Lucene search
K

3040 matches found

EUVD
EUVD
added 6 hours ago6 views

EUVD-2026-44576

Kasa EC71 v4 and EC70 v4 firmware contains a static cryptographic private key stored in a read-only filesystem that is shared across devices. An attacker with access to the firmware image can extract the embedded key. Successful exploitation may allow an unauthenticated attacker on the same...

8.6CVSS6.1AI score
Exploits0References5
Tenable Nessus
Tenable Nessus
added 4 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-53363

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xfrm: iptfs: preserve shared-frag marker in iptfsconsumefrags iptfsconsumefrags transfers paged fragments from one socket buffer to another but fails to propaga...

7.8CVSS7.1AI score0.03663EPSS
Exploits11References2
RedhatCVE
RedhatCVE
added 5 days ago6 views

CVE-2026-47261

A flaw was found in Wasmtime, a runtime for WebAssembly. This vulnerability allows an attacker to bypass intended access controls when a filesystem preopen is configured with read-only file permissions but also allows directory mutations. By using specific open flags, an attacker can truncate fil...

7.5CVSS6AI score0.00357EPSS
Exploits0References8
EUVD
EUVD
added 5 days ago11 views

EUVD-2026-42870

In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: preserve shared-frag marker in iptfsconsumefrags iptfsconsumefrags transfers paged fragments from one socket buffer to another but fails to propagate the SKBFLSHAREDFRAG flag. This is the same class of bug that was...

6AI score0.00111EPSS
Exploits0References3
Cvelist
Cvelist
added 6 days ago29 views

CVE-2026-59217 Open WebUI: Upload `metadata.knowledge_id` bypasses the knowledge-base write-access check (read-only users can add files to KB)

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, the file upload path accepted metadata.knowledgeid and auto-linked uploaded files to a target knowledge base without applying the write-access check used by /api/v1/knowledge//file/add, allowing...

4.3CVSS0.00272EPSS
Exploits1References4
OSV
OSV
added 6 days ago3 views

CVE-2026-59217 Open WebUI: Upload `metadata.knowledge_id` bypasses the knowledge-base write-access check (read-only users can add files to KB)

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, the file upload path accepted metadata.knowledgeid and auto-linked uploaded files to a target knowledge base without applying the write-access check used by /api/v1/knowledge//file/add, allowing...

4.3CVSS6.2AI score0.00272EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 6 days ago6 views

CVE-2026-54591

A flaw was found in AsyncSSH, a Python package for SSHv2 protocol implementation. A malicious SSH server could exploit this vulnerability by sending specially crafted filenames containing directory traversal sequences to an AsyncSSH SCP client. This could allow the server to write arbitrary files...

8.1CVSS6AI score0.00317EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 6 days ago6 views

CVE-2026-58494

A flaw was found in Wasmtime, a runtime for WebAssembly. A WebAssembly System Interface WASI guest with a read-only source file capability can exploit this vulnerability. During hard-link creation and renaming operations, the system checks directory permissions but fails to match file permissions...

6.5CVSS5.9AI score0.00119EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 6 days ago8 views

Linux Distros Unpatched Vulnerability : CVE-2026-58494

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Wasmtime is a runtime for WebAssembly. Prior to 24.0.11, 36.0.12, 45.0.3, and 46.0.1, wasmtime-wasi hard- link creation and renaming check directory permissions...

6.5CVSS6.1AI score0.00119EPSS
Exploits0References4
NVD
NVD
added last week6 views

CVE-2026-58494

Wasmtime is a runtime for WebAssembly. Prior to 24.0.11, 36.0.12, 45.0.3, and 46.0.1, wasmtime-wasi hard-link creation and renaming check directory permissions but not matching FilePerms on source and destination preopens, allowing a WASI guest with a read-only source file capability to overwrite...

6.5CVSS0.00119EPSS
Exploits0References9
NVD
NVD
added last week9 views

CVE-2026-56776

n8n before 1.123.55, 2.25.7, and 2.26.2 contains an authorization bypass in the POST /workflows/workflowId/test-runs/new endpoint, which authorizes access using the workflow:read scope instead of workflow:execute. An authenticated user with read-only access to a workflow can trigger a real...

7.4CVSS0.00161EPSS
Exploits0References2
NVD
NVD
added last week8 views

CVE-2026-56778

n8n before 2.25.7 and 2.26.x before 2.26.2 contains an authorization bypass in the Public API execution retry endpoint, which authorizes access using the workflow:read scope instead of workflow:execute. An authenticated user with read-only access to a shared workflow can use the Public API to ret...

6.4CVSS0.00174EPSS
Exploits0References2
NVD
NVD
added last week6 views

CVE-2026-56220

Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.manifest INSERT policy that allows read-only org members to insert OTA manifest rows. Attackers with read-only org access can inject malicious manifest entries with arbitrary s3path values that are served to device...

7.1CVSS0.00203EPSS
Exploits0References2
CVE
CVE
added last week17 views

CVE-2026-56778

CVE-2026-56778 (n8n) : Affected versions are n8n before 2.25.7 and 2.26.x before 2.26.2. The Public API execution retry endpoint authorizes with the workflow:read scope instead of workflow:execute, allowing an authenticated user with read-only access to a shared workflow to retry executions, bypa...

6.4CVSS6.1AI score0.00174EPSS
Exploits0References2Affected Software1
OSV
OSV
added last week4 views

CVE-2026-56778 n8n - Authorization Bypass in Public API Execution Retry Endpoint

n8n before 2.25.7 and 2.26.x before 2.26.2 contains an authorization bypass in the Public API execution retry endpoint, which authorizes access using the workflow:read scope instead of workflow:execute. An authenticated user with read-only access to a shared workflow can use the Public API to ret...

5.3CVSS6.2AI score0.00174EPSS
Exploits0References4
EUVD
EUVD
added last week7 views

EUVD-2026-42263

n8n before 1.123.55, 2.25.7, and 2.26.2 contains an authorization bypass in the POST /workflows/workflowId/test-runs/new endpoint, which authorizes access using the workflow:read scope instead of workflow:execute. An authenticated user with read-only access to a workflow can trigger a real...

7.4CVSS6.1AI score0.00161EPSS
Exploits0References2
CVE
CVE
added last week16 views

CVE-2026-56776

CVE-2026-56776 affects n8n versions prior to 1.123.55, 2.25.7, and 2.26.2. The issue is an authorization bypass in POST /workflows/{workflowId}/test-runs/new where access is granted using workflow:read instead of workflow:execute, enabling an authenticated user with read-only access to trigger a ...

7.4CVSS6.1AI score0.00161EPSS
Exploits0References2Affected Software1
CVE
CVE
added last week8 views

CVE-2026-56220

Capgo before version 12.128.2 contains an authorization bypass in the public.manifest INSERT policy that lets read-only org members insert OTA manifest rows. Attackers with read-only org access can inject malicious manifest entries with arbitrary s3_path values, which are served to devices via th...

7.1CVSS6AI score0.00203EPSS
Exploits0References2
Cvelist
Cvelist
added last week30 views

CVE-2026-56220 Capgo - Unauthorized Manifest Insertion via Read-Only Org Member

Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.manifest INSERT policy that allows read-only org members to insert OTA manifest rows. Attackers with read-only org access can inject malicious manifest entries with arbitrary s3path values that are served to device...

7.1CVSS0.00203EPSS
Exploits0References2
EUVD
EUVD
added last week4 views

EUVD-2026-42247

Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.manifest INSERT policy that allows read-only org members to insert OTA manifest rows. Attackers with read-only org access can inject malicious manifest entries with arbitrary s3path values that are served to device...

7.1CVSS6AI score0.00203EPSS
Exploits0References2
Rows per page
Query Builder