Lucene search
K

219900 matches found

Cvelist
Cvelist
added 2026/04/30 6:22 p.m.37 views

CVE-2026-40600 Chartbrew: Incorrect Access Control in project share policy routes via unbound policy_id

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew allows authenticated users with access to one project to update or delete a SharePolicy record that belongs to a different project. The affect...

8.1CVSS0.00232EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/30 6:21 p.m.4 views

CVE-2026-40595 Chartbrew: Incorrect Access Control in public chart and export routes via missing onReport and SharePolicy checks

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes public chart retrieval and export routes that only verify project-level public access and, for exports, a team-level export toggle. Th...

7.5CVSS5.3AI score0.00275EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/30 6:21 p.m.6 views

Always-Incorrect Control Flow Implementation

Overview Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation in the options.WithCommit process. An attacker can cause loss of data consistency by relying on the transaction commit flag without the transaction actually being committed. Workaround This...

6.9CVSS5.8AI score
Exploits0References3
Cvelist
Cvelist
added 2026/04/30 6:20 p.m.29 views

CVE-2026-40904 Chartbrew: Incorrect Access Control in dataset and dataRequest routes via team-scoped permission checks

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes multiple dataset and dataRequest endpoints that authorize low-privileged project members at the team level instead of binding the...

8.1CVSS0.00235EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/30 3:7 p.m.30 views

CVE-2026-5174 Improper Access Control Vulnerability in Progress MOVEit Automation

Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation. This issue affects MOVEit Automation: from 2025.1.0 before 2025.1.5, from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0...

7.7CVSS0.03241EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/30 2:53 p.m.7 views

CVE-2026-7500 Org.keycloak.keycloak-services: improper access control on keycloak server when the account account api feature is disabled

When Keycloak is started with --features-disabled=account,account-api, the Account REST API is only partially disabled. Five endpoints under the versioned path /account/v1alpha1 remain fully functional — including both read and write operations — because they lack the checkAccountApiEnabled gate...

5.4CVSS5.3AI score0.00232EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/04/30 2:53 p.m.35 views

CVE-2026-7500 Org.keycloak.keycloak-services: improper access control on keycloak server when the account account api feature is disabled

When Keycloak is started with --features-disabled=account,account-api, the Account REST API is only partially disabled. Five endpoints under the versioned path /account/v1alpha1 remain fully functional — including both read and write operations — because they lack the checkAccountApiEnabled gate...

5.4CVSS0.00232EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/04/30 2:47 p.m.9 views

CVE-2026-42644

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper BetterDocs betterdocs allows Retrieve Embedded Sensitive Data.This issue affects BetterDocs: from n/a through = 4.3.10...

5.3CVSS5.2AI score0.00247EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/30 12:48 p.m.5 views

CVE-2026-7402

Improper Control of Interaction Frequency vulnerability in MeWare Software Development Inc. PDKS allows Flooding. This issue affects PDKS: from V16.20200313 before VMYR3.5.2025117...

8.1CVSS5.2AI score0.00378EPSS
Exploits0References2Affected Software1
The Hacker News
The Hacker News
added 2026/04/30 12:36 p.m.20 views

New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials

Cybersecurity researchers have disclosed details of a stealthy Python-based backdoor framework called DEEPDOOR that comes with capabilities to establish persistent access and harvest a wide range of sensitive information from compromised hosts. "The intrusion chain begins with execution of a batc...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/30 11:30 a.m.5 views

EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades

Intro A sophisticated, high-resilience malicious campaign was identified by Atos Threat Research Center TRC in March 2026. This operation specifically targets the high-privilege professional accounts of enterprise administrators, DevOps engineers, and security analysts by impersonating...

6.8AI score
Exploits0
EUVD
EUVD
added 2026/04/30 8:36 a.m.6 views

EUVD-2026-26358

Out-of-bounds read vulnerability in ASR Kestrel nrfw modules allows Overflow Buffers. This vulnerability is associated with program files Code/Nr/nrfw/RA/src/NrPwrCtrl.C. This issue affects Kestrel: before 2026/02/10...

7.4CVSS5.2AI score0.00277EPSS
Exploits0References1
CVE
CVE
added 2026/04/30 8:36 a.m.12 views

CVE-2026-42799

CVE-2026-42799 describes an out-of-bounds read in the ASR Kestrel software (nr_fw modules), specifically affecting the file path Code/Nr/nr_fw/RA/src/NrPwrCtrl.C. The published records indicate this affects Kestrel versions prior to 2026/02/10. The issue is classified with a high impact on confid...

9.8CVSS5.2AI score0.00277EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/04/30 8:4 a.m.5 views

MAL-2026-3197 Malicious code in sdoihgio9sudghsiudbg (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 61f008a0a874bc97bef2f5d2c59d64b4ae73b7cdb66970e5f82a5abb8186372d During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/30 8:4 a.m.7 views

Malicious code in sdoihgio9sudghsiudbg (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 61f008a0a874bc97bef2f5d2c59d64b4ae73b7cdb66970e5f82a5abb8186372d During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...

6AI score
Exploits0References1
GithubExploit
GithubExploit
added 2026/04/30 7:12 a.m.64 views

Agent389

Agent389 Agent389 is a professional, high-fidelity LDAP inje...

5.3AI score
Exploits0
Veracode
Veracode
added 2026/04/30 3:15 a.m.13 views

Improper Access Control

Caddy is vulnerable to Improper Access Control. The vulnerability is due to incorrect case-insensitive matching in the HTTP host request matcher when large host lists are configured, allowing attackers to modify the casing of the Host header and bypass host-based routing or associated access...

9.1CVSS5.8AI score0.0037EPSS
Exploits1References4Affected Software2
SUSE CVE
SUSE CVE
added 2026/04/30 2:25 a.m.7 views

SUSE CVE-2026-41526

In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path t...

6.5CVSS5.3AI score0.0017EPSS
Exploits0References3
Fedora
Fedora
added 2026/04/30 1:30 a.m.12 views

[SECURITY] Fedora 42 Update: miniupnpd-2.3.10-1.fc42

The MiniUPnP daemon is an UPnP IGD & PCP/NAT-PMP daemon for gateway routers. UPnP IGD & PCP/NAT-PMP are used to improve internet connectivity for devices behind a NAT router. Any peer to peer network application such as games, IM, etc. can benefit from a NAT router supporting UPnP IGD & PCP/NAT-P...

9.1CVSS5.2AI score0.00674EPSS
Exploits0
NVD
NVD
added 2026/04/30 1:16 a.m.5 views

CVE-2026-7468

A security vulnerability has been detected in 1024-lab smart-admin up to 3.30.0. This affects an unknown function of the file /smart-admin-api/druid/index.html of the component Demo Site. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has bee...

7.5CVSS0.00356EPSS
Exploits0References5
Rows per page
Query Builder