Lucene search
+L

699 matches found

OSV
OSV
added 2026/05/29 10:30 a.m.2 views

CVE-2026-9808

An authorization bypass vulnerability exists in the Mautic 7 API v2 endpoints utilizing API Platform. Under certain conditions, roles configured with owner-scope restrictions such as viewown or editown are not properly enforced. This allows low-privilege authenticated API users to bypass...

7.1CVSS6AI score0.00201EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.12 views

PT-2026-44821

Name of the Vulnerable Software and Affected Versions Mautic versions 7.0.0 through 7.1.1 Description An authorization bypass exists in the API v2 endpoints utilizing API Platform. Roles configured with owner-scope restrictions, such as viewown or editown, are not properly enforced. This allows...

7.1CVSS5.8AI score0.00201EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/28 10:44 p.m.11 views

Server-side Request Forgery (SSRF)

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the connector management. An attacker can access internal network resources by bypassing...

7.7CVSS5.3AI score0.00199EPSS
Exploits0References2
CVE
CVE
added 2026/05/27 10:35 a.m.34 views

CVE-2026-9689

CVE-2026-9689 affects Keycloak, an open-source identity and access management solution. The issue lies in the OIDC redirect URI handling when a client accepts broad redirect URIs, enabling an attacker to craft a special web address that could cause the client to prefer attacker-controlled informa...

4.2CVSS5.8AI score0.00213EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/26 5:22 p.m.12 views

CVE-2026-24190

NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user could cause improper access to GPU resources. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, a...

7.8CVSS5.9AI score0.00177EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/26 2:38 p.m.9 views

CVE-2026-40564 Apache Flink Kubernetes Operator: Server-Side Request Forgery and local file access in Kubernetes Operator

Files or Directories Accessible to External Parties, Server-Side Request Forgery SSRF vulnerability in Apache Flink Kubernetes Operator. The FlinkSessionJob jarURI is currently not validated so that it points to user-owned files or addresses. This lets a user with CR create permissions read files...

5.8AI score0.0049EPSS
Exploits3References1
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.12 views

PT-2026-43333

Name of the Vulnerable Software and Affected Versions NVIDIA Display Driver for Windows and Linux affected versions not specified Description A flaw exists in the kernel mode layer that allows a user to gain improper access to GPU resources. This could result in denial of service, escalation of...

7.8CVSS5.3AI score0.00177EPSS
Exploits0References7
NVD
NVD
added 2026/05/22 9:16 a.m.25 views

CVE-2026-8381

A broken access control vulnerability exists in the TeamViewer DEX Platform On‑Premises prior version 9.2. Certain backend API endpoints do not correctly enforce authorization checks, allowing an authenticated user with low privileges to perform actions and access resources intended only for...

5.4CVSS0.00141EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Systemd

It was discovered that a Systemd service that uses the DynamicUser property can create a SUID/SGID binary that will be allowed to run as the transient service’s UID/GID even after the service is terminated. A local attacker could exploit this flaw to access resources that will be owned by a...

7.8CVSS6AI score0.00912EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Ruby-Nokogiri

Nokogiri is a Rubygem that provides HTML, XML, SAX, and Reader parsers, with support for XPath and CSS selectors. In Nokogiri versions prior to 1.11.0.rc4, there was an XXE vulnerability. XML schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accesse...

4.3CVSS6.6AI score0.01109EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/20 1:25 a.m.9 views

CVE-2026-6394 Nexa Blocks <= 1.1.1 - Unauthenticated Blind Server-Side Request Forgery via 'demo_json_file' Parameter

The Nexa Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Server-Side Request Forgery SSRF in versions up to and including 1.1.1. This is due to the importdemo function accepting a user-supplied URL in the demojsonfile POST parameter and...

5.4CVSS5.9AI score0.00316EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/05/19 10:28 a.m.11 views

CVE-2026-4630 Keycloak: keycloak: unauthorized resource access and data modification via insecure direct object reference

A flaw was found in Keycloak. An authenticated client could exploit an Insecure Direct Object Reference IDOR vulnerability in the Authorization Services Protection API endpoint. By knowing or obtaining a resource's unique identifier UUID belonging to another Resource Server within the same realm,...

6.8CVSS5.7AI score0.00303EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. There is a security vulnerability in Keycloak. This vulnerability stems from an insecure direct object reference issue in the authorization service’s protected API endpoints. It allows authenticated clients ...

6.8CVSS5.8AI score0.00303EPSS
Exploits0References1
Veracode
Veracode
added 2026/05/16 5:36 a.m.16 views

XML External Entity (XXE) Injection

ome, pom-bio-formats is vulnerable to XML External Entity XXE Injection. The vulnerability is due to insecure configuration of DocumentBuilderFactory while parsing Leica XML metadata files, which allows an attacker to perform SSRF, access local resources, or trigger denial of service through...

7.1CVSS5.8AI score0.00142EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/15 9:46 p.m.8 views

CVE-2026-45338

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a Server-Side Request Forgery SSRF vulnerability exists in processpictureurl in backend/openwebui/utils/oauth.py line 1338. The function fetches arbitrary URLs from OAuth picture...

7.7CVSS6AI score0.00381EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/05/15 9:46 p.m.25 views

CVE-2026-45338

Open WebUI CVE-2026-45338 describes an SSRF in _process_picture_url() (oauth.py) where the server fetches URLs from OAuth picture claims without validate_url(), enabling requests to internal resources and exfiltration of the full response. Affected software before the fix: Open WebUI prior to ver...

7.7CVSS6AI score0.00381EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/05/14 8:29 p.m.7 views

GHSA-88GH-2526-GFRR DeepSeek TUI has SSRF‌ IPV6 bypass

Summary Although SSRF is validated against hostnames that resolve to private IPv6 addresses, when providing the IPV6 in‌‌ URL‌ as http://::1, the SSRF defenses do not work. Details...

7.4CVSS5.8AI score0.00239EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/05/14 8:29 p.m.15 views

DeepSeek TUI has SSRF‌ IPV6 bypass

Summary Although SSRF is validated against hostnames that resolve to private IPv6 addresses, when providing the IPV6 in‌‌ URL‌ as http://::1, the SSRF defenses do not work. Details...

7.4CVSS5.8AI score0.00239EPSS
Exploits0References6Affected Software1
Snyk
Snyk
added 2026/05/14 8:21 p.m.10 views

Improper Authorization

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Improper Authorization in the model update process. An attacker can modify resources belonging to other users by sending crafted requests that bypass intended access controls. Remediation Upgrade open-webui t...

7.1CVSS5.8AI score0.00226EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.26 views

PT-2026-41185

Name of the Vulnerable Software and Affected Versions CodeWhale versions prior to 0.8.26 Description Server-Side Request Forgery SSRF occurs when the application fails to properly validate IPv6 addresses provided directly in a URL, such as http://::1. While the system validates hostnames that...

7.4CVSS5.8AI score0.00239EPSS
Exploits0References11
Rows per page
Query Builder