Lucene search
+L

53351 matches found

Cvelist
Cvelist
added 2 days ago34 views

CVE-2025-32781 Apollo: Apollo Portal release endpoint allows cross-application configuration disclosure via releaseId

Apollo is a reliable configuration management system suitable for microservice configuration management scenarios. Prior to 2.5.0, Apollo Portal does not verify application and namespace permissions when an authenticated user requests a release by ID through GET /envs/env/releases/releaseId while...

6.5CVSS0.00415EPSS
Exploits0References4
CVE
CVE
added 2 days ago18 views

CVE-2026-49997

CVE-2026-49997 affects SurrealDB prior to version 3.1.0, where Document::purge_edges could bypass edge table permissions for delete and select when a connected node was deleted. The issue occurs as edge records connected to a deleted node were removed with permissions disabled, bypassing edge-tab...

5.4CVSS6.1AI score0.00347EPSS
Exploits0References3
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-44673

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 12.0.0, when response caching is enabled, the cache-key derivation in api/src/utils/get-cache-key.ts includes version, path, query, and accountability.user but omits authorization context such as share, role...

8.6CVSS6.1AI score0.00277EPSS
Exploits0References4
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-44664

Permission control vulnerability in the file system. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

7.8CVSS6.1AI score0.00084EPSS
Exploits0References2
NVD
NVD
added 2 days ago5 views

CVE-2026-59259

n8n before versions 1.123.61, 2.27.4, and 2.28.1 contains a permission bypass vulnerability in external secrets handling caused by a mismatch between the static validation check and the runtime expression engine. An authenticated user with credential create or update permissions but without the...

6.5CVSS0.00344EPSS
Exploits0References2
CVE
CVE
added 2 days ago6 views

CVE-2026-59259

CVE-2026-59259 affects n8n released until versions 1.123.61, 2.27.4, and 2.28.1. The vulnerability is a permission bypass in external secrets handling caused by a mismatch between the static validation check and the runtime expression engine. An authenticated user who can create or update credent...

6.5CVSS6.2AI score0.00344EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2 days ago4 views

EUVD-2026-44635

n8n before versions 1.123.61, 2.27.4, and 2.28.1 contains a permission bypass vulnerability in external secrets handling caused by a mismatch between the static validation check and the runtime expression engine. An authenticated user with credential create or update permissions but without the...

6CVSS6.2AI score0.00344EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-59259 n8n - Permission Bypass via Expression Parser Mismatch in External Secrets

n8n before versions 1.123.61, 2.27.4, and 2.28.1 contains a permission bypass vulnerability in external secrets handling caused by a mismatch between the static validation check and the runtime expression engine. An authenticated user with credential create or update permissions but without the...

6CVSS0.00344EPSS
Exploits0References2
OSV
OSV
added 2 days ago3 views

CVE-2026-59259 n8n - Permission Bypass via Expression Parser Mismatch in External Secrets

n8n before versions 1.123.61, 2.27.4, and 2.28.1 contains a permission bypass vulnerability in external secrets handling caused by a mismatch between the static validation check and the runtime expression engine. An authenticated user with credential create or update permissions but without the...

6CVSS6.2AI score0.00344EPSS
Exploits0References4
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-44634

n8n before 2.28.1 contains an information disclosure vulnerability where external secrets are incorrectly resolved in workflow node expressions outside credentials scope. Authenticated project editors can read plaintext external secret values by referencing them in node expressions without...

6.3CVSS6.1AI score0.00265EPSS
Exploits0References2
OSV
OSV
added 2 days ago3 views

CVE-2026-57996 phpMyFAQ - Privilege Escalation via Missing SuperAdmin Guard in user/add Endpoint

phpMyFAQ before 4.1.5 contains a privilege escalation vulnerability in the user/add API endpoint that allows non-SuperAdmin administrators to create SuperAdmin accounts. A delegated administrator with USERADD/EDIT/DELETE permissions can call POST /admin/api/user/add with isSuperAdmin: true and...

8.7CVSS6.1AI score0.00246EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2 days ago3 views

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

6.4CVSS6AI score0.00292EPSS
Exploits0References8
NVD
NVD
added 3 days ago7 views

CVE-2026-15753

A vulnerability was determined in zhinianboke xianyu-auto-reply on Server. Affected by this vulnerability is an unknown functionality of the file /api/v1/payment/withdraw/review?action=approve. Executing a manipulation can lead to trusting http permission methods on the server side. The attack ma...

5.5CVSS0.00261EPSS
Exploits0References7
IBM Security Bulletins
IBM Security Bulletins
added 3 days ago6 views

Security Bulletin: IBM SPSS Modeler is affected by multiple vulnerabilities in DataView

Summary IBM SPSS Modeler is affected by multiple vulnerabilities in DataView. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2023-44981 DESCRIPTION: Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer...

9.1CVSS7.5AI score0.02667EPSS
Exploits2Affected Software1
NVD
NVD
added 3 days ago7 views

CVE-2026-62393

Improper Handling of Insufficient Permissions or Privileges vulnerability in Apache Kylin. Improper authorization in job information retrieval, where an attacker may get access to unauthorized jobs in other projects. This issue affects Apache Kylin: from 4 through 5.0.3. Users are recommended to...

4.3CVSS0.00463EPSS
Exploits0References2
NVD
NVD
added 3 days ago6 views

CVE-2026-3014

Milestone has released a new version of XProtect® and several cumulative patch updates which fix security vulnerability in Management Server API. The vulnerability causes users with edit permissions to the Management Server to be able to execute arbitrary code in context of the Management Server...

9.1CVSS0.00647EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-3014 Remote Code Execution by administrative user on the Management Server

Milestone has released a new version of XProtect® and several cumulative patch updates which fix security vulnerability in Management Server API. The vulnerability causes users with edit permissions to the Management Server to be able to execute arbitrary code in context of the Management Server...

9.1CVSS0.00647EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 3 days ago6 views

CVE-2026-3014

Milestone has released a new version of XProtect® and several cumulative patch updates which fix security vulnerability in Management Server API. The vulnerability causes users with edit permissions to the Management Server to be able to execute arbitrary code in context of the Management Server...

9.1CVSS6.2AI score0.00647EPSS
Exploits0References3
NVD
NVD
added 4 days ago6 views

CVE-2026-62188

OpenClaw @openclaw/feishu versions 2026.6.6 and earlier contain an incorrect authorization vulnerability in which the Feishu permission tools could ignore per-account disablement settings. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could...

8.6CVSS0.00213EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 4 days ago6 views

Apollo Portal: There is a risk of unauthorized access to the Apollo configuration center

Summary Apollo Portal versions before 2.5.0 do not verify application and namespace permissions when an authenticated user requests a release by ID through GET /envs/env/releases/releaseId. When configView.memberOnly.envs is enabled for the requested environment, a low-privileged Portal user can...

6.5CVSS6.1AI score0.00415EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder