Lucene search
+L

3064 matches found

Cvelist
Cvelist
added 2026/06/01 5:3 p.m.42 views

CVE-2026-45544 Nextcloud: Information Disclosure of view filter metdata via Broken Sensitive Data Masking in ViewService

Nextcloud is an open source content collaboration platform. From version 0.8.0 to before version 1.0.4, the view filter criteria is exposed to users with read-only permissions in Nextcloud Tables. This issue has been patched in versions 1.0.4 and 2.0.0...

4.3CVSS0.00222EPSS
Exploits0References3
OSV
OSV
added 2026/06/01 5:3 p.m.5 views

CVE-2026-45544 Nextcloud: Information Disclosure of view filter metdata via Broken Sensitive Data Masking in ViewService

Nextcloud is an open source content collaboration platform. From version 0.8.0 to before version 1.0.4, the view filter criteria is exposed to users with read-only permissions in Nextcloud Tables. This issue has been patched in versions 1.0.4 and 2.0.0...

4.3CVSS5.8AI score0.00222EPSS
Exploits0References5
CVE
CVE
added 2026/06/01 1:22 p.m.27 views

CVE-2026-42251

The CVE concerns KS-SOMED where hard-coded credentials in KSPLUPDFTP.exe (up to 30.00.00.056) and ANEKSKLIENT.EXE (up to 29.00.02.026) allowed an unauthorized actor to access an FTP server hosting update packages. This could enable uploading a malicious update that might be distributed and instal...

8.7CVSS5.8AI score0.00356EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/01 1:22 p.m.36 views

CVE-2026-42251 Hard-coded credentials in KS-SOMED

Use of hard-coded credentials in KS-SOMED allowed an unauthorized attacker access to FTP server that hosted the application's update packages. The attacker with these credentials could upload a malicious update file, which then may have been distributed and installed on client machines as a...

8.7CVSS0.00356EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/01 1:22 p.m.17 views

EUVD-2026-33642

Use of hard-coded credentials in KS-SOMED allowed an unauthorized attacker access to FTP server that hosted the application's update packages. The attacker with these credentials could upload a malicious update file, which then may have been distributed and installed on client machines as a...

8.7CVSS5.8AI score0.00356EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 1:22 p.m.14 views

CVE-2026-42251

Use of hard-coded credentials in KS-SOMED allowed an unauthorized attacker access to FTP server that hosted the application's update packages. The attacker with these credentials could upload a malicious update file, which then may have been distributed and installed on client machines as a...

8.7CVSS5.8AI score0.00356EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/06/01 12:0 a.m.12 views

KubeSec V1 Kubernetes Scanner

KubeSec is a Kubernetes security auditing tool designed to identify dangerous RBAC permissions, insecure pod configurations, exposed secrets, privileged workloads, risky host mounts, weak network exposure, and cluster hardening weaknesses across Kubernetes environments. performs automated read-on...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.14 views

PT-2026-45432

Use of hard-coded credentials in KS-SOMED allowed an unauthorized attacker access to FTP server that hosted the application's update packages. The attacker with these credentials could upload a malicious update file, which then may have been distributed and installed on client machines as a...

8.7CVSS5.8AI score0.00356EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.28 views

PT-2026-45532

Name of the Vulnerable Software and Affected Versions Nextcloud Tables versions 0.8.0 through 1.0.3 Description In Nextcloud Tables, the view filter criteria is exposed to users who possess read-only permissions. Recommendations Update to version 1.0.4 or 2.0.0...

4.3CVSS5.4AI score0.00222EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.11 views

Nextcloud Tables 安全漏洞

NextCloud Tables is an open-source table application developed by NextCloud. There were security vulnerabilities in the version of NextCloud Tables from 0.8.0 to 1.0.4. These vulnerabilities stemmed from view filter conditions being exposed to users with read-only permissions...

4.3CVSS5.3AI score0.00222EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/29 6:3 p.m.9 views

CVE-2026-47740 Shopper: Authorization bypass in multiple Livewire admin components

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Multiple Filament actions on the admin Order detail and Order shipments table were callable by an authenticated low-privilege user without the permission required to mutate orders. The order detail actions cancel, mark paid, mark...

8.1CVSS5.8AI score0.00258EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/29 10:41 a.m.6 views

Improper Verification of Cryptographic Signature

Overview symfony/ux-live-component is a Live components for Symfony Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via insufficient context binding in HMAC protection for Live Component properties. An attacker can modify read-only properties o...

9.1CVSS5.4AI score
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/29 1:15 a.m.11 views

SUSE CVE-2026-46192

In the Linux kernel, the following vulnerability has been resolved: spi: microchip-core-qspi: don't attempt to transmit during emulated read-only dual/quad operations The core will deal with reads by creating clock cycles itself, there's no need to generate clock cycles by transmitting garbage da...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.19 views

PT-2026-44941

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Multiple Filament actions on the admin Order detail and Order shipments table were callable by an authenticated low-privilege user without the permission required to mutate orders. The order detail actions cancel, mark paid, mark...

8.1CVSS5.8AI score0.00258EPSS
Exploits0References3
Information Security Automation
Information Security Automation
added 2026/05/28 2:0 p.m.12 views

About Elevation of Privilege - Linux Kernel "Fragnesia" (CVE-2026-46300) vulnerability

About Elevation of Privilege - Linux Kernel "Fragnesia" CVE-2026-46300 vulnerability. The vulnerability was discovered by researcher William Bowling together with the V12 team. Fragnesia belongs to the class of Dirty Frag vulnerabilities. It is an error in the ESP/XFRM subsystem, distinct from...

7.8CVSS6.2AI score0.03663EPSS
Exploits11
NVD
NVD
added 2026/05/28 10:16 a.m.16 views

CVE-2026-46192

In the Linux kernel, the following vulnerability has been resolved: spi: microchip-core-qspi: don't attempt to transmit during emulated read-only dual/quad operations The core will deal with reads by creating clock cycles itself, there's no need to generate clock cycles by transmitting garbage da...

5.5CVSS0.00121EPSS
Exploits0References3
OSV
OSV
added 2026/05/28 10:16 a.m.8 views

UBUNTU-CVE-2026-46192

In the Linux kernel, the following vulnerability has been resolved: spi: microchip-core-qspi: don't attempt to transmit during emulated read-only dual/quad operations The core will deal with reads by creating clock cycles itself, there's no need to generate clock cycles by transmitting garbage da...

5.5CVSS5.7AI score0.00121EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/28 9:36 a.m.11 views

EUVD-2026-32819

In the Linux kernel, the following vulnerability has been resolved: spi: microchip-core-qspi: don't attempt to transmit during emulated read-only dual/quad operations The core will deal with reads by creating clock cycles itself, there's no need to generate clock cycles by transmitting garbage da...

5.8AI score0.00121EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/05/28 9:36 a.m.13 views

CVE-2026-46192

In the Linux kernel, the following vulnerability has been resolved: spi: microchip-core-qspi: don't attempt to transmit during emulated read-only dual/quad operations The core will deal with reads by creating clock cycles itself, there's no need to generate clock cycles by transmitting garbage da...

5.5CVSS5.7AI score0.00121EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/28 9:36 a.m.35 views

CVE-2026-46192 spi: microchip-core-qspi: don't attempt to transmit during emulated read-only dual/quad operations

In the Linux kernel, the following vulnerability has been resolved: spi: microchip-core-qspi: don't attempt to transmit during emulated read-only dual/quad operations The core will deal with reads by creating clock cycles itself, there's no need to generate clock cycles by transmitting garbage da...

0.00121EPSS
Exploits0References3
Rows per page
Query Builder