Lucene search
K

389 matches found

NVD
NVD
added 3 days ago8 views

CVE-2026-6212

Authorization bypass through User-Controlled key vulnerability in Teracity Software Technologies Inc. TeraMIS allows Privilege Abuse. This issue affects TeraMIS: from V03.26.01.14 through 30.04.2026...

8.8CVSS0.00251EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-42988

Authorization bypass through User-Controlled key vulnerability in Teracity Software Technologies Inc. TeraMIS allows Privilege Abuse. This issue affects TeraMIS: from V03.26.01.14 through 30.04.2026...

8.8CVSS6.1AI score0.00251EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago36 views

CVE-2026-6212 IDOR in Teracity's TeraMIS

Authorization bypass through User-Controlled key vulnerability in Teracity Software Technologies Inc. TeraMIS allows Privilege Abuse. This issue affects TeraMIS: from V03.26.01.14 through 30.04.2026...

8.8CVSS0.00251EPSS
Exploits0References1
CVE
CVE
added 3 days ago11 views

CVE-2026-6212

CVE-2026-6212 affects Teracity Software Technologies Inc. TeraMIS (versions V03.26.01.14 through 30.04.2026). The issue is an Authorization bypass via a User-Controlled key, enabling Privilege Abuse. Root cause: improper handling of user-controlled keys allows bypassing access controls. CVSSv3.1 ...

8.8CVSS6.1AI score0.00251EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/10 8:32 p.m.21 views

PDM: Project-Local State and Config Writes Follow Symlinks

Summary PDM writes several project-local state or configuration files without symlink protection. If a malicious repository places those files as symlinks, local PDM operations can overwrite the symlink targets. This creates an arbitrary file clobber primitive relative to the privileges of the...

5.9AI score0.00024EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/10 8:32 p.m.10 views

GHSA-GHQ2-5C67-FPRM PDM: Project-Local State and Config Writes Follow Symlinks

Summary PDM writes several project-local state or configuration files without symlink protection. If a malicious repository places those files as symlinks, local PDM operations can overwrite the symlink targets. This creates an arbitrary file clobber primitive relative to the privileges of the...

6.8CVSS5.9AI score0.00024EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.67 views

PT-2026-48600

Name of the Vulnerable Software and Affected Versions PDM versions prior to 2.28.0-1.1 Description PDM writes project-local state and configuration files without symlink protection, allowing a malicious repository to use symlinks to overwrite files outside the repository root. This creates an...

6.8CVSS6AI score0.00024EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.8 views

CVE-2026-5247

The Schedule Post Changes With PublishPress Future plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wrapper' attribute of the futureaction shortcode in all versions up to, and including, 4.10.0. This is due to insufficient input sanitization on the wrapper attribute. The...

5.5CVSS5.7AI score0.00274EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:22 p.m.12 views

CVE-2026-7399

Authorization bypass through User-Controlled key vulnerability in MeWare Software Development Inc. PDKS allows Privilege Abuse. This issue affects PDKS: from V16.20200313 before VMYR3.5.2025117...

8.1CVSS5.4AI score0.00327EPSS
Exploits0References1
OSV
OSV
added 2026/06/04 7:27 p.m.9 views

GHSA-8V9P-G828-V98F Shopware: Admin Account Takeover via User Recovery Hash Exposure

Summary A low-privilege admin user with userrecovery:read ACL can take over any admin account. The attacker triggers password recovery for the victim unauthenticated endpoint, reads the recovery hash from the Admin API search endpoint, then uses the hash to reset the victim's password another...

6.8CVSS5.8AI score0.00034EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.11 views

Tautulli 安全漏洞

Tautulli is an open-source application developed by Tautulli for monitoring Plex Media Server. Versions of Tautulli prior to 2.17.1 contained security vulnerabilities. These vulnerabilities stemmed from the exposure of the /image/ route, allowing attackers to control the entries and trigger...

9.9CVSS5.4AI score0.00262EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.13 views

Fedora 43 : python-django5 (2026-4d1404fc5d)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-4d1404fc5d advisory. - Fixes CVE-2026-5766: Potential denial-of-service vulnerability in ASGI requests via file upload limit bypass - Fixes CVE-2026-35192: Session...

9.8CVSS5.8AI score0.00879EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.8 views

Fedora 44 : python-django5 (2026-9b7a6474a1)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-9b7a6474a1 advisory. - Fixes CVE-2026-5766: Potential denial-of-service vulnerability in ASGI requests via file upload limit bypass - Fixes CVE-2026-35192: Session...

9.8CVSS5.8AI score0.00879EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.9 views

Fedora 44 : python-django6 (2026-de6e24ae07)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-de6e24ae07 advisory. - Fixes CVE-2026-5766: Potential denial-of-service vulnerability in ASGI requests via file upload limit bypass - Fixes CVE-2026-35192: Session...

9.8CVSS5.9AI score0.00879EPSS
Exploits1References10
NVD
NVD
added 2026/05/14 1:16 p.m.39 views

CVE-2026-6008

Authorization bypass through User-Controlled key vulnerability in Im Park Information Technology, Electronics, Press, Publishing and Advertising, Education Ltd. Co. DijiDemi allows Privilege Abuse. This issue affects DijiDemi: from v4.5.12.1 before v4.5.13.0...

6.8CVSS0.00219EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/14 12:24 p.m.8 views

CVE-2026-6008 IDOR in Im Park's DijiDemi

Authorization bypass through User-Controlled key vulnerability in Im Park Information Technology, Electronics, Press, Publishing and Advertising, Education Ltd. Co. DijiDemi allows Privilege Abuse. This issue affects DijiDemi: from v4.5.12.1 before v4.5.13.0...

6.8CVSS5.8AI score0.00219EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/14 12:24 p.m.60 views

CVE-2026-6008 IDOR in Im Park's DijiDemi

Authorization bypass through User-Controlled key vulnerability in Im Park Information Technology, Electronics, Press, Publishing and Advertising, Education Ltd. Co. DijiDemi allows Privilege Abuse. This issue affects DijiDemi: from v4.5.12.1 before v4.5.13.0...

6.8CVSS0.00219EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/14 12:24 p.m.11 views

EUVD-2026-30270

Authorization bypass through User-Controlled key vulnerability in Im Park Information Technology, Electronics, Press, Publishing and Advertising, Education Ltd. Co. DijiDemi allows Privilege Abuse. This issue affects DijiDemi: from v4.5.12.1 before v4.5.13.0...

6.8CVSS5.8AI score0.00219EPSS
Exploits0References1
CVE
CVE
added 2026/05/14 12:24 p.m.13 views

CVE-2026-6008

CVE-2026-6008 describes an authorization bypass/IDOR in DijiDemi (Im Park Information Technology, Electronics, Press, Publishing and Advertising, Education Ltd. Co.). Affected versions are v4.5.12.1 before v4.5.13.0. Root cause: user‑controlled key enables privilege escalation. Impact includes hi...

6.8CVSS5.8AI score0.00219EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.17 views

PT-2026-40914

Authorization bypass through User-Controlled key vulnerability in Im Park Information Technology, Electronics, Press, Publishing and Advertising, Education Ltd. Co. DijiDemi allows Privilege Abuse. This issue affects DijiDemi: from v4.5.12.1 before v4.5.13.0...

6.8CVSS5.8AI score0.00219EPSS
Exploits0References2
Rows per page
Query Builder