3268 Malicious code in @bcs-mi/store (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32fb1f804a47c0e11e62bab82cc978af199c0517a91965fb2bfd34f226237d34 The package @bcs-mi/store was found to contain malicious code. Source: ghsa-malware cc97afe6281e170826ea8ad4c189a9d5bb874fe69ca97da0e2bbdf327e33ba91...

5.8AI score
Exploits0References1
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.12 views

GeoVision GV-IP Device Utility 安全漏洞

The GeoVision GV-IP Device Utility is a network configuration tool developed by the Chinese company GeoVision, designed for discovering and managing IP monitoring devices. Version 9.0.5 of the GeoVision GV-IP Device Utility contains a security vulnerability. This vulnerability stems from...

9.3CVSS5.8AI score0.00214EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.9 views

PT-2026-36844

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Memory corruption occurs when another driver calls an IOCTL Input/Output Control, which is a device driver communication mechanism, using an invalid input or...

7.8CVSS5.8AI score0.00075EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.8 views

FunAdmin 访问控制错误漏洞

FunAdmin is an open-source backend development system developed using ThinkPHP6 and Layui. Versions of FunAdmin 7.1.0-rc6 and earlier contain an access control vulnerability. This vulnerability stems from the UploadService::chunkUpload function in the Frontend Chunked Upload Endpoint, where the...

7.5CVSS7.1AI score0.00294EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.9 views

Nginx UI 访问控制错误漏洞

Nginx UI is a web interface for Nginx developed by Jacky. Version 2.3.5 of Nginx UI contains an access control vulnerability, which stems from unauthenticated privilege escalation during the initial installation process via the POST /api/install endpoint...

9.8CVSS5.8AI score0.00339EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.10 views

MindsDB 访问控制错误漏洞

MindsDB is a joint query engine developed by MindsDB Corporation, designed specifically for AI agents and large language models. It can handle questions related to PB-level enterprise data. MindsDB versions 26.01 and earlier contained a access control vulnerability. This vulnerability stemmed fro...

7.5CVSS7.1AI score0.00284EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.8 views

PT-2026-36841

Memory corruption when processing camera sensor input/output control codes with invalid output buffers...

7.8CVSS5.8AI score0.00075EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.7 views

PT-2026-36842

Information Disclosure while processing IOCTL handler callbacks without verifying buffer size...

6.1CVSS5.9AI score0.00074EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.9 views

Rdiffweb 访问控制错误漏洞

Rdiffweb is a web application personally developed by Patrik Dufresne from the United States. It allows for quick access to your files through an efficient web interface. Versions of Rdiffweb prior to 2.10.5 contained a security vulnerability related to access control. This vulnerability stemmed...

8.1CVSS5.8AI score0.00245EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.7 views

Code-Projects BloodBank Managing System 访问控制错误漏洞

The Code-Projects BloodBank Managing System is an open-source blood bank management system developed by Code-Projects. Version 1.0 of the code-projects BloodBank Managing System contains a vulnerability related to access control. This vulnerability stems from an unlimited upload function in the...

6.5CVSS6.7AI score0.00206EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.8 views

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporated in the United States. There are security vulnerabilities in Qualcomm Chipsets, and these vulnerabilities stem from the lack of verification of buffer size when processing IOCTL handler callbacks, which may lead to...

6.1CVSS5.9AI score0.00074EPSS
Exploits0References1
OSV
OSV
added 2026/05/04 12:0 a.m.14 views

ALSA-2026:13565 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel: Denial of Service in libceph OSD client due to unreset sparse-read state CVE-2026-23136 kernel: Linux kernel: Use-after-free in traffic control actct may lead to denial of...

9.8CVSS6.1AI score0.96775EPSS
Exploits228References10
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.8 views

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporation. There is a security vulnerability in Qualcomm Chipsets, which stems from processing IOCTL commands when the device is in power-saving mode, resulting in memory corruption...

7.8CVSS5.8AI score0.00071EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.11 views

PT-2026-36884

Name of the Vulnerable Software and Affected Versions titra version 0.99.52 Description The globalsettings Meteor publication returns all global settings without performing administrative or role-based access checks. This allows any authenticated user to subscribe via DDP Distributed Data Protoco...

6.5CVSS5.8AI score0.00219EPSS
Exploits0References4
OSV
OSV
added 2026/05/04 12:0 a.m.16 views

ALSA-2026:13566 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel: Use-after-free in traffic control actct may lead to denial of service or privilege escalation CVE-2026-23270 kernel: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache...

9.8CVSS6.1AI score0.96775EPSS
Exploits228References10
Rows per page
Query Builder