Lucene search
K

2890 matches found

RedhatCVE
RedhatCVE
added 2026/04/02 4:56 p.m.5 views

CVE-2026-20042

A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or Config-only backup files to access sensitive information. This vulnerability exists because authentication details are included in the encrypt...

6.5CVSS6.1AI score0.00293EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/04/02 12:0 a.m.4 views

Design and Implementation of an Open-Source Security Framework for Cloud Infrastructure

Misconfiguration, excessive privilege, and tool fragmentation remain the main reasons why enterprise cloud environments are breached. Recent reports on cloud-native application protection note that most incidents can be traced back to configuration or identity errors rather than platform flaws, a...

5.9AI score
Exploits0
Cvelist
Cvelist
added 2026/04/02 12:0 a.m.19 views

CVE-2026-34877

An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code execution. This is cause...

0.00426EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.6 views

PT-2026-29820

Name of the Vulnerable Software and Affected Versions Mbed TLS versions 2.19.0 through 3.6.5, Mbed TLS version 4.0.0 Description A flaw exists in Mbed TLS that, due to insufficient protection of serialized SSL context or session structures, could allow an attacker who can modify these structures ...

9.8CVSS6.2AI score0.00426EPSS
Exploits0References15
OSV
OSV
added 2026/04/01 10:9 p.m.4 views

GHSA-8FQ3-C5W3-PJ3Q CI4MS: Account Deactivation Module Grants Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation (Logic Flaw)

Summary Vulnerability: Improper Session Invalidation on Account Deactivation Broken Access Control / Logic Flaw - This vulnerability is caused by a backend logic flaw that maintains a false trust assumption that already-authenticated users remain trustworthy, even after their accounts are...

8.8CVSS5.8AI score0.00502EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/04/01 10:8 p.m.7 views

CI4MS: Account Deletion Module Grants Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation (Logic Flaw)

Summary Vulnerability: Improper Session Invalidation on Account Deletion Broken Access Control / Logic Flaw - This vulnerability is caused by a backend logic flaw that maintains a false trust assumption that already-authenticated users remain trustworthy, even after their accounts are explicitly...

8.8CVSS5.8AI score0.00502EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/04/01 10:8 p.m.6 views

GHSA-4VXV-4XQ4-P84H CI4MS: Account Deletion Module Grants Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation (Logic Flaw)

Summary Vulnerability: Improper Session Invalidation on Account Deletion Broken Access Control / Logic Flaw - This vulnerability is caused by a backend logic flaw that maintains a false trust assumption that already-authenticated users remain trustworthy, even after their accounts are explicitly...

8.8CVSS5.8AI score0.00502EPSS
Exploits1References4
EUVD
EUVD
added 2026/04/01 10:4 p.m.6 views

EUVD-2026-18076

CI4MS: Menu Management Pages Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS...

9.1CVSS5.8AI score0.00307EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/04/01 9:40 a.m.5 views

firefox: thunderbird: Sandbox escape due to use-after-free in the Disability Access APIs component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to use-after-free in the Disability Access APIs component...

10CVSS7.1AI score0.00531EPSS
Exploits0References6
OSV
OSV
added 2026/04/01 8:35 a.m.6 views

BIT-APPSMITH-2026-34411 Appsmith < 1.98 Unauthenticated Instance Configuration Disclosure via Management APIs

Appsmith versions prior to 1.98 expose sensitive instance management API endpoints without authentication. Unauthenticated attackers can query endpoints like /api/v1/consolidated-api/view and /api/v1/tenants/current to retrieve configuration metadata, license information, and unsalted SHA-256...

6.9CVSS5.9AI score0.00387EPSS
Exploits1References3
OSV
OSV
added 2026/04/01 12:9 a.m.4 views

GHSA-V77R-XG3P-75G7 CI4MS: Methods Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

Summary Vulnerability: Stored DOM XSS via Methods Management Fields Global Persistent Payload Execution - Stored Cross-Site Scripting via Unsanitized Method Creation and Management Inputs - Automatic Execution Across All Pages Where Method Is Rendered in Navigation Description The application fai...

9.1CVSS6.3AI score0.00307EPSS
Exploits1References3
NVD
NVD
added 2026/03/31 3:15 a.m.5 views

CVE-2026-34042

act is a project which allows for local running of github actions. Prior to version 0.2.86, act's built in actions/cache server listens to connections on all interfaces and allows anyone who can connect to it including someone anywhere on the internet to create caches with arbitrary keys and...

8.2CVSS0.00459EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/31 1:46 a.m.4 views

CVE-2026-34042

act is a project which allows for local running of github actions. Prior to version 0.2.86, act's built in actions/cache server listens to connections on all interfaces and allows anyone who can connect to it including someone anywhere on the internet to create caches with arbitrary keys and...

8.2CVSS6.4AI score0.00459EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.7 views

Act 安全漏洞

Act is a locally run tool developed by Nektos and open source. Versions of Act prior to 0.2.86 have security vulnerabilities. These vulnerabilities stem from the built-in actions/cache server, which listens to all interface connections. This could lead to arbitrary cache creation and retrieval,...

8.2CVSS6.4AI score0.00459EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/30 10:34 p.m.2 views

Cross-site Scripting (XSS)

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Methods Management process. An attacker can execute arbitrary JavaScript code in the context of administrative interfaces and global...

9.1CVSS6AI score0.00307EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/30 12:0 a.m.10 views

ZTE ZXHN H188A 安全漏洞

The ZTE ZXHN H188A is a home gateway router device produced by ZTE Corporation. Both the ZTE ZXHN H188A V6.0.10P2TE version and the V6.0.10P3N3TE version contain security vulnerabilities. These vulnerabilities stem from unvalidated wizard interfaces, which may allow local network attackers to...

7.1CVSS5.8AI score0.08943EPSS
Exploits3References3
Microsoft CVE
Microsoft CVE
added 2026/03/28 8:1 a.m.6 views

etcd: Authorization bypasses in multiple APIs

...

8.8CVSS5.8AI score0.00249EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/03/27 7:35 p.m.11 views

act: actions/cache server allows malicious cache injection

act's built-in actions/cache server listens to connections on all interfaces and allows anyone who can connect to it — including someone anywhere on the internet — to create caches with arbitrary keys and retrieve all existing caches. If one can predict which cache keys will be used by local...

8.2CVSS6.5AI score0.00459EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/03/27 7:35 p.m.3 views

GHSA-X34H-54CW-9825 act: actions/cache server allows malicious cache injection

act's built-in actions/cache server listens to connections on all interfaces and allows anyone who can connect to it — including someone anywhere on the internet — to create caches with arbitrary keys and retrieve all existing caches. If one can predict which cache keys will be used by local...

8.2CVSS6.5AI score0.00459EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/03/27 4:24 p.m.4 views

CVE-2026-34411 Appsmith < 1.98 Unauthenticated Instance Configuration Disclosure via Management APIs

Appsmith versions prior to 1.98 expose sensitive instance management API endpoints without authentication. Unauthenticated attackers can query endpoints like /api/v1/consolidated-api/view and /api/v1/tenants/current to retrieve configuration metadata, license information, and unsalted SHA-256...

6.9CVSS5.9AI score0.00387EPSS
Exploits1References2
Rows per page
Query Builder