Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.11 views

CVE-2026-39374

Plane is an an open-source project management tool. Prior to 1.3.0, the IssueBulkUpdateDateEndpoint allows a project member ADMIN or MEMBER to modify the startdate and targetdate of ANY issue across the entire Plane instance, regardless of workspace or project membership. The endpoint fetches...

7.7CVSS5.5AI score0.00208EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/12 8:28 p.m.40 views

CVE-2026-44232 dssrf: every IPv6 category bypasses is_url_safe

DSSRF is a Node.js library that provides a wide range of utilities and advanced SSRF defense checks. Prior to 1.0.3, every IPv6 category bypasses isurlsafe. This vulnerability is fixed in 1.0.3...

8.7CVSS0.00349EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/22 7:23 p.m.5 views

CVE-2026-34062 Nimiq has Allocation of Resources Without Limits or Throttling in its libp2p request/response

nimiq-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, MessageCodec::readrequest and readresponse call readtoend on inbound substreams, so a remote peer can send only a partial frame and keep the substream open. because Behaviour::new also sets...

5.3CVSS5.8AI score0.00297EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/08 7:32 p.m.4 views

CVE-2026-39362 InvenTree has SSRF via Remote Image Download — No IP/Hostname Validation on remote_image URLs

InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.0, when INVENTREEDOWNLOADFROMURL is enabled opt-in, authenticated users can supply remoteimage URLs that are fetched server-side via requests.get with only Django's URLValidator check. There is no validation against...

5.3CVSS5.8AI score0.00233EPSS
Exploits0References1
NVD
NVD
added 2026/04/06 6:16 p.m.11 views

CVE-2026-35167

Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the getversionedpath method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences...

8.1CVSS0.00327EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/03 10:9 p.m.5 views

EUVD-2026-18891

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, the discovery handler accepts a peer-controlled limit during handshake and stores it unchanged. The immediate HandshakeAck path then honors lim...

7.5CVSS5.9AI score0.00461EPSS
Exploits0References4
CVE
CVE
added 2026/03/20 4:24 a.m.27 views

CVE-2026-32953

Tillitis TKey Client (Go module tkeyclient) versions

4.7CVSS5.9AI score0.00246EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2026/01/06 6:26 a.m.8 views

WordPress BuddyPress Xprofile Custom Field Types plugin <= 1.2.8 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability

Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin BuddyPress Xprofile Custom Field Types versions = 1.2.8...

7.2CVSS6.8AI score0.00615EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder