Lucene search
+L

1122 matches found

CVE
CVE
added 2026/06/26 7:29 p.m.18 views

CVE-2026-49355

OpenProject (open-source, web-based project management) contains a vulnerability in versions prior to 17.4.0. The issue arises in GET /api/v3/meetings/:meeting_id/agenda_items/:agenda_item_id, which may disclose private work package data from a linked work package that belongs to a private/inacce...

4.3CVSS5.8AI score0.00214EPSS
Exploits0References1
OSV
OSV
added 2026/06/26 7:29 p.m.5 views

CVE-2026-49355 OpenProject: Private work package data disclosure through single meeting agenda item API

OpenProject is open-source, web-based project management software. Prior to 17.4.0, GET /api/v3/meetings/:meetingid/agendaitems/:agendaitemid discloses private work package data from a linked work package that belongs to a private/inaccessible project. This vulnerability is fixed in 17.4.0...

4.3CVSS6AI score0.00214EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/26 3:32 p.m.10 views

EUVD-2026-39653

In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment templates endpoint...

4.3CVSS5.8AI score0.00177EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 2:17 p.m.8 views

CVE-2026-57921

In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment templates endpoint...

7.5CVSS0.00177EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 12:38 p.m.18 views

CVE-2026-57921

In JetBrains YouTrack prior to version 2026.2.16593, an improper access control flaw in the comment templates endpoint allowed reading users’ private data. Affected component: YouTrack server-side access control for comment templates; root cause is insufficient restrictions on who can retrieve te...

7.5CVSS5.8AI score0.00177EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/26 12:38 p.m.8 views

CVE-2026-57921

In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment templates endpoint...

4.3CVSS5.8AI score0.00177EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/26 12:38 p.m.45 views

CVE-2026-57921

In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment templates endpoint...

4.3CVSS0.00177EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/06/26 2:12 a.m.9 views

SUSE CVE-2026-53152

In the Linux kernel, the following vulnerability has been resolved: mmc: dwmmc-rockchip: Add missing private data for very old controllers The really old controllers rk2928, rk3066, rk3188 do not support UHS speeds at all, and thus never handled phase data. For that reason it never had a parsedt...

5.8AI score0.00122EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.12 views

PT-2026-52701

Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2026.2.16593 Description Improper access control allows the unauthorized reading of private user data through the comment templates endpoint. Recommendations Update to version 2026.2.16593...

7.5CVSS5.8AI score0.00177EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.10 views

PT-2026-52908

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 17.4.0 Description An issue exists where the endpoint GET /api/v3/meetings/:meeting id/agenda items/:agenda item id discloses private work package data. This occurs when a linked work package belongs to a project...

4.3CVSS5.8AI score0.00214EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 9:16 a.m.7 views

CVE-2026-53152

In the Linux kernel, the following vulnerability has been resolved: mmc: dwmmc-rockchip: Add missing private data for very old controllers The really old controllers rk2928, rk3066, rk3188 do not support UHS speeds at all, and thus never handled phase data. For that reason it never had a parsedt...

5.5CVSS0.00122EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 9:16 a.m.4 views

UBUNTU-CVE-2026-53152

In the Linux kernel, the following vulnerability has been resolved: mmc: dwmmc-rockchip: Add missing private data for very old controllers The really old controllers rk2928, rk3066, rk3188 do not support UHS speeds at all, and thus never handled phase data. For that reason it never had a parsedt...

5.5CVSS5.7AI score0.00122EPSS
Exploits0References7
CVE
CVE
added 2026/06/25 8:38 a.m.42 views

CVE-2026-53152

CVE-2026-53152 affects the Linux kernel dw_mmc-rockchip driver. Older RK SoCs (rk2928, rk3066, rk3188) lacked required private data, leading to NULL-pointer dereferences when the init code accessed missing phase/driver data. The vulnerability is resolved by the commit ff6f0286c896, which adds the...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2026/06/25 8:38 a.m.8 views

CVE-2026-53152

In the Linux kernel, the following vulnerability has been resolved: mmc: dwmmc-rockchip: Add missing private data for very old controllers The really old controllers rk2928, rk3066, rk3188 do not support UHS speeds at all, and thus never handled phase data. For that reason it never had a parsedt...

5.5CVSS5.7AI score0.00122EPSS
Exploits0
EUVD
EUVD
added 2026/06/25 8:38 a.m.9 views

EUVD-2026-39243

In the Linux kernel, the following vulnerability has been resolved: mmc: dwmmc-rockchip: Add missing private data for very old controllers The really old controllers rk2928, rk3066, rk3188 do not support UHS speeds at all, and thus never handled phase data. For that reason it never had a parsedt...

5.8AI score0.00122EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 8:38 a.m.4 views

CVE-2026-53152 mmc: dw_mmc-rockchip: Add missing private data for very old controllers

In the Linux kernel, the following vulnerability has been resolved: mmc: dwmmc-rockchip: Add missing private data for very old controllers The really old controllers rk2928, rk3066, rk3188 do not support UHS speeds at all, and thus never handled phase data. For that reason it never had a parsedt...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References7
NVD
NVD
added 2026/06/24 9:16 p.m.10 views

CVE-2026-52795

Gogs is an open source self-hosted Git service. In 0.14.3 and earlier, any authenticated user can watch a private repository they have no access to, because the access check in the Watch API handler is inverted. The code checks if repoCtx.ViewerCanRead returns 404 when the user CAN read instead o...

4.3CVSS0.00168EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 3:18 p.m.5 views

Exposure of Private Personal Information to an Unauthorized Actor

Overview Affected versions of this package are vulnerable to Exposure of Private Personal Information to an Unauthorized Actor in the display of historical job and agent configurations. An attacker can access sensitive encrypted secret values by obtaining Extended Read permission. Remediation...

7.1CVSS6AI score0.0013EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: AppArmor: Fixed the race condition between freeing data and accessing it through the file system. AppArmor originally placed a reference to private data after removing the original entry from the file system. However, the inode m...

7.8CVSS6.1AI score0.00145EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/22 3:42 p.m.5 views

CVE-2026-50184

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, an issue in the @angular/service-worker package compromises the integrity of request-policy enforcement during...

5.7CVSS5.9AI score0.0015EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder