Lucene search
K

617 matches found

Nuclei
Nuclei
added yesterday16 views

DELMIA Apriso - Broken Access Control

DELMIA Apriso Release 2020 through Release 2025 contains a broken access control vulnerability caused by missing authorization, letting attackers gain privileged access to the application, exploit requires no special conditions. id: CVE-2025-6205 info: name: DELMIA Apriso - Broken Access Control...

9.1CVSS7.1AI score0.71059EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-57859

Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 7.4.0 Description A low-privileged user can bypass the /admin/export UI to exfiltrate the entire member directory. The POST /CSVCreateFile.php endpoint generates and streams a CSV file containing the full Personally...

6.5CVSS6.1AI score
Exploits0References5
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-42148

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the devcontainer recreate endpoint relied on route middleware that checked only ActionRead on the workspace and, unlike the sibling delete endpoint, perform...

5.4CVSS6AI score0.00394EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/07 3:19 a.m.5 views

EUVD-2026-41995

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, terminal websocket bootstrap routes only check authentication and do not enforce terminal authorization, allowing a low-privileged team member to connect to terminal routes...

9.9CVSS6AI score0.00405EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/07/06 4:12 p.m.7 views

CVE-2026-40138 Critical Pre-Authentication Vulnerability in BeyondTrust Remote Support and Privileged Remote Access

A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance...

9.2CVSS6AI score0.00417EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/06 8:24 a.m.34 views

CVE-2026-43867 Apache Camel: Camel-PQC: The AWS Secrets Manager key-lifecycle manager deserializes persisted key metadata with java.io.ObjectInputStream and no ObjectInputFilter

Deserialization of Untrusted Data vulnerability in Apache Camel PQC Component. The camel-pqc component persists post-quantum key metadata KeyMetadata through pluggable KeyLifecycleManager implementations. AwsSecretsManagerKeyLifecycleManager.deserializeMetadata reads that metadata back from the...

0.00691EPSS
Exploits1References1
EUVD
EUVD
added 2026/07/06 8:24 a.m.6 views

EUVD-2026-41853

Deserialization of Untrusted Data vulnerability in Apache Camel PQC Component. The camel-pqc component persists post-quantum key metadata KeyMetadata through pluggable KeyLifecycleManager implementations. AwsSecretsManagerKeyLifecycleManager.deserializeMetadata reads that metadata back from the...

9.8CVSS6.4AI score0.00691EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:4 a.m.6 views

CVE-2026-10745

Improper output neutralization for logs vulnerability in upKeeper Solutions upKeeper Instant Privilege Access on Windows allows Log Injection-Tampering-Forging. This issue affects upKeeper Instant Privilege Access: through 1.6.1...

7.9CVSS5.9AI score0.00264EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 8:4 a.m.17 views

CVE-2026-10745

CVE-2026-10745 affects upKeeper Solutions a.k.a. upKeeper Instant Privilege Access on Windows, vulnerable through version 1.6.1. Root cause: improper output neutralization in logs (log injection/tampering/forging). Reported impact per metrics indicates high risk for subsequent system confidential...

7.9CVSS5.9AI score0.00264EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 8:4 a.m.14 views

EUVD-2026-38731

Improper output neutralization for logs vulnerability in upKeeper Solutions upKeeper Instant Privilege Access on Windows allows Log Injection-Tampering-Forging. This issue affects upKeeper Instant Privilege Access: through 1.6.1...

7.9CVSS5.9AI score0.00264EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 8:4 a.m.36 views

CVE-2026-10745

Improper output neutralization for logs vulnerability in upKeeper Solutions upKeeper Instant Privilege Access on Windows allows Log Injection-Tampering-Forging. This issue affects upKeeper Instant Privilege Access: through 1.6.1...

7.9CVSS0.00264EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.13 views

CVE-2026-2449

Improper neutralization of argument delimiters in a command 'argument injection' vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Hijacking a Privileged Thread of Execution.This issue affects upKeeper Instant Privilege Access: through 1.5.0...

9CVSS5.4AI score0.00329EPSS
Exploits0References1
NVD
NVD
added 2026/06/05 5:16 p.m.20 views

CVE-2025-5090

CVX is not resilient to unexpected messages from a connected switch. This leads to agent crashes on CVX causing instability in the CVX cluster. An attacker could use this behavior to create a denial of service DoS scenario. Note that this would require the attacker to have a high privilege access...

7.1CVSS0.00235EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/05 3:49 p.m.9 views

CVE-2025-5090 Arista CloudVision Exchange Cluster Instability via Unexpected Switch Messages

CVX is not resilient to unexpected messages from a connected switch. This leads to agent crashes on CVX causing instability in the CVX cluster. An attacker could use this behavior to create a denial of service DoS scenario. Note that this would require the attacker to have a high privilege access...

7.1CVSS5.5AI score0.00235EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/05 3:44 p.m.11 views

EUVD-2025-210075

In a CVX cluster, an EOS switch connected to a CVX server is not resilient to certain malformed messages received from the connected CVX server. Similarly, the CVX server is not resilient to certain malformed messages received from the connected EOS switch. This leads to either a Sysdb agent cras...

7.1CVSS5.5AI score0.00235EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.15 views

Devolutions Server < 2026.1.20 Multiple Vulnerabilities (DEVO-2026-0014)

The version of Devolutions Server installed on the remote host is prior to 2026.1.20. It is, therefore, affected by multiple vulnerabilities, including: - Improper access control in the PAM account discovery feature in Devolutions Server 2026.1.19 and earlier allows an authenticated user without...

5.4CVSS5.6AI score0.00184EPSS
Exploits0References4
NVD
NVD
added 2026/06/02 4:16 p.m.20 views

CVE-2026-9522

Improper access control in the PAM account discovery feature in Devolutions Server 2026.1.19 and earlier allows an authenticated user without administrative privileges to delete network discovery scan configurations...

5.4CVSS0.00138EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 6:3 p.m.9 views

CVE-2026-47740

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Multiple Filament actions on the admin Order detail and Order shipments table were callable by an authenticated low-privilege user without the permission required to mutate orders. The order detail actions cancel, mark paid, mark...

8.1CVSS5.8AI score0.00258EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/29 10:30 a.m.36 views

CVE-2026-9808

An authorization bypass vulnerability exists in the Mautic 7 API v2 endpoints utilizing API Platform. Under certain conditions, roles configured with owner-scope restrictions such as viewown or editown are not properly enforced. This allows low-privilege authenticated API users to bypass...

7.1CVSS0.00201EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

Mautic 安全漏洞

Mautic is an open-source marketing automation software developed by Mautic. This software can monitor and manage websites, send emails, and manage customer resources. Version 7 of Mautic has a security vulnerability, which stems from an API v2 endpoint authorization bypass. This vulnerability cou...

7.1CVSS5.8AI score0.00201EPSS
Exploits0References1
Rows per page
Query Builder