Lucene search
K

1799 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.10 views

Oracle Linux 8 : thunderbird (ELSA-2026-9345)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-9345 advisory. 140.9.1-1.0.1 - Fix prefs for new nss Orabug: 37079820 - Add Oracle prefs file 140.9.1 - Add OpenELA debranding 140.9.1-1 - Update to 140.9.1 ESR Tenab...

9.8CVSS6.3AI score0.01052EPSS
Exploits1References6
Oracle linux
Oracle linux
added 2026/04/22 12:0 a.m.9 views

thunderbird security update

140.9.1-1.0.1 - Add Oracle prefs 140.9.1-1 - Update to 140.9.1 ESR...

9.8CVSS5.7AI score0.01052EPSS
Exploits1
Packet Storm News
Packet Storm News
added 2026/04/21 12:0 a.m.5 views

Understanding Password Preferences, Memorability, and Security through a Human-Centered Lens

Passwords remain the primary authentication method, yet user-created passwords are often the weakest due to the security-usability trade-off. Although AI-based password generators are emerging, little is known about their effectiveness and user perceptions. This eye-tracking study examined how...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/20 7:23 p.m.6 views

CVE-2026-40486

Kimai is an open-source time tracking application. In versions 2.52.0 and below, the User Preferences API endpoint PATCH /api/users/id/preferences applies submitted preference values without checking the isEnabled flag on preference objects. Although the hourlyrate and internalrate fields are...

4.3CVSS5.7AI score0.00267EPSS
Exploits1References1
NVD
NVD
added 2026/04/17 11:16 p.m.7 views

CVE-2026-40486

Kimai is an open-source time tracking application. In versions 2.52.0 and below, the User Preferences API endpoint PATCH /api/users/id/preferences applies submitted preference values without checking the isEnabled flag on preference objects. Although the hourlyrate and internalrate fields are...

4.3CVSS0.00267EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/17 10:35 p.m.24 views

CVE-2026-40486 Kimai's User Preferences API allows standard users to modify restricted attributes: hourly_rate, internal_rate

Kimai is an open-source time tracking application. In versions 2.52.0 and below, the User Preferences API endpoint PATCH /api/users/id/preferences applies submitted preference values without checking the isEnabled flag on preference objects. Although the hourlyrate and internalrate fields are...

4.3CVSS0.00267EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/17 10:35 p.m.4 views

CVE-2026-40486 Kimai's User Preferences API allows standard users to modify restricted attributes: hourly_rate, internal_rate

Kimai is an open-source time tracking application. In versions 2.52.0 and below, the User Preferences API endpoint PATCH /api/users/id/preferences applies submitted preference values without checking the isEnabled flag on preference objects. Although the hourlyrate and internalrate fields are...

4.3CVSS5.7AI score0.00267EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/17 10:35 p.m.3 views

CVE-2026-40486

Kimai is an open-source time tracking application. In versions 2.52.0 and below, the User Preferences API endpoint PATCH /api/users/id/preferences applies submitted preference values without checking the isEnabled flag on preference objects. Although the hourlyrate and internalrate fields are...

4.3CVSS5.7AI score0.00267EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/04/17 10:35 p.m.50 views

CVE-2026-40486

Kimai CVE-2026-40486 affects the User Preferences API. In versions

4.3CVSS5.7AI score0.00267EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.11 views

kimai 安全漏洞

Kimai is a web-based, multi-user time tracking application developed by Kimai’s individual developer. Versions of Kimai 2.52.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the lack of checks on the isEnabled flag in the user preference settings API endpoint,...

4.3CVSS5.8AI score0.00267EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.8 views

Oracle Linux 9 : thunderbird (ELSA-2026-8459)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-8459 advisory. 140.9.1-1.0.1 - Fix prefs for new nss Orabug: 37079813 - Add Oracle prefs 140.9.1 - Add OpenELA debranding 140.9.1-1 - Update to 140.9.1 ESR Tenable ha...

9.8CVSS6.3AI score0.01052EPSS
Exploits1References6
Oracle linux
Oracle linux
added 2026/04/16 12:0 a.m.13 views

thunderbird security update

140.9.1-1.0.1 - Fix prefs for new nss Orabug: 37079813 - Add Oracle prefs 140.9.1 - Add OpenELA debranding 140.9.1-1 - Update to 140.9.1 ESR...

9.8CVSS5.7AI score0.01052EPSS
Exploits1
OSV
OSV
added 2026/04/15 7:46 p.m.5 views

GHSA-QH43-XRJM-4GGP Kimai's User Preferences API allows standard users to modify restricted attributes: hourly_rate, internal_rate

Summary A Mass Assignment / Broken Object Property Level Authorization BOPA vulnerability in the User Preferences API allows any authenticated user even those with the lowest privileges to arbitrarily modify restricted financial attributes on their profile, specifically their hourlyrate and...

4.3CVSS5.8AI score0.00267EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/04/15 7:46 p.m.8 views

Kimai's User Preferences API allows standard users to modify restricted attributes: hourly_rate, internal_rate

Summary A Mass Assignment / Broken Object Property Level Authorization BOPA vulnerability in the User Preferences API allows any authenticated user even those with the lowest privileges to arbitrarily modify restricted financial attributes on their profile, specifically their hourlyrate and...

4.3CVSS5.8AI score0.00267EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.7 views

PT-2026-33218

Summary A Mass Assignment / Broken Object Property Level Authorization BOPA vulnerability in the User Preferences API allows any authenticated user even those with the lowest privileges to arbitrarily modify restricted financial attributes on their profile, specifically their hourly rate and...

4.3CVSS5.8AI score0.00267EPSS
Exploits1References6
Oracle linux
Oracle linux
added 2026/04/14 12:0 a.m.11 views

firefox security update

140.9.1-1.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079789 140.9.1 - Add debranding patches Mustafa Gezen - Add OpenELA default preferences Louis Abel 140.9.1-1 - Update to 140.9.1 ESR...

9.8CVSS6.2AI score0.01052EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/04/14 12:0 a.m.5 views

Oracle Linux 8 : firefox (ELSA-2026-8052)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-8052 advisory. 140.9.1-1.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079789 140.9.1 - Add debranding patches Mustafa Gezen - Add OpenELA default...

9.8CVSS6.3AI score0.01052EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/04/13 10:55 a.m.4 views

CVE-2019-25695

A flaw was found in R. This local buffer overflow vulnerability allows a local attacker to execute arbitrary code. By injecting malicious input into the GUI Preferences language field, an attacker can trigger the overflow, leading to the execution of arbitrary commands...

8.6CVSS6.4AI score0.00191EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.3 views

Oracle Linux 9 : firefox (ELSA-2026-7671)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-7671 advisory. 140.9.1-1.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079773 - Add firefox-oracle-default-prefs.js and remove the corresponding Red...

9.8CVSS6.3AI score0.01052EPSS
Exploits1References6
Oracle linux
Oracle linux
added 2026/04/13 12:0 a.m.7 views

firefox security update

140.9.1-1.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079773 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 140.9.1 - Add debranding patches Mustafa Gezen - Add OpenELA default preferences Louis Abel 140.9.1-1 - Update to 140.9.1 ESR...

9.8CVSS5.8AI score0.01052EPSS
Exploits1
Rows per page
Query Builder