Lucene search
+L

352 matches found

Cvelist
Cvelist
added yesterday22 views

CVE-2026-48014 Shopware: Admin API ACL Bypass in Order State Transition Endpoints

Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, the order state transition features /api/action/order/orderId/state/transition and similar transaction and delivery transition routes in src/Core/Checkout/Order/Api/OrderActionController.php do not declare...

6.5CVSS0.00041EPSS
Exploits0References5
EUVD
EUVD
added yesterday7 views

EUVD-2026-45241

Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, the order state transition features /api/action/order/orderId/state/transition and similar transaction and delivery transition routes in src/Core/Checkout/Order/Api/OrderActionController.php do not declare...

6.5CVSS5.3AI score0.00041EPSS
Exploits0References5
NVD
NVD
added 2 days ago5 views

CVE-2026-44595

Yamcs is a mission control framework. Prior to 5.12.7, the IAM API endpoints listUsers, getUser, listGroups, and getGroup in yamcs-core did not enforce the required SystemPrivilege.ControlAccess check in yamcs-core/src/main/java/org/yamcs/http/api/IamApi.java, so any authenticated user, even one...

4.3CVSS0.01019EPSS
Exploits3References5
Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-44595 Yamcs: Unauthorized user enumeration via IAM API endpoints

Yamcs is a mission control framework. Prior to 5.12.7, the IAM API endpoints listUsers, getUser, listGroups, and getGroup in yamcs-core did not enforce the required SystemPrivilege.ControlAccess check in yamcs-core/src/main/java/org/yamcs/http/api/IamApi.java, so any authenticated user, even one...

4.3CVSS0.01019EPSS
Exploits3References5
CVE
CVE
added 2 days ago42 views

CVE-2026-44595

CVE-2026-44595 affects Yamcs’ core IAM API endpoints: GET /api/iam/users, GET /api/iam/users/{name}, GET /api/iam/groups, and GET /api/iam/groups/{name}. The root cause is missing enforcement of SystemPrivilege.ControlAccess in Yamcs’ IAM API (IamApi.java), enabling any authenticated user—even wi...

4.3CVSS6.1AI score0.01019EPSS
Exploits3References5Affected Software1
NVD
NVD
added 3 days ago6 views

CVE-2026-62348

TDengine is a time-series database optimized for Internet of Things devices. Prior to 3.4.1.15, TDengine Enterprise allowed an authenticated low-privilege SQL user to run KILL SSMIGRATE against an active shared-storage migration because mndProcessKillSsMigrateReq called mndKillSsMigrate while the...

5.4CVSS0.00209EPSS
Exploits0References1
OSV
OSV
added 4 days ago4 views

USN-8536-1 mariadb vulnerabilities

It was discovered that MariaDB did not properly validate parameters supplied by a joiner node during a State Snapshot Transfer using the mariabackup method. An attacker could possibly use this issue to execute arbitrary shell commands on the donor node. CVE-2026-44168 It was discovered that Maria...

10CVSS6.4AI score0.00998EPSS
Exploits0References9
OSV
OSV
added 2026/06/16 11:50 a.m.8 views

BIT-MYSQL-CLIENT-2026-44173 MariaDB: FILE privilege was not checked for subqueries in the FROM clause

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB allowed SELECT ... INTO OUTFILE and SELECT ... INTO DUMPFILE without verifying the FILE privileg...

8.1CVSS5.2AI score0.00399EPSS
Exploits0References13
Vulnrichment
Vulnrichment
added 2026/06/12 5:34 p.m.14 views

CVE-2026-44173 MariaDB: FILE privilege was not checked for subqueries in the FROM clause

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB allowed SELECT ... INTO OUTFILE and SELECT ... INTO DUMPFILE without verifying the FILE privileg...

5CVSS5.3AI score0.00399EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/06/12 5:34 p.m.10 views

CVE-2026-44173

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB allowed SELECT ... INTO OUTFILE and SELECT ... INTO DUMPFILE without verifying the FILE privileg...

8.1CVSS5.2AI score0.00399EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2026/06/10 11:13 p.m.2 views

mariadb: MariaDB server: Information disclosure of stored routine definitions due to insufficient privilege check

A flaw was found in MariaDB server. A user who has been granted EXECUTE access to a stored routine through a role can view the definition of that routine. This information disclosure occurs even if the user does not possess the SHOW CREATE ROUTINE privilege, potentially exposing sensitive routine...

4.3CVSS6AI score0.00161EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/10 10:32 p.m.1 views

mariadb: MariaDB server: Information disclosure of stored routine definitions due to insufficient privilege check

A flaw was found in MariaDB server. A user who has been granted EXECUTE access to a stored routine through a role can view the definition of that routine. This information disclosure occurs even if the user does not possess the SHOW CREATE ROUTINE privilege, potentially exposing sensitive routine...

4.3CVSS6AI score0.00161EPSS
Exploits0References6
OSV
OSV
added 2026/06/08 3:27 p.m.10 views

SUSE-SU-2026:2303-1 Security update for postgresql17

This update for postgresql17 fixes the following issues Update to version 17.10. Security issues: - CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. - CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. - CVE-2026-6474: Guard again...

8.8CVSS5.9AI score0.00668EPSS
Exploits0References23
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.11 views

CVE-2026-45250

The setcred2 system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied into a fixed-size kernel stack buffer without first validating its length. If the supplied list exceeds the capaci...

7.8CVSS6.4AI score0.00409EPSS
Exploits1References1
OSV
OSV
added 2026/05/27 7:56 a.m.10 views

SUSE-SU-2026:2085-1 Security update for postgresql15

This update for postgresql15 fixes the following issues Security issues: - CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. - CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. - CVE-2026-6474: Guard against malicious time zone...

8.8CVSS6.1AI score0.00668EPSS
Exploits0References18
Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.12 views

SUSE SLES12 Security Update : postgresql18 (SUSE-SU-2026:1946-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1946-1 advisory. This update for postgresql18 fixes the following issues Update to version 18.4. Security issues: - CVE-2026-6472: ensure the user has CREATE...

8.8CVSS6.1AI score0.00668EPSS
Exploits0References35
SUSE Linux
SUSE Linux
added 2026/05/18 7:46 a.m.14 views

Security update for postgresql16

This update for postgresql16 fixes the following issues Update to version 16.13. Security issues: CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. CVE-2026-6474: Guard against...

8.8CVSS6.1AI score0.00668EPSS
Exploits0References40
ATTACKERKB
ATTACKERKB
added 2026/05/15 2:45 a.m.11 views

CVE-2025-54511

Improper handling of insufficient privileges in the AMD Secure Processor ASP could allow an attacker to provide an input value to a function without sufficient privileges and successfully write data, potentially resulting in loss of integrity of availability...

5.3CVSS5.8AI score0.00207EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/09 7:23 p.m.6 views

CVE-2026-34782

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the REST endpoint POST /api/v1/aiassistance/texttools/:id was not checking if a user is privileged to use the text tool, resulting in being able to use it in all situations. This vulnerability is fixed i...

5.3CVSS5.9AI score0.00169EPSS
Exploits0References1
NVD
NVD
added 2026/04/08 7:25 p.m.6 views

CVE-2026-34782

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the REST endpoint POST /api/v1/aiassistance/texttools/:id was not checking if a user is privileged to use the text tool, resulting in being able to use it in all situations. This vulnerability is fixed i...

5.3CVSS0.00169EPSS
Exploits0References1
Rows per page
Query Builder