Lucene search
+L

4000 matches found

NVD
NVD
added 2026/07/08 1:16 a.m.9 views

CVE-2026-56843

Incorrect authorization in the XML-RPC API of WebPros Plesk before 18.0.78.4 allows a low-privileged authenticated customer to look up domains they do not own, because ownership is enforced only for certain lookup filters and schema validation is bypassed for legacy protocol versions. This result...

9.9CVSS0.00364EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/08 12:15 a.m.8 views

EUVD-2026-42144

Incorrect authorization in the XML-RPC API of WebPros Plesk before 18.0.78.4 allows a low-privileged authenticated customer to look up domains they do not own, because ownership is enforced only for certain lookup filters and schema validation is bypassed for legacy protocol versions. This result...

9.9CVSS6AI score0.00364EPSS
Exploits0References1
OSV
OSV
added 2026/07/08 12:0 a.m.7 views

ALSA-2026:36617 Important: oci-seccomp-bpf-hook security update

OCI Hook to generate seccomp json files based on EBF syscalls used by container oci-seccomp-bpf-hook provides a library for applications looking to use the Container Pod concept popularized by Kubernetes. Security Fixes: net: golang: Go net package: Denial of Service via long CNAME response in...

7.5CVSS6.9AI score0.00813EPSS
Exploits0References4
OSV
OSV
added 2026/07/07 12:5 p.m.8 views

RLSA-2026:34357 Important: opentelemetry-collector security update

Collector with the supported components for a Rocky Enterprise Software Foundation build of OpenTelemetry Security Fixes: github.com/prometheus/prometheus: Prometheus: Denial of Service via uncontrolled memory allocation in remote read endpoint CVE-2026-42154 github.com/prometheus/prometheus:...

8.2CVSS7.3AI score0.00939EPSS
Exploits0References7
Rockylinux
Rockylinux
added 2026/07/07 12:5 p.m.7 views

golang-github-openprinting-ipp-usb security update

An update is available for golang-github-openprinting-ipp-usb. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list HTTP reverse proxy, backed by IPP-over-USB...

7.5CVSS7.2AI score0.00939EPSS
Exploits0
OSV
OSV
added 2026/07/07 11:45 a.m.4 views

PYSEC-2026-1957 TensorFlow has Null Pointer Error in TensorArrayConcatV2

Impact When ctx-stepcontainter is a null ptr, the Lookup function will be executed with a null pointer. python import tensorflow as tf tf.rawops.TensorArrayConcatV2handle='a', 'b', flowin = 0.1, dtype=tf.int32, elementshapeexcept0=1 Patches We have patched the issue in GitHub commit...

7.5CVSS6.6AI score0.00391EPSS
Exploits0References6
OSV
OSV
added 2026/07/07 10:17 a.m.4 views

PYSEC-2026-973 TensorFlow has Null Pointer Error in LookupTableImportV2

Impact The function tf.rawops.LookupTableImportV2 cannot handle scalars in the values parameter and gives an NPE. python import tensorflow as tf v = tf.Variable1 @tf.functionjitcompile=True def test: func = tf.rawops.LookupTableImportV2 para='tablehandle': v.handle,'keys': 62.98910140991211,...

7.5CVSS5.9AI score0.00358EPSS
Exploits0References6
NVD
NVD
added 2026/07/07 4:17 a.m.10 views

CVE-2026-34044

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, the Logs::mount component looks up resources by UUID without scoping the lookup to the current team, allowing an authenticated user to access logs for applications owned by...

7.7CVSS0.00244EPSS
Exploits0References3
CVE
CVE
added 2026/07/07 3:12 a.m.12 views

CVE-2026-34044

The CVE-2026-34044 issue affects Coolify prior to 4.0.0-beta.466 where Logs::mount() looks up resources by UUID without limiting to the current team. This enables an authenticated user to read logs for applications owned by other teams by supplying a victim resource UUID, constituting a cross‑tea...

7.7CVSS5.9AI score0.00244EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/07 3:12 a.m.30 views

CVE-2026-34044 Coolify: Cross-team IDOR in logs component (resource lookup not team-scoped)

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, the Logs::mount component looks up resources by UUID without scoping the lookup to the current team, allowing an authenticated user to access logs for applications owned by...

7.7CVSS0.00244EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/07 3:12 a.m.7 views

CVE-2026-34044

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, the Logs::mount component looks up resources by UUID without scoping the lookup to the current team, allowing an authenticated user to access logs for applications owned by...

7.7CVSS5.9AI score0.00244EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/07/07 3:12 a.m.5 views

CVE-2026-34044 Coolify: Cross-team IDOR in logs component (resource lookup not team-scoped)

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, the Logs::mount component looks up resources by UUID without scoping the lookup to the current team, allowing an authenticated user to access logs for applications owned by...

7.7CVSS5.9AI score0.00244EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/07/07 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-59089

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in GIMP. The PlayStation TIM loader, responsible for handling PlayStation image files, incorrectly calculates the size of the Color Look-Up Tab...

5.5CVSS6.1AI score0.00208EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.11 views

PT-2026-56129

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.466 Description An authenticated user can access logs of applications belonging to other teams. This occurs because the Logs::mount function retrieves resources using a UUID without verifying if the resourc...

7.7CVSS6.1AI score0.00244EPSS
Exploits0References11
NVD
NVD
added 2026/07/06 10:16 p.m.7 views

CVE-2026-38973

mrubyc through release3.4.1 was found to contain an out-of-bounds read in builtin missing-method lookup inside mrbcfindmethod...

4.4CVSS0.00116EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/06 7:55 p.m.6 views

EUVD-2026-25019

id: pretty-print uses effective GID instead of effective UID for name lookup...

3.3CVSS5.9AI score0.00123EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/07/06 2:31 p.m.4 views

kernel: mptcp: fix slab-use-after-free in __inet_lookup_established

A flaw was found in the Linux kernel's Multipath TCP MPTCP implementation. Due to incorrect memory allocation for IPv6 subflow child sockets, a use-after-free vulnerability exists. A remote attacker could exploit this by triggering concurrent lookups in the kernel's hash table, potentially leadin...

9.8CVSS6.6AI score0.00459EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/07/06 1:8 p.m.7 views

CVE-2026-41716

A flaw was found in Spring Data Commons. An attacker can exploit this vulnerability by sending repeated requests with specially crafted strings, which are then permanently retained in the internal property-lookup cache. This can lead to heap exhaustion, resulting in a Denial of Service DoS for th...

7.5CVSS5.8AI score0.00363EPSS
Exploits0References4
OSV
OSV
added 2026/07/06 6:28 a.m.6 views

OESA-2026-2851 rubygem-yard security update

YARD is a documentation generation tool for the Ruby programming language. It enables the user to generate consistent, usable documentation that can be exported to a number of formats very easily, and also supports extending for custom Ruby constructs such as custom class level definitions...

5.3CVSS5.9AI score0.00273EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/07/06 4:59 a.m.4 views

kernel: mptcp: fix slab-use-after-free in __inet_lookup_established

A flaw was found in the Linux kernel's Multipath TCP MPTCP implementation. Due to incorrect memory allocation for IPv6 subflow child sockets, a use-after-free vulnerability exists. A remote attacker could exploit this by triggering concurrent lookups in the kernel's hash table, potentially leadin...

9.8CVSS6.2AI score0.00459EPSS
Exploits0References5
Rows per page
Query Builder