Lucene search
+L

3399 matches found

CNNVD
CNNVD
added 2026/04/04 12:0 a.m.12 views

Electron 数据伪造问题漏洞

Electron is an open-source JavaScript framework developed by users for creating cross-platform desktop applications. This framework is based on Node.js and Chromium, allowing the development of cross-platform desktop applications using HTML and CSS. Versions of Electron prior to 38.8.6, 39.8.1,...

6.5CVSS5.7AI score0.00123EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/03 11:1 p.m.5 views

CVE-2026-35053

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, the Worker service's ManualAPI exposes workflow execution endpoints GET /workflow/manual/run/:workflowId and POST /workflow/manual/run/:workflowId without any authentication middleware. An attacker who ca...

9.8CVSS6.2AI score0.00546EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.16 views

core-rs-albatross 数据伪造问题漏洞

core-rs-albatross is a Rust implementation of the Albatross protocol developed by Nimiq. Versions prior to 1.3.0 of core-rs-albatross had a data manipulation vulnerability. This vulnerability stemmed from the lack of checking the interlink bindings of election macroblocks, which could lead to the...

6.5CVSS5.7AI score0.00187EPSS
Exploits0References4
NVD
NVD
added 2026/04/02 8:16 p.m.3 views

CVE-2026-35053

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, the Worker service's ManualAPI exposes workflow execution endpoints GET /workflow/manual/run/:workflowId and POST /workflow/manual/run/:workflowId without any authentication middleware. An attacker who ca...

9.8CVSS0.00546EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/02 6:55 p.m.1 views

CVE-2026-35053

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, the Worker service's ManualAPI exposes workflow execution endpoints GET /workflow/manual/run/:workflowId and POST /workflow/manual/run/:workflowId without any authentication middleware. An attacker who ca...

9.2CVSS6.2AI score0.00546EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/04/02 6:55 p.m.4 views

EUVD-2026-18542

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, the Worker service's ManualAPI exposes workflow execution endpoints GET /workflow/manual/run/:workflowId and POST /workflow/manual/run/:workflowId without any authentication middleware. An attacker who ca...

9.2CVSS6.2AI score0.00546EPSS
Exploits1References2
OSV
OSV
added 2026/04/02 6:55 p.m.2 views

CVE-2026-35053 OneUptime: Unauthenticated Workflow Execution via ManualAPI

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, the Worker service's ManualAPI exposes workflow execution endpoints GET /workflow/manual/run/:workflowId and POST /workflow/manual/run/:workflowId without any authentication middleware. An attacker who ca...

9.2CVSS6.2AI score0.00546EPSS
Exploits1References4
CVE
CVE
added 2026/04/02 6:55 p.m.43 views

CVE-2026-35053

OneUptime prior to v10.0.42 exposes unauthenticated access in the Worker service ManualAPI endpoints GET /workflow/manual/run/:workflowId and POST /workflow/manual/run/:workflowId, allowing an attacker who can obtain or guess a workflowId to trigger arbitrary workflow execution with attacker-cont...

9.8CVSS6.2AI score0.00546EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/02 5:4 a.m.3 views

CVE-2025-13855

IBM Storage Protect Server 8.2.0 IBM Storage Protect Plus Server is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

8.8CVSS6AI score0.00253EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.3 views

PT-2026-29883

Name of the Vulnerable Software and Affected Versions OneUptime versions prior to 10.0.42 Description The OneUptime platform's Worker service ManualAPI exposes workflow execution endpoints without authentication. Specifically, the GET and POST endpoints /workflow/manual/run/:workflowId are...

9.8CVSS6.3AI score0.00546EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.8 views

OneUptime 数据伪造问题漏洞

OneUptime is a comprehensive solution developed by OneUptime OpenSource. It is used to monitor and manage your online services. Versions of OneUptime prior to 10.0.42 contained a data manipulation vulnerability. This vulnerability stemmed from the separation of signature verification and identity...

8.1CVSS5.7AI score0.00264EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.14 views

rauc 数据伪造问题漏洞

RAUC is a security update controller for open-source embedded Linux systems developed by RAUC. Versions of RAUC prior to 1.15.2 had a data manipulation vulnerability. This vulnerability arises from using plaintext formats, and when a RAUC bundle with an effective payload size exceeding 2 GiB is...

7.2CVSS5.7AI score0.00141EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.12 views

jose 数据伪造问题漏洞

Jose is a JavaScript module developed by Filip Skokan for JSON object signing and encryption. Versions of JOSE prior to 0.3.5+1 contained a data manipulation vulnerability. This vulnerability arises from the possibility that key selection may treat the jwk embedded in the JOSE header as a...

7.5CVSS5.7AI score0.0013EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/30 12:0 a.m.8 views

OpenOLAT 数据伪造问题漏洞

OpenOLAT is an open-source web-based e-learning platform used for teaching, learning, assessment, and communication. It serves as a Learning Management System. Versions of OpenOLAT from 10.5.4 to 20.2.5 contained a data manipulation vulnerability. This vulnerability stemmed from the implicit flow...

9.8CVSS5.7AI score0.00206EPSS
Exploits0References2
SUSE Linux
SUSE Linux
added 2026/03/27 2:21 p.m.2 views

Security update for redis

This update for redis fixes the following issue: a user can manipulate data read by a connection by injecting sequences into a Redis error reply bsc1258706. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/03/27 2:21 p.m.1 views

SUSE-SU-2026:1122-1 Security update for redis

This update for redis fixes the following issue: - a user can manipulate data read by a connection by injecting sequences into a Redis error reply bsc1258706...

5.9AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/27 4:59 a.m.6 views

CVE-2026-34051

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 have an improper access control on the Import/Export functionality, allowing unauthorized users to perform import and export actions through direct request manipulati...

5.4CVSS5.8AI score0.00215EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.13 views

Digital Bazaar Forge 数据伪造问题漏洞

Digital Bazaar Forge is a native implementation of TLS in JavaScript by the American company Digital Bazaar, and it serves as an open-source tool for developing encrypted and network-intensive web applications. Versions of Digital Bazaar Forge prior to 1.4.0 contained a data manipulation...

7.5CVSS5.7AI score0.00348EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:13 p.m.8 views

CVE-2025-20005

Improper buffer restrictions in some UEFI firmware for some IntelR reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable data manipulation. This result may potentially occur via local access whe...

5.6CVSS5.9AI score0.00095EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:13 p.m.5 views

CVE-2025-20096

Improper input validation in the UEFI firmware for some Intel Reference Platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable data manipulation. This result may potentially occur via local access when...

5.9CVSS5.8AI score0.00137EPSS
Exploits0References1
Rows per page
Query Builder