Lucene search
K

377 matches found

NVD
NVD
added yesterday5 views

CVE-2026-15318

A weakness has been identified in Sipeed PicoClaw up to 0.2.9. Affected by this issue is some unknown functionality of the file pkg/channels/mqtt/mqtt.go of the component MQTT Channel Handler. This manipulation of the argument clientid causes incorrect authorization. The attack is possible to be...

6.5CVSS0.00214EPSS
Exploits0References6
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-42240

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Incorrect Authorization vulnerability. A low privileged attacker with...

8.8CVSS6AI score0.00286EPSS
Exploits0References1
NVD
NVD
added 5 days ago7 views

CVE-2026-14794

A flaw has been found in Craft CMS up to 4.18.0.1. Affected by this vulnerability is the function actionGetNewUsersData of the file src/controllers/ChartsController.php of the component Charts Endpoint. This manipulation of the argument userGroupId causes improper authorization. The attack is...

5.3CVSS0.00222EPSS
Exploits0References6
NVD
NVD
added 2026/06/28 9:16 a.m.11 views

CVE-2026-13484

A vulnerability has been found in MLflow up to 4666cffc7912ea606d592fc38d6a75e2935f65e7. The impacted element is an unknown function of the component Experiment-scoped Label Schema CRUD API. Such manipulation leads to missing authorization. It is possible to launch the attack remotely. A high...

8.8CVSS0.00263EPSS
Exploits1References7
EUVD
EUVD
added 2026/06/21 10:0 a.m.9 views

EUVD-2026-38158

A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function uiviewusers of the file litellm/proxy/managementendpoints/internaluserendpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. I...

8.1CVSS6AI score0.00315EPSS
Exploits1References5
NVD
NVD
added 2026/06/14 6:17 p.m.13 views

CVE-2026-54413

driftregion iso14229 through 0.9.0 contains an integer underflow and downstream out-of-bounds read in the Handle0x27SecurityAccess function in iso14229.c that allows a remote unauthenticated attacker to crash a UDS server and potentially read memory past the receive buffer by sending a single-byt...

8.8CVSS0.00459EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.11 views

CVE-2026-7142

A vulnerability was determined in Wooey up to 0.13.2. The impacted element is the function addorupdatescript of the file wooey/api/scripts.py of the component API Endpoint. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has...

6.5CVSS6AI score0.00214EPSS
Exploits0References1
Redos
Redos
added 2026/06/05 12:0 a.m.10 views

ROS-20260605-73-0076

The vulnerability in Firefox is related to the lack of protection for service data. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access to protected information...

7.5CVSS7.2AI score0.00385EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/01 3:0 a.m.12 views

CVE-2026-10218 nextlevelbuilder GoClaw evolution_handlers.go auth improper authorization

A vulnerability has been found in nextlevelbuilder GoClaw up to 3.11.3. This affects the function auth of the file internal/http/evolutionhandlers.go. Such manipulation leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed to the public and may be...

5.5CVSS5.6AI score0.0023EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.12 views

PT-2026-44809

Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to read arbitrary files from the device...

8.7CVSS6AI score0.00434EPSS
Exploits0References2
CVE
CVE
added 2026/05/26 10:0 p.m.17 views

CVE-2026-9603

CVE-2026-9603 affects SourceCodester eDoc Doctor Appointment System 1.0. The vulnerability is due to manipulation of the ID parameter in /admin/delete-session.php, leading to missing authorization and enabling remote exploitation. Public PoC/exploit details are referenced. Vulnerability details r...

6.9CVSS6.3AI score0.00325EPSS
Exploits0References6
Redos
Redos
added 2026/05/26 12:0 a.m.22 views

ROS-20260526-73-0017

Vulnerability in poetry related to incorrect path name restriction to a restricted directory. Exploitation of the vulnerability may allow a remote intruder to gain unauthorized access to protected information...

8.7CVSS5.8AI score0.00294EPSS
Exploits0
Redos
Redos
added 2026/05/05 12:0 a.m.9 views

ROS-20260505-73-0081

A vulnerability in the getnetbyaddr and getnetbyaddrr functions of the GNU C Library is related to the use of an uninitialized resource. Exploitation of the vulnerability may allow a remote intruder to gain unauthorized access to protected information...

7.5CVSS7.2AI score0.00564EPSS
Exploits0
Redos
Redos
added 2026/04/20 12:0 a.m.7 views

ROS-20260420-73-0025

Vulnerability in python-aiohttp related to lack of service data protection. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

6.3CVSS6.4AI score0.00313EPSS
Exploits0
Redos
Redos
added 2026/04/17 12:0 a.m.8 views

ROS-20260417-73-0028

Vulnerability in rubygem-rack related to incorrect path name restriction to a restricted directory. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

7.5CVSS6.7AI score0.00665EPSS
Exploits1
NVD
NVD
added 2026/04/05 3:16 p.m.4 views

CVE-2026-5574

A security vulnerability has been detected in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. Affected is the function deletefile of the component FsBrowseClean. The manipulation of the argument dir/path leads to missing authorization. The attack may be initiated remotely. The exploit has been...

9.1CVSS0.00544EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/04/05 2:45 p.m.1 views

CVE-2026-5574 Technostrobe HI-LED-WR120-G2 FsBrowseClean deletefile authorization

A security vulnerability has been detected in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. Affected is the function deletefile of the component FsBrowseClean. The manipulation of the argument dir/path leads to missing authorization. The attack may be initiated remotely. The exploit has been...

6.9CVSS6.2AI score0.00544EPSS
Exploits1References4
CVE
CVE
added 2026/04/05 2:45 p.m.14 views

CVE-2026-5574

The CVE-2026-5574 entry concerns Technostrobe HI-LED-WR120-G2 (firmware 5.5.0.1R6.03.30). Affected component: FsBrowseClean, function deletefile. Description indicates that manipulating the dir/path argument can bypass authorization, enabling potential remote attack. Public disclosure of exploits...

9.1CVSS6.2AI score0.00544EPSS
Exploits1References4Affected Software1
Redos
Redos
added 2026/04/01 12:0 a.m.6 views

ROS-20260401-73-0049

Vulnerability in zabbix7-lts related to a flaw in the authorization mechanism. Exploitation of the vulnerability may allow a remote intruder to gain unauthorized access to protected information...

8.1CVSS5.9AI score0.00255EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/26 3:6 p.m.4 views

CVE-2026-22900

A use of hard-coded credentials vulnerability has been reported to affect QuNetSwitch. The remote attackers can then exploit the vulnerability to gain unauthorized access. We have already fixed the vulnerability in the following version: QuNetSwitch 2.0.5.0906 and later...

9.8CVSS5.8AI score0.0032EPSS
Exploits0References1
Rows per page
Query Builder