Lucene search
K

10150 matches found

OSV
OSV
added 2026/06/26 8:17 p.m.3 views

DEBIAN-CVE-2026-53283

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Bounds-check devid in rlookupamdiommu iommudeviceregister walks every device on the PCI bus via busforeachdev and calls amdiommuprobedevice for each. The inlined checkdevice path computes the device's sbdf, calls...

5.5CVSS5.8AI score0.00166EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 8:17 p.m.7 views

CVE-2026-44731

OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, the web application's meetings filter feature leaks whether a given user ID corresponds to a valid account and discloses the user's full name, allowing an attacker to enumerate all existing user account...

4.3CVSS0.00186EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 7:41 p.m.7 views

CVE-2026-44731

OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, the web application's meetings filter feature leaks whether a given user ID corresponds to a valid account and discloses the user's full name, allowing an attacker to enumerate all existing user account...

4.3CVSS5.8AI score0.00186EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/26 7:41 p.m.13 views

CVE-2026-44731

OpenProject contains an input leakage in the web application’s meetings filter feature that lets an attacker determine whether a user ID is valid and view the user’s full name, enabling enumeration of existing accounts. The issue occurs before versions 17.3.2 and 17.4.0 and is resolved by upgradi...

4.3CVSS5.8AI score0.00186EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 7:41 p.m.26 views

CVE-2026-44731 OpenProject: Improper Access Control on OpenProject through /projects/[projectName]/meetings via "invited_user_id" in GET parameter "filters" leads to user names disclosure

OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, the web application's meetings filter feature leaks whether a given user ID corresponds to a valid account and discloses the user's full name, allowing an attacker to enumerate all existing user account...

4.3CVSS0.00186EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 4:2 p.m.14 views

CVE-2026-56823

The CVE-2026-56823 affects AutoGPT: the POST /api/integrations/webhooks/{webhook_id}/ping endpoint authenticates by primary key only, allowing an authenticated user to enumerate webhook existence, leak the OAuth provider type, and potentially trigger a ping on behalf of another user due to insuff...

5.4CVSS5.9AI score0.0015EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 4:2 p.m.33 views

CVE-2026-56823 AutoGPT: IDOR in Webhook Ping Endpoint Allows Enumeration and Cross-User Ping Triggering

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to , the POST /api/integrations/webhooks/webhookid/ping endpoint fetches the target webhook by primary key alone without verifying that the webhook belongs to the...

5.4CVSS0.0015EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52900

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 17.3.2 OpenProject versions prior to 17.4.0 Description The meetings filter feature in the web application allows an attacker to enumerate existing user accounts by probing user IDs and observing differences in...

4.3CVSS5.8AI score0.00186EPSS
Exploits0References6
NVD
NVD
added 2026/06/25 7:16 p.m.8 views

CVE-2026-56772

NewsBlur before 14.5.0 contains a broken access control vulnerability that allows authenticated users to read private notification feeds by supplying arbitrary userid values to the GET /social/interactions endpoint without ownership verification. Attackers can enumerate userid values to access...

5.3CVSS0.00204EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 6:43 p.m.4 views

GO-2026-5347 OliveTin: ValidateArgumentType API Endpoint's Missing Authentication Allows Action and Argument Enumeration in github.com/OliveTin/OliveTin

OliveTin: ValidateArgumentType API Endpoint's Missing Authentication Allows Action and Argument Enumeration in github.com/OliveTin/OliveTin...

3.7CVSS5.8AI score0.00328EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 6:18 p.m.3 views

GHSA-R4V7-6WCG-GHJ5 FileBrowser: Missing Rate Limiting on Authentication Endpoint Enables Brute Force Attacks

Summary The /api/auth/login endpoint does not implement rate limiting, account lockout, or progressive backoff for repeated authentication failures. As a result, an attacker can perform unlimited login attempts against the endpoint. When combined with the username enumeration timing vulnerability...

6.5CVSS5.9AI score
Exploits0References4
EUVD
EUVD
added 2026/06/25 6:10 p.m.5 views

EUVD-2026-39526

Kanboard through 1.2.52, fixed in commit 928c68a, UserViewController::removeSession fails to validate the session id parameter before passing it to RememberMeSessionModel::remove, allowing authenticated users to delete other users' Remember Me sessions. Attackers can enumerate sequential session...

5.4CVSS5.9AI score0.00266EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-53022

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - platform/x86: dell-wmi-sysman: bound enumeration string aggregation populateenumdata aggregates firmware-provided value-modifier and possible-value strings into...

6AI score0.00172EPSS
Exploits0References3
CVE
CVE
added 2026/06/24 9:38 p.m.14 views

CVE-2026-49979

Appsmith prior to version 1.99 exposes a vulnerability in the POST /api/v1/admin/send-test-email endpoint. An attacker can supply smtpHost and smtpPort values to establish a raw JavaMail TCP connection, bypassing WebClientUtils.IP_CHECK_FILTER (which only applies to Spring WebClient HTTP requests...

5.1CVSS5.9AI score0.00218EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/06/24 5:41 p.m.8 views

EUVD-2026-36907

OliveTin: ValidateArgumentType API Endpoint's Missing Authentication Allows Action and Argument Enumeration...

3.7CVSS5.8AI score0.00328EPSS
Exploits0References4
OSV
OSV
added 2026/06/24 5:41 p.m.4 views

GHSA-F637-W7P2-M7FX OliveTin: ValidateArgumentType API Endpoint's Missing Authentication Allows Action and Argument Enumeration

Summary The ValidateArgumentType RPC endpoint in service/internal/api/api.go does not perform any authentication or authorization checks. Unlike all other data-returning API endpoints, it does not call auth.UserFromApiCall or checkDashboardAccess. When AuthRequireGuestsToLogin is enabled the...

3.7CVSS5.9AI score0.00328EPSS
Exploits0References5
CVE
CVE
added 2026/06/24 4:29 p.m.7 views

CVE-2026-53022

The CVE-2026-53022 issue affects the Linux kernel (platform/x86: dell-wmi-sysman). The vulnerability arises in populate_enum_data(), where firmware-provided value-modifier and possible-value strings are appended with raw strcat() into fixed 512-byte members, after per-source bounds checks, enabli...

5.8AI score0.00172EPSS
Exploits0References7
NVD
NVD
added 2026/06/24 2:17 p.m.9 views

CVE-2026-57299

Missing permission checks in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allow attackers with Overall/Read permission to enumerate the names of configured Contrast metadata...

4.3CVSS0.00167EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 2:17 p.m.8 views

CVE-2026-57293

An incorrect permission check in Jenkins Gitee Plugin 1288.v18bdebc9069b and earlier allows attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS0.0017EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 1:20 p.m.10 views

EUVD-2026-38780

Missing permission checks in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allow attackers with Overall/Read permission to enumerate the names of configured Contrast metadata...

5.9AI score0.00167EPSS
Exploits0References1
Rows per page
Query Builder