Lucene search
K

1965 matches found

OSV
OSV
added 4 days ago3 views

CVE-2026-42219 Frappe: Path Traversal via /backups Route

Frappe is a full-stack web application framework. Prior to 16.19.0 and 15.109.0, path traversal via downloadbackups was possible due to lack of hardening. This issue is fixed in versions 16.19.0 and 15.109.0...

6.9CVSS6.1AI score0.00457EPSS
Exploits0References11
OSV
OSV
added 4 days ago3 views

CVE-2026-49394 Frappe: Auth. bypass via update_page

Frappe is a full-stack web application framework. Prior to 16.19.0, authorization bypass was possible via the updatepage endpoint in Workspace because public workspaces did not receive the required Workspace Manager edit check. This issue is fixed in version 16.19.0...

7.1CVSS6.1AI score0.00307EPSS
Exploits0References8
CVE
CVE
added 4 days ago13 views

CVE-2026-49394

Frappe CVE-2026-49394: Before version 16.19.0, authorization bypass was possible via the update_page endpoint in Workspace because the Workspace Manager edit check was not enforced for public workspaces. The issue is fixed in 16.19.0. The CVSS metrics indicate a NETWORK attack vector, LOW access ...

7.1CVSS6.1AI score0.00307EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 5 days ago5 views

Linux Distros Unpatched Vulnerability : CVE-2026-6896

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain...

8.7CVSS7.3AI score0.00282EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago4 views

EUVD-2026-42402

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.7 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to execute arbitrary scripts in another user's browser session due to improper...

7.3CVSS6.2AI score0.00243EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 6 days ago3 views

CVE-2026-14647

A flaw was found in onnx. This vulnerability, located in the convPoolShapeInferenceopset19 function of the onnxruntime component, allows a remote attacker to perform an out-of-bounds read. This could lead to the disclosure of sensitive information. Mitigation Mitigation for this issue is either n...

5.3CVSS5.8AI score0.00253EPSS
Exploits0References11
CVE
CVE
added 2026/07/04 7:0 p.m.28 views

CVE-2026-14647

ONNX Runtime (onnxruntime) up to 1.21.x is affected by CVE-2026-14647 due to a weakness in convPoolShapeInference_opset19 in ONNX’s old.cc (onnx/defs/nn). The root cause is an out-of-bounds read introduced in this path, enabling remote exploitation. Public exploits exist per the description. Reme...

5.3CVSS5.5AI score0.00253EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/07/04 12:0 a.m.12 views

PT-2026-55726

Name of the Vulnerable Software and Affected Versions onnx versions prior to 1.22.0 Description A weakness in the onnxruntime component allows for a remote out-of-bounds read. This occurs within the convPoolShapeInference opset19 function located in the onnx/defs/nn/old.cc file. Recommendations...

5.3CVSS6AI score0.00253EPSS
Exploits0References12
OSV
OSV
added 2026/06/30 11:16 a.m.5 views

UBUNTU-CVE-2026-50750

Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Following the fix for CVE-2026-49270 an unauthenticated attacker can now cause broker OOM by sending an repeated BrokerInfo commands without sending a ConnectionInfo, until the broke...

7.5CVSS5.8AI score0.00707EPSS
Exploits0References3
OSV
OSV
added 2026/06/30 11:16 a.m.5 views

UBUNTU-CVE-2026-50734

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ Client, Apache ActiveMQ, Apache ActiveMQ All. An unauthenticated network attacker can cause a broker DoS by sending a crafted WireFormatInfo frame with a malicious large size value. The value is not validate and causes t...

7.5CVSS5.8AI score0.00796EPSS
Exploits0References3
CVE
CVE
added 2026/06/30 9:49 a.m.18 views

CVE-2026-53916

CVE-2026-53916 describes a memory allocation issue in Apache ActiveMQ families (ActiveMQ, ActiveMQ All, ActiveMQ Stomp) caused by an unauthenticated STOMP NIO client that can emit header bytes that never terminate. This unbounded header buffering can exhaust the JVM heap. Affected versions are be...

7.5CVSS5.9AI score0.00796EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.11 views

PT-2026-53844

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ versions prior to 5.19.8 Apache ActiveMQ versions 6.0.0 through 6.2.6 Apache ActiveMQ All versions prior to 5.19.8 Apache ActiveMQ All versions 6.0.0 through 6.2.6 Apache ActiveMQ Stomp versions prior to 5.19.8 Apache ActiveMQ...

7.5CVSS6.2AI score0.00796EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/29 4:24 p.m.36 views

CVE-2026-13752 Snowflake CLI SQL Injection Through Improper Neutralization of Parameters in Secret Creation and SPCS Service Log Commands

Improper neutralization of parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. An attacker could exploit this by supplying crafted values to vulnerable command paths, causing Snowflake CLI to execute unintended SQL in the context of the user’s Snowflake session...

6CVSS0.00188EPSS
Exploits0References1
NVD
NVD
added 2026/06/29 4:16 p.m.11 views

CVE-2026-13750

Insertion of sensitive information into log files in Snowflake CLI versions prior to 3.19 allowed plaintext credentials to be written to persistent local debug logs. An attacker could exploit this by obtaining read access to the affected user's local log files, causing credentials such as...

5.5CVSS0.00108EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/29 4:12 p.m.7 views

EUVD-2026-40147

Improper handling of untrusted remote references in Snowflake CLI versions prior to 3.19 allowed server-side request forgery. The SQL statement reader's !source/!load directives could reference remote URLs that were retrieved at runtime without sufficient restriction on the request destination. B...

4.1CVSS5.9AI score0.00118EPSS
Exploits0References1
CVE
CVE
added 2026/06/29 4:12 p.m.21 views

CVE-2026-13751

CVE-2026-13751 concerns Snowflake CLI prior to v3.19, where the SQL reader’s !source/!load directives could reference remote URLs retrieved at runtime. The root cause is improper handling of untrusted remote references, enabling server-side request forgery within the vulnerable command path. Impa...

9.6CVSS5.9AI score0.00118EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/29 4:7 p.m.7 views

EUVD-2026-40137

Insertion of sensitive information into log files in Snowflake CLI versions prior to 3.19 allowed plaintext credentials to be written to persistent local debug logs. An attacker could exploit this by obtaining read access to the affected user's local log files, causing credentials such as...

5.5CVSS5.8AI score0.00108EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/29 4:2 p.m.7 views

EUVD-2026-40135

Improper neutralization in the Snowpark annotation processor callback template in Snowflake CLI versions prior to 3.19 allowed arbitrary code execution during application bundling or deployment. An attacker could exploit this by supplying crafted project content that is interpolated into generate...

8.8CVSS6.5AI score0.0037EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/29 3:58 p.m.7 views

CVE-2026-13748

Improper restriction of file path resolution in Snowflake CLI versions prior to 3.19 allowed arbitrary local file content to be read and transmitted to Snowflake services. An attacker could exploit this by supplying crafted repository or project content that referenced files outside the intended...

6.3CVSS6AI score0.00139EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/29 3:40 p.m.7 views

EUVD-2026-40129

Improper neutralization of attacker-controlled content in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. By supplying crafted repository content, project configuration, manifest data, or specification input, an attacker could cause Snowflake CLI to execute unintended SQL i...

8.3CVSS5.9AI score0.0032EPSS
Exploits0References1
Rows per page
Query Builder