Lucene search
+L

200007 matches found

Cvelist
Cvelist
added 2 hours ago4 views

CVE-2026-8635 Arbitrary Code Execution in Python Interpreter Component

IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated users to escalate privileges to superuser by directly manipulating the database, execute arbitrary system commands, and achieve full system compromise with Langflow service permissions...

9.9CVSS
Exploits0References1
CVE
CVE
added 2 hours ago15 views

CVE-2026-8635

Security bulletin confirms CVE-2026-8635 affects Langflow OSS versions 1.0.0–1.10.0 where an authenticated user can exploit the Python Interpreter component to execute arbitrary code, bypass controls, and escalate to superuser by manipulating the database, potentially compromising the Langflow se...

9.9CVSS5.7AI score
Exploits0References1
Cvelist
Cvelist
added 2 hours ago7 views

CVE-2026-9135 Policies Component Dynamic CodeInput Fields Bypass Custom Component Validation

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow versions up to 1.9.2 commit 94981c443d4918517b9e8163d70fc598dc33a32d contain a code injection vulnerability in the Policies component's ToolGuard integration that bypasses the allowcustomcomponents=false security control. The vulnerability exists...

9.9CVSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2 hours ago3 views

AWS-JDBC Wrapper: Privilege Escalation in Aurora PostgreSQL instance

Aurora PostgreSQL is a fully managed relational database engine that's compatible with PostgreSQL. The team has identified CVE-2026-11400, an issue in Aurora PostgreSQL using the AWS Advanced JDBC Wrapper Impact An issue in AWS Wrappers for Amazon Aurora PostgreSQL will allow for privilege...

8.6CVSS5.2AI score0.00305EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2 hours ago4 views

GHSA-MHWW-P97M-3368 AWS-JDBC Wrapper: Privilege Escalation in Aurora PostgreSQL instance

Aurora PostgreSQL is a fully managed relational database engine that's compatible with PostgreSQL. The team has identified CVE-2026-11400, an issue in Aurora PostgreSQL using the AWS Advanced JDBC Wrapper Impact An issue in AWS Wrappers for Amazon Aurora PostgreSQL will allow for privilege...

8.6CVSS5.3AI score0.00305EPSS
Exploits0References6
NVD
NVD
added 2 hours ago6 views

CVE-2026-48008

Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, a non-admin API user with integration:create ACL privilege can escalate to full administrator by creating an integration with admin: true through the Sync API POST /api/action/sync; the regular integration endpoint POST...

6.5CVSS0.00034EPSS
Exploits0References5
NVD
NVD
added 2 hours ago7 views

CVE-2025-59866

The HCL DFMPro, DFXAnalytics and DFXServer installers are affected by ‘Insecure file permissions Leading to Privilege Escalation’ vulnerability, which enables any logged-in non-administrative user to overwrite or replace the executable file with a malicious binary...

3.3CVSS
Exploits0References1
CVE
CVE
added 3 hours ago25 views

CVE-2026-48014

Summary: CVE-2026-48014 affects Shopware open commerce platforms prior to 6.6.10.18 and 6.7.10.1, where Admin API order state transition routes (/api/_action/order/{orderId}/state/{transition} and related endpoints) could bypass ACL checks. The routes did not declare PlatformRequest::ATTRIBUTE_AC...

6.5CVSS5.3AI score0.00041EPSS
Exploits0References5
Cvelist
Cvelist
added 3 hours ago9 views

CVE-2026-48010 Shopware: Privilege escalation: non-admin user with user:create ACL can create admin accounts

Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, UserController::upsertUser in src/Core/Framework/Api/Controller/UserController.php writes raw user data in SYSTEMSCOPE without filtering the admin field, so a non-admin API user with user:create or user:update ACL permission...

6.5CVSS0.00034EPSS
Exploits0References5
CVE
CVE
added 3 hours ago20 views

CVE-2026-48010

Summary: CVE-2026-48010 affects Shopware core prior to versions 6.6.10.18 and 6.7.10.1. The vulnerability arises when UserController::upsertUser() writes raw request data in SYSTEM_SCOPE without filtering the admin field, allowing a non-admin API user with user:create or user:update ACL to set ad...

6.5CVSS5.3AI score0.00034EPSS
Exploits0References5
Cvelist
Cvelist
added 3 hours ago7 views

CVE-2026-48008 Shopware: Privilege Escalation via Sync API Integration Admin Flag Bypass

Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, a non-admin API user with integration:create ACL privilege can escalate to full administrator by creating an integration with admin: true through the Sync API POST /api/action/sync; the regular integration endpoint POST...

6.5CVSS0.00034EPSS
Exploits0References5
CVE
CVE
added 3 hours ago20 views

CVE-2026-48008

Shopware vulnerability CVE-2026-48008 describes privilege escalation via the Sync API. A non-admin API user with integration:create can set admin: true when creating an integration through POST /api/_action/sync, bypassing the normal admin-check that blocks admin flag on POST /api/integration. Th...

6.5CVSS5.4AI score0.00034EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 3 hours ago3 views

CVE-2026-48008 Shopware: Privilege Escalation via Sync API Integration Admin Flag Bypass

Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, a non-admin API user with integration:create ACL privilege can escalate to full administrator by creating an integration with admin: true through the Sync API POST /api/action/sync; the regular integration endpoint POST...

6.5CVSS5.3AI score0.00034EPSS
Exploits0References5
EUVD
EUVD
added 3 hours ago4 views

EUVD-2026-45237

Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, a non-admin API user with integration:create ACL privilege can escalate to full administrator by creating an integration with admin: true through the Sync API POST /api/action/sync; the regular integration endpoint POST...

6.5CVSS5.4AI score0.00034EPSS
Exploits0References5
EUVD
EUVD
added 3 hours ago4 views

EUVD-2025-210480

The HCL DFMPro, DFXAnalytics and DFXServer installers are affected by ‘Insecure file permissions Leading to Privilege Escalation’ vulnerability, which enables any logged-in non-administrative user to overwrite or replace the executable file with a malicious binary...

3.3CVSS5.4AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 3 hours ago4 views

CVE-2025-59866

The HCL DFMPro, DFXAnalytics and DFXServer installers are affected by ‘Insecure file permissions Leading to Privilege Escalation’ vulnerability, which enables any logged-in non-administrative user to overwrite or replace the executable file with a malicious binary...

3.3CVSS5.4AI score
Exploits0References1
CVE
CVE
added 3 hours ago5 views

CVE-2025-59866

The CVE concerns HCL DFMPro, DFXAnalytics, and DFXServer installers suffering from Insecure file permissions that allow a logged-in non-administrative user to overwrite or replace the executable with a malicious binary. The underlying cause is unrestricted or insecure permissions on the installer...

3.3CVSS5.4AI score
Exploits0References1
NVD
NVD
added 3 hours ago4 views

CVE-2026-16106

A flaw was found in the admin REST API of Keycloak, a solution for identity and access management. The issue occurs when a delegated administrator attempts to remove a child role from a composite role. Due to missing authorization checks, an attacker with limited administrative permissions can...

4.9CVSS
Exploits0References2
RedHat Linux
RedHat Linux
added 8 hours ago7 views

kernel: rtmutex: Use waiter::task instead of current in remove_waiter()

A flaw was found in the Linux kernel. When the kernel's real-time mutex rtmutex component performs a specific operation called 'proxy-lock rollback' during futex requeue, it incorrectly handles task pointers. This can lead to a 'Use-After-Free' UAF vulnerability, where the system attempts to use...

7.8CVSS6.7AI score0.00125EPSS
Exploits24References6
BDU FSTEC
BDU FSTEC
added 9 hours ago16 views

The vulnerability of the MmMapIoSpace() function in the ThrottleBlood.sys driver allows a hacker to escalate their privileges, execute arbitrary code, or cause a service failure.

The vulnerability of the MmMapIoSpace function in the ThrottleBlood.sys driver, as part of the ThrottleStop utility, is related to open IOCTLs with insufficient access control. Exploiting this vulnerability could allow an attacker to enhance their privileges, execute arbitrary code, or cause...

7.5CVSS6AI score0.06702EPSS
Exploits8References3Affected Software1
Rows per page
Query Builder