Lucene search
K

308 matches found

CVE
CVE
added 5 days ago10 views

CVE-2026-57252

CVE-2026-57252 affects Foxit PDF Editor/Reader when handling AcroForm operations during PDF loading—specifically during JavaScript-based page deletion and removal of attachment annotations. This triggers a use-after-free condition on invalid pointers within the attachment panel, causing the appli...

7.8CVSS5.9AI score0.00116EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2026/06/30 10:8 p.m.16 views

CVE-2026-56286

Capgo before 12.128.2 contains an authentication bypass vulnerability in the account deletion endpoint that allows deletion without password re‑authentication or secondary verification. Attackers can delete user accounts via session hijacking, CSRF, or parameter tampering, leading to unauthorized...

8.1CVSS5.8AI score0.00353EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.12 views

PT-2026-52514

Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.34.0 pnpm versions prior to 11.4.0 Description The patch application pipeline @pnpm/patch-package fails to validate file paths extracted from .patch files. An attacker can provide a malicious patch file containing...

7.3CVSS5.9AI score0.0027EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/06/22 12:17 p.m.31 views

CVE-2026-56424 Broken access control in MISP core allows cross-organization unauthorized modification or deletion of analyst data, event reports, collections, templates, and decaying models

MISP core contained multiple broken access-control flaws where authorization checks were performed against the wrong entity, or where ownership/editability checks were missing on write paths. In affected subsystems, a lower-privileged authenticated user with the relevant feature permission could...

7.1CVSS0.00361EPSS
Exploits0References5
CVE
CVE
added 2026/06/22 12:17 p.m.14 views

CVE-2026-56424

CVE-2026-56424 affects MISP core and describes multiple broken access-control flaws where authorization checks target the wrong entity or where ownership checks are missing on write paths. In affected subsystems, a lower-privileged authenticated user with relevant feature permissions could cause ...

8.8CVSS5.9AI score0.00361EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/22 12:17 p.m.5 views

CVE-2026-56424

MISP core contained multiple broken access-control flaws where authorization checks were performed against the wrong entity, or where ownership/editability checks were missing on write paths. In affected subsystems, a lower-privileged authenticated user with the relevant feature permission could...

7.1CVSS5.9AI score0.00361EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/12 11:51 a.m.9 views

EUVD-2026-36412

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the automod add command trims user input but does not reject an empty result. Adding a rule containing only whitespace stores an empty word. The message listener later checks content.includes"", which is always true, causing the bot ...

8.4CVSS5.2AI score0.00235EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.16 views

PT-2026-48859

Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the automod add command trims user input but does not reject an empty result. Adding a rule containing only whitespace stores an empty word. The message listener later checks content.includes"", which is always true, causing the bot ...

8.4CVSS5.3AI score0.00235EPSS
Exploits0References3
CVE
CVE
added 2026/06/11 6:27 p.m.18 views

CVE-2026-47163

Quest Bot prior to v1.0.1 allowed any guild member who can invoke slash commands to use /automod add, /automod remove, and /automod list due to missing Discord default permission and runtime moderator checks. An attacker could add a rule matching common text and cause the bot to delete other user...

7.2CVSS5.4AI score0.00215EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.18 views

Quest Bot 安全漏洞

Quest Bot is a multi-functional Discord community management robot developed by Duck Organization. Versions of Quest Bot prior to 1.0.5 contained security vulnerabilities. These vulnerabilities stemmed from the AutoMod deletion process not verifying the server to which the rules belong, potential...

8.3CVSS5.3AI score0.00307EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 10:17 p.m.10 views

CVE-2026-53738

Copy & Delete Posts through 1.5.4 lets any plugin-enabled non-admin role invoke every operation in the cdpactionhandling AJAX handler. Attackers with an enabled role can delete posts or overwrite plugin settings via the f parameter, bypassing per-function capability checks...

8.1CVSS0.00248EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

TYPO3 CMS 安全漏洞

TYPO3 CMS is a content management system developed under the TYPO3 open source framework. There is a security vulnerability in TYPO3 CMS, which stems from unauthorized backend users having access to write operations on the root directory of active files. This can lead to unauthorized moves,...

7.2CVSS5.4AI score0.00238EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.9 views

CVE-2026-27678

Due to missing authorization checks in the SAP S/4HANA backend OData Service Manage Reference Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and...

6.5CVSS5.5AI score0.00181EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/02 3:23 p.m.43 views

CVE-2026-45682 OpenTelemetry eBPF Instrumentation: CappedConcurrentHashMap leaks keys after removals

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the custom CappedConcurrentHashMap introduced for Java TLS state tracking never removes keys from its insertion-order queue when entries are deleted. In long-running...

5.1CVSS0.00161EPSS
Exploits1References2
NVD
NVD
added 2026/05/28 8:16 p.m.13 views

CVE-2026-33462

A path traversal vulnerability was identified in Kibana's dashboard management functionality. An authenticated user with limited permissions could create a dashboard with a specially crafted identifier. When an administrator subsequently attempts to delete this dashboard through the Kibana...

7.3CVSS0.00223EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/28 7:33 p.m.7 views

CVE-2026-33462

A path traversal vulnerability was identified in Kibana's dashboard management functionality. An authenticated user with limited permissions could create a dashboard with a specially crafted identifier. When an administrator subsequently attempts to delete this dashboard through the Kibana...

4.6CVSS5.8AI score0.00223EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/28 7:33 p.m.10 views

EUVD-2026-33009

A path traversal vulnerability was identified in Kibana's dashboard management functionality. An authenticated user with limited permissions could create a dashboard with a specially crafted identifier. When an administrator subsequently attempts to delete this dashboard through the Kibana...

4.6CVSS5.8AI score0.00223EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.9 views

PT-2026-44489

Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description A path traversal issue exists in the dashboard management functionality. An authenticated user with limited permissions can create a dashboard using a specially crafted identifier. If an...

7.3CVSS5.8AI score0.00223EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/27 7:56 a.m.7 views

CVE-2026-40836

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the inmessage model due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can result in a...

7.1CVSS6AI score0.00223EPSS
Exploits0References2Affected Software4
Cvelist
Cvelist
added 2026/05/26 2:8 p.m.48 views

CVE-2026-42425 OpenKM 6.3.12 Unrestricted SQL Execution via DatabaseQuery

OpenKM 6.3.12 contains an unrestricted SQL execution vulnerability that allows authenticated administrative users to execute arbitrary SQL statements against the application database via the DatabaseQuery interface. Attackers can submit malicious SQL queries through the qs parameter to the...

8.6CVSS0.00641EPSS
Exploits0References7
Rows per page
Query Builder