Lucene search
K

941 matches found

Github Security Blog
Github Security Blog
added 2026/04/16 9:9 p.m.6 views

zrok: Broken ownership check in DELETE /api/v2/unaccess allows non-admin to delete global frontend records

Summary The unaccess handler controller/unaccess.go contains a logical error in its ownership guard: when a frontend record has environmentid = NULL the marker for admin-created global frontends, the condition short-circuits to false and allows the deletion to proceed without any ownership...

5.3CVSS5.8AI score0.00286EPSS
Exploits0References4Affected Software2
Vulnrichment
Vulnrichment
added 2026/04/10 3:55 p.m.4 views

CVE-2026-35594 Vikunja Link Share JWT tokens remain valid for 72 hours after share deletion or permission downgrade

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, Vikunja's link share authentication GetLinkShareFromClaims in pkg/models/linksharing.go constructs authorization objects entirely from JWT claims without any server-side database validation. When a project owner delet...

6.5CVSS5.7AI score0.00268EPSS
Exploits1References4
Snyk
Snyk
added 2026/04/10 3:31 p.m.9 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration due to the lack of server-side validation in the GetLinkShareFromClaims process. An attacker can retain unauthorized access to resources by using previously issued JWT tokens even after a link share is...

6.9CVSS5.8AI score0.00268EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.4 views

PT-2026-31946

Name of the Vulnerable Software and Affected Versions Vikunja versions prior to 2.3.0 Description A permission escalation issue exists in Vikunja that allows a user with Write access to a project to escalate their permissions to Admin by moving the project under a project they own. This is due to...

8.3CVSS5.7AI score0.0029EPSS
Exploits1References10
CNVD
CNVD
added 2026/04/10 12:0 a.m.7 views

IBM Aspera Shares Access Control Error Vulnerability

IBM Aspera Shares is a Web application from International Business Machines IBM. An access control error vulnerability exists in IBM Aspera Shares versions 1.9.9 through 1.11.0. The vulnerability stems from a password reset that does not disable the session and can be exploited by an attacker to...

6.5CVSS5.8AI score0.00176EPSS
Exploits0
CNVD
CNVD
added 2026/04/10 12:0 a.m.4 views

IBM Aspera Shares Input Validation Error Vulnerability (CNVD-2026-16874)

IBM Aspera Shares is a Web application from International Business Machines IBM. An input validation error vulnerability exists in IBM Aspera Shares. The vulnerability stems from improper input validation of the HOST header and can be exploited by an attacker to cause cross-site scripting, cache...

5.4CVSS5.6AI score0.002EPSS
Exploits0
CNVD
CNVD
added 2026/04/10 12:0 a.m.9 views

IBM Aspera Shares Encryption Problem Vulnerability (CNVD-2026-16873)

IBM Aspera Shares is a Web application from International Business Machines IBM. An encryption issue vulnerability exists in IBM Aspera Shares versions 1.9.9 through 1.11.0. The vulnerability stems from the use of a weak encryption algorithm and can be exploited by an attacker to decrypt highly...

7.5CVSS5.7AI score0.00203EPSS
Exploits0
NVD
NVD
added 2026/04/07 5:16 p.m.3 views

CVE-2026-35604

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.1, when an admin revokes a user's Share and Download permissions, existing share links created by that user remain fully accessible to...

8.2CVSS0.00332EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/04/03 5:8 a.m.6 views

CVE-2025-66487

IBM Aspera Shares 1.9.9 through 1.11.0 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service...

6.5CVSS5.9AI score0.00333EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/03 5:8 a.m.7 views

CVE-2025-66485

IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking...

5.4CVSS5.9AI score0.002EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/03 5:8 a.m.5 views

CVE-2025-66484

IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

5.5CVSS5.6AI score0.00193EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/03 5:8 a.m.7 views

CVE-2025-66483

IBM Aspera Shares 1.9.9 through 1.11.0 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system...

6.5CVSS5.9AI score0.00176EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/03 5:8 a.m.4 views

CVE-2025-66486

IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

6.1CVSS5.9AI score0.00241EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.8 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of verification of usernames during session matching. This vulnerability may allow the use of...

8.1CVSS5.8AI score0.00122EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/04/02 10:55 p.m.5 views

CVE-2025-13916

IBM Aspera Shares 1.9.9 through 1.11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

7.5CVSS5.9AI score0.00203EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/02 12:31 a.m.9 views

EUVD-2025-209180

IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

5.5CVSS5.6AI score0.00193EPSS
Exploits0References2
NVD
NVD
added 2026/04/01 11:17 p.m.4 views

CVE-2025-66484

IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

5.5CVSS0.00193EPSS
Exploits0References1
NVD
NVD
added 2026/04/01 11:17 p.m.4 views

CVE-2025-66485

IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking...

5.4CVSS0.002EPSS
Exploits0References1
NVD
NVD
added 2026/04/01 11:17 p.m.3 views

CVE-2025-66486

IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

6.1CVSS0.00241EPSS
Exploits0References1
NVD
NVD
added 2026/04/01 11:17 p.m.4 views

CVE-2025-66487

IBM Aspera Shares 1.9.9 through 1.11.0 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service...

6.5CVSS0.00333EPSS
Exploits0References1
Rows per page
Query Builder