Lucene search
K

442 matches found

CVE
CVE
added last week9 views

CVE-2026-13020

CVE-2026-13020 affects Esri Portal for ArcGIS up to version 12.1 on Windows, Linux, and Kubernetes. A weak password-recovery mechanism lets a remote, unauthenticated attacker potentially take ownership of a user account by manipulating the recovery flow. The vulnerability’s impact is described as...

9.8CVSS6AI score0.00234EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added last week7 views

EUVD-2026-42057

A Weak Password Recovery Mechanism for Forgotten Password exists in Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes. A remote, unauthorized attacker may assume ownership of a user’s account by manipulating this mechanism. ArcGIS Administrators should configure an...

8.1CVSS6AI score0.00234EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.12 views

PT-2026-56205

Name of the Vulnerable Software and Affected Versions Esri Portal for ArcGIS versions prior to 12.2 Description A weak password recovery mechanism for forgotten passwords allows a remote, unauthorized attacker to assume ownership of a user account by manipulating the recovery process...

9.8CVSS6.1AI score0.00234EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/06 8:12 a.m.6 views

EUVD-2026-41848

uniFLOW Universal Login Manager ULM Standalone contains an information disclosure vulnerability that may allow an authenticated administrator to access sensitive configuration information through the ULM Remote User Interface RUI. Exploitation requires administrative privileges and may disclose...

4.8CVSS5.9AI score0.00217EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.9 views

CVE-2026-41951

Path traversal vulnerability exists in GROWI v7.5.0 and earlier, which may allow an attacker to execute arbitrary EJS templates on the server when an email server is running in GROWI...

8.6CVSS7.4AI score0.00495EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.10 views

CVE-2026-45716

Budibase is an open-source low-code platform. Prior to 3.38.1, the POST /api/global/users/onboard endpoint is protected by workspaceBuilderOrAdmin middleware, allowing any user with builder permissions to access it. When SMTP email is not configured the default for self-hosted Budibase instances,...

8.8CVSS5.6AI score0.00261EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 7:16 a.m.13 views

CVE-2026-50205

System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporate identification data...

8.8CVSS0.00238EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 6:43 a.m.10 views

EUVD-2026-34217

System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporate identification data...

8.8CVSS5.8AI score0.00238EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.21 views

PT-2026-46156

System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporate identification data...

8.8CVSS5.8AI score0.00238EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/27 5:9 p.m.10 views

CVE-2026-45716

Budibase is an open-source low-code platform. Prior to 3.38.1, the POST /api/global/users/onboard endpoint is protected by workspaceBuilderOrAdmin middleware, allowing any user with builder permissions to access it. When SMTP email is not configured the default for self-hosted Budibase instances,...

8.8CVSS6AI score0.00261EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.13 views

Budibase 安全漏洞

Budibase is an open-source low-code platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.38.1 contained security vulnerabilities. These vulnerabilities stemmed from the POST...

8.8CVSS5.8AI score0.00261EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/18 5:42 p.m.30 views

Budibase: Builder-to-Admin Privilege Escalation via onboardUsers Endpoint Without SMTP Configuration

Summary The POST /api/global/users/onboard endpoint is protected by workspaceBuilderOrAdmin middleware, allowing any user with builder permissions to access it. When SMTP email is not configured the default for self-hosted Budibase instances, this endpoint bypasses the admin-restricted invite flo...

8.8CVSS6AI score0.00261EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.17 views

PT-2026-41795

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.38.1 Description An issue exists in the "POST /api/global/users/onboard" endpoint, which is protected by the workspaceBuilderOrAdmin middleware. This allows users with builder permissions to access the endpoint. In...

8.8CVSS5.9AI score0.00261EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/13 6:53 p.m.7 views

CVE-2026-41132 CKAN: No certificate validation on STMP connection

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, the configured SMTP server may be spoofed with any certificate e.g. self-signed, leaving credentials and all emails sent open to MITM attacks. This vulnerability is fixed in...

8.7CVSS5.8AI score0.00194EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/11 12:32 p.m.11 views

EUVD-2026-29047

Path traversal vulnerability exists in GROWI v7.5.0 and earlier, which may allow an attacker to execute arbitrary EJS templates on the server when an email server is running in GROWI...

8.6CVSS7.3AI score0.00495EPSS
Exploits0References3
NVD
NVD
added 2026/05/11 10:16 a.m.20 views

CVE-2026-41951

Path traversal vulnerability exists in GROWI v7.5.0 and earlier, which may allow an attacker to execute arbitrary EJS templates on the server when an email server is running in GROWI...

8.6CVSS0.00495EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/11 9:32 a.m.6 views

CVE-2026-41951

Path traversal vulnerability exists in GROWI v7.5.0 and earlier, which may allow an attacker to execute arbitrary EJS templates on the server when an email server is running in GROWI...

8.6CVSS6.1AI score0.00495EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/11 9:32 a.m.8 views

CVE-2026-41951

Path traversal vulnerability exists in GROWI v7.5.0 and earlier, which may allow an attacker to execute arbitrary EJS templates on the server when an email server is running in GROWI...

8.6CVSS7.3AI score0.00495EPSS
Exploits0References2
CVE
CVE
added 2026/05/11 9:32 a.m.23 views

CVE-2026-41951

The vulnerability CVE-2026-41951 affects GROWI up to v7.5.0, where a path traversal flaw could let an attacker cause the server to execute arbitrary EJS templates when an email server is running. The issue is documented in multiple sources (NVD/CVE entries) with CVSS v3.0/4.0 base scores of 7.2/8...

8.6CVSS7.3AI score0.00495EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.14 views

PT-2026-39589

Path traversal vulnerability exists in GROWI v7.5.0 and earlier, which may allow an attacker to execute arbitrary EJS templates on the server when an email server is running in GROWI...

8.6CVSS7.3AI score0.00495EPSS
Exploits0References3
Rows per page
Query Builder