Lucene search
K

5522 matches found

NVD
NVD
added 2026/06/23 7:17 p.m.9 views

CVE-2026-54322

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, Daytona's organization role update and delete endpoints authorized the caller as an owner of the organization named in the request path, but resolved and mutated the targe...

7.7CVSS0.00186EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 7:17 p.m.7 views

CVE-2026-54320

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.184.0, organization invitations could be accepted and declined by a user whose email matched the invitation but had not been verified. Daytona authenticates users via OIDC and...

8.4CVSS0.00215EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 6:11 p.m.7 views

EUVD-2026-38566

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.184.0, organization invitations could be accepted and declined by a user whose email matched the invitation but had not been verified. Daytona authenticates users via OIDC and...

8.4CVSS6.2AI score0.00215EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 6:11 p.m.35 views

CVE-2026-54320 Daytona: Cross-tenant organization takeover via invitation acceptance with an unverified email

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.184.0, organization invitations could be accepted and declined by a user whose email matched the invitation but had not been verified. Daytona authenticates users via OIDC and...

8.4CVSS0.00215EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 6:11 p.m.15 views

CVE-2026-54320

CVE-2026-54320 refers to Daytona’s cross-tenant takeover vulnerability prior to version 0.184.0. The issue allowed an unverified email that matched an invitation’s target to accept it (or decline) and join the target organization, since invitation acceptance/declination did not require email veri...

8.4CVSS6.2AI score0.00215EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/23 6:11 p.m.8 views

CVE-2026-54320

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.184.0, organization invitations could be accepted and declined by a user whose email matched the invitation but had not been verified. Daytona authenticates users via OIDC and...

8.4CVSS6.2AI score0.00215EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/23 6:7 p.m.8 views

CVE-2026-54322

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, Daytona's organization role update and delete endpoints authorized the caller as an owner of the organization named in the request path, but resolved and mutated the targe...

7.7CVSS6.3AI score0.00186EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/23 6:7 p.m.33 views

CVE-2026-54322 Daytona: Cross-org IDOR in organization role update/delete — any org owner can rewrite or destroy another org's roles

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, Daytona's organization role update and delete endpoints authorized the caller as an owner of the organization named in the request path, but resolved and mutated the targe...

7.7CVSS0.00186EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 6:7 p.m.7 views

EUVD-2026-38563

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, Daytona's organization role update and delete endpoints authorized the caller as an owner of the organization named in the request path, but resolved and mutated the targe...

7.7CVSS6.3AI score0.00186EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 6:7 p.m.11 views

CVE-2026-54322

The CVE-2026-54322 issue affects Daytona prior to 0.185.0, where organization role update/delete endpoints granted access based on the caller’s ownership of an org but validated the target role only by its identifier, not by org ownership. This cross-org IDOR lets an authenticated user who owns a...

7.7CVSS6.3AI score0.00186EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 6:7 p.m.37 views

CVE-2026-54324 Daytona: Cross-tenant data leak in notification WebSocket gateway via unverified organizationId join

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, a cross-tenant authorization flaw in Daytona's notification WebSocket gateway allowed any authenticated user to subscribe to another organization's realtime notification...

6.5CVSS0.00275EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 6:7 p.m.18 views

CVE-2026-54324

CVE-2026-54324 affects Daytona API service (NestJS) used in Daytona’s notification WebSocket gateway. The cross-tenant flaw allowed any authenticated user to join another organization’s realtime channel by binding a client-supplied organization ID to the corresponding room without verifying membe...

6.5CVSS6.3AI score0.00275EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 6:0 p.m.37 views

CVE-2020-9695

CVE-2020-9695 is an out-of-bounds write vulnerability in Adobe Acrobat/Reader. Affects multiple releases (e.g., Acrobat Reader versions 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523 and earlier) and related Acrobat products. Root cause: out-of-bounds write in the affected code pa...

7.8CVSS6.4AI score0.00176EPSS
Exploits0References1Affected Software3
CVE
CVE
added 2026/06/23 5:58 p.m.35 views

CVE-2020-9711

CVE-2020-9711 describes an out-of-bounds read (CWE-125) in Adobe Acrobat/Reader. Affected products include multiple lines of Acrobat/Reader: DC Continuous and Classic channels, across 2015, 2017, 2020 release families (e.g., 2020.009.20074, 2020.001.30002, 2017.011.30171, 2015.006.30523 and earli...

5.5CVSS5.7AI score0.00185EPSS
Exploits0References1Affected Software3
CVE
CVE
added 2026/06/23 5:47 p.m.58 views

CVE-2020-9713

CVE-2020-9713 is an out-of-bounds read (CWE-125) in Adobe Acrobat and Reader. Affected are versions including 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier. The vulnerability could disclose sensitive memory and requires user interaction (vi...

5.5CVSS5.7AI score0.00185EPSS
Exploits0References1Affected Software3
Github Security Blog
Github Security Blog
added 2026/06/23 5:13 p.m.10 views

Gogs Vulnerable to Unauthenticated Organization Teams Information Disclosure via API

Summary Gogs has an unauthenticated information disclosure vulnerability. The GET /api/v1/orgs/:orgname/teams endpoint at internal/route/api/v1/orgteam.go:8 returns all teams for any organization without requiring authentication. The route group at internal/route/api/v1/api.go:380-385 lacks the...

6.9CVSS5.8AI score0.01553EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/06/23 5:13 p.m.2 views

GHSA-744X-3838-5R56 Gogs Vulnerable to Unauthenticated Organization Teams Information Disclosure via API

Summary Gogs has an unauthenticated information disclosure vulnerability. The GET /api/v1/orgs/:orgname/teams endpoint at internal/route/api/v1/orgteam.go:8 returns all teams for any organization without requiring authentication. The route group at internal/route/api/v1/api.go:380-385 lacks the...

6.9CVSS5.8AI score0.01553EPSS
Exploits0References5
OSV
OSV
added 2026/06/23 5:10 p.m.3 views

GHSA-C39W-43GM-34H5 Gogs has Path Traversal in organization name that results in RCE through Git hooks

Summary Organization names containing path traversal sequences ../ are accepted by Gogs, and repositories under them are written to paths following these path traversals. This allows storing/retrieving data for repositories at arbitrary locations on the filesystem. By creating nested structure of...

10CVSS6.1AI score0.01107EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/23 5:10 p.m.10 views

Gogs has Path Traversal in organization name that results in RCE through Git hooks

Summary Organization names containing path traversal sequences ../ are accepted by Gogs, and repositories under them are written to paths following these path traversals. This allows storing/retrieving data for repositories at arbitrary locations on the filesystem. By creating nested structure of...

10CVSS6.1AI score0.01107EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/06/23 12:12 p.m.32 views

CVE-2026-56222 Capgo - Cross-Organization App Takeover via Mismatched org_id and app_id in /private/role_bindings

Capgo before 12.128.2 contains an authorization bypass vulnerability in POST /private/rolebindings that fails to verify appid ownership during app-scoped role binding creation. An attacker with administrative privileges in one organization can create role bindings targeting applications owned by...

8.6CVSS0.00356EPSS
Exploits0References2
Rows per page
Query Builder