Lucene search
K

224 matches found

CVE
CVE
added 2 days ago8 views

CVE-2026-9820

Mattermost versions 11.7.x <= 11.7.2 and 10.11.x

3.8CVSS6.1AI score0.00152EPSS
Exploits0References1Affected Software1
NVD
NVD
added 6 days ago8 views

CVE-2026-57026

An Improper Validation of Syntactic Correctness of Input vulnerability in the SIP plugin of Juniper Networks Junos OS on MX Series with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS.If the SIP ALG is enabled on an affected device, the...

8.7CVSS0.00461EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago7 views

CVE-2026-57026

An Improper Validation of Syntactic Correctness of Input vulnerability in the SIP plugin of Juniper Networks Junos OS on MX Series with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS.If the SIP ALG is enabled on an affected device, the...

8.7CVSS5.9AI score0.00461EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-57026 Junos OS: MX Series with SPC3, SRX Series: Processing of a specifically malformed SIP invite causes a flowd crash

An Improper Validation of Syntactic Correctness of Input vulnerability in the SIP plugin of Juniper Networks Junos OS on MX Series with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS.If the SIP ALG is enabled on an affected device, the...

8.7CVSS0.00461EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-56980

Name of the Vulnerable Software and Affected Versions Junos OS on MX Series with SPC3 and SRX Series versions prior to 23.2R2-S7 Junos OS on MX Series with SPC3 and SRX Series versions 23.4 prior to 23.4R2-S8 Junos OS on MX Series with SPC3 and SRX Series versions 24.2 prior to 24.2R2-S5 Junos OS...

8.7CVSS6.1AI score0.00461EPSS
Exploits0References4
NVD
NVD
added 2026/06/23 7:17 p.m.8 views

CVE-2026-54320

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.184.0, organization invitations could be accepted and declined by a user whose email matched the invitation but had not been verified. Daytona authenticates users via OIDC and...

8.4CVSS0.00215EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 6:23 p.m.12 views

EUVD-2026-32606

Budibase: Unanchored Regex in matchers.ts Allows CSRF Bypass via Query String Injection in Budibase Worker...

6.5CVSS5.2AI score0.00115EPSS
Exploits0References2
OSV
OSV
added 2026/06/12 6:11 p.m.3 views

CVE-2026-47236 Solidtime team page exposes pending invitation and member emails to employees who lack invitations:view/members:view permission

Solidtime is an open-source time-tracking app. Prior to version 0.12.2, Solidtime defines an explicit invitations:view and members:view permissions that gates the official invitations and members API. The Jetstream web team page authorizes access with only belongsToTeam and then loads and...

4.3CVSS5.9AI score0.00183EPSS
Exploits0References4
OSV
OSV
added 2026/06/12 3:51 p.m.2 views

CVE-2026-6689 *Missing* {{invite_user}} *permission check on team creation allows unprivileged users to set open-invite and allowed-domains team settings*

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 Fail to enforce PermissionInviteUser when setting AllowOpenInvite or AllowedDomains during team creation the check was only applied on update/patch, which allows an authenticated user holding...

4.3CVSS6AI score0.00152EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:43 p.m.11 views

CVE-2026-8496

A cross-site scripting XSS vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated SOGo webmail session. The issue occurs because SVG content embedded in the description field of an ICS...

6.1CVSS5.7AI score0.00283EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 5:14 p.m.10 views

CVE-2026-48147 Budibase: Unanchored Regex in `matchers.ts` Allows CSRF Bypass via Query String Injection in Budibase Worker

Budibase is an open-source low-code platform. Prior to 3.35.4, the buildMatcherRegex / matches functions in packages/backend-core/src/middleware/matchers.ts route patterns are compiled into unanchored regular expressions and tested against ctx.request.url, which includes the full query string. Th...

6.5CVSS5.8AI score0.00115EPSS
Exploits0References1
OSV
OSV
added 2026/05/21 8:35 p.m.13 views

GHSA-CHQV-VRJ7-QFFP NocoDB: Shared-base link access can invite arbitrary users as persistent base members

Summary Shared-base sessions were granted the same base-member capabilities as authenticated viewers. Using only the shared-base UUID xc-shared-base-id, an attacker could enumerate base members and invite an arbitrary email into the base as a real member. The invited user could then redeem the...

5.8CVSS5.9AI score0.00296EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/21 8:35 p.m.11 views

NPM: NocoDB: Shared-base link access can invite arbitrary users as persistent base members

NPM: NocoDB: Shared-base link access can invite arbitrary users as persistent base members vulnerability discovered by ? in WordPress Npm nocodb versions = 0.301.3...

5.9AI score0.00296EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/18 6:56 a.m.41 views

CVE-2026-4273 Insufficient token rotation validation in remote cluster invite confirmation

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to validate that the RefreshedToken differs from the original invite token during remote cluster invite confirmation which allows an authenticated attacker to bypass token rotation and reuse the original invite token via sending a craft...

3.7CVSS0.00142EPSS
Exploits0References1
HackRead
HackRead
added 2026/05/15 10:30 a.m.30 views

CalPhishing Scam Uses EvilTokens Kit, Outlook Invites to Steal M365 Sessions

Hackers are exploiting Outlook calendar invites and device code phishing to steal M365 session tokens, bypass MFA and breach enterprise accounts...

5.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.16 views

Linux Distros Unpatched Vulnerability : CVE-2026-8496

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cross-site scripting XSS vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript...

6.1CVSS6.2AI score0.00283EPSS
Exploits0References3
OSV
OSV
added 2026/05/13 7:17 p.m.4 views

DEBIAN-CVE-2026-8496

A cross-site scripting XSS vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated SOGo webmail session. The issue occurs because SVG content embedded in the description field of an ICS...

6.1CVSS6AI score0.00283EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 7:17 p.m.38 views

CVE-2026-8496

A cross-site scripting XSS vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated SOGo webmail session. The issue occurs because SVG content embedded in the description field of an ICS...

6.1CVSS0.00283EPSS
Exploits0References3
CVE
CVE
added 2026/05/13 6:2 p.m.32 views

CVE-2026-8496

Alinto SOGo 5.12.7 is affected by a cross-site scripting (XSS) vulnerability triggered by SVG content in ICS calendar invites. The issue stems from unsanitized SVG in the ICS file description with an onrepeat handler, allowing arbitrary JavaScript execution within an authenticated webmail session...

6.1CVSS6AI score0.00283EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/13 6:2 p.m.45 views

CVE-2026-8496 A cross-site scripting (XSS) vulnerability in Alinto SOGo, version 5.12.7

A cross-site scripting XSS vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated SOGo webmail session. The issue occurs because SVG content embedded in the description field of an ICS...

0.00283EPSS
Exploits0References3
Rows per page
Query Builder