Lucene search
K

7 matches found

Cvelist
Cvelist
added 2026/04/16 11:56 p.m.26 views

CVE-2026-40265 Note Mark has Broken Access Control on Asset Download

Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the asset download endpoint at /api/notes/noteID/assets/assetID is registered without authentication middleware, and the backend query does not verify ownership or book visibility. An unauthenticated user who knows...

5.9CVSS0.00409EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/17 12:0 a.m.3 views

EulerOS Virtualization 2.12.1 : aide (EulerOS-SA-2026-1415)

According to the versions of the aide package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : AIDE is an advanced intrusion detection environment. From versions 0.13 to 0.19.1, there is a null pointer dereference vulnerability i...

6.2CVSS5.9AI score0.00216EPSS
Exploits2References3
Amazon
Amazon
added 2026/03/06 12:0 a.m.5 views

Low: aide

Issue Overview: AIDE is an advanced intrusion detection environment. From versions 0.13 to 0.19.1, there is a null pointer dereference vulnerability in AIDE. An attacker can crash the program during report printing or database listing after setting extended file attributes with an empty attribute...

6.2CVSS5.8AI score0.00216EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.5 views

Amazon Linux 2023 : aide (ALAS2023-2026-1462)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1462 advisory. AIDE is an advanced intrusion detection environment. From versions 0.13 to 0.19.1, there is a null pointer dereference vulnerability in AIDE. An attacker can crash the program during report printing or...

6.2CVSS5.8AI score0.00216EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-24862

Malicious code in bioql PyPI...

6.2CVSS6.2AI score0.0021EPSS
Exploits1References3
NVD
NVD
added 2025/08/14 4:15 p.m.5 views

CVE-2025-54409

AIDE is an advanced intrusion detection environment. From versions 0.13 to 0.19.1, there is a null pointer dereference vulnerability in AIDE. An attacker can crash the program during report printing or database listing after setting extended file attributes with an empty attribute value or with a...

6.2CVSS0.00216EPSS
Exploits1References5
OSV
OSV
added 2025/08/13 7:45 p.m.5 views

GHSA-FCXQ-V2R3-CC8H External Secrets Operator's Missing Namespace Restriction Allows Unauthorized Secret Access

Summary A vulnerability was discovered in the External Secrets Operator where the List calls for Kubernetes Secret and SecretStore resources performed by the PushSecret controller did not apply a namespace selector. This flaw allowed an attacker to use label selectors to list and read...

7.1CVSS6.3AI score0.00348EPSS
Exploits0References7
Rows per page
Query Builder