Lucene search
K

939 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/30 12:11 p.m.4 views

CVE-2024-13971

Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobsterpro prior to version 4.12.6-GA. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services...

7.7CVSS5.5AI score0.0047EPSS
Exploits2References2
EUVD
EUVD
added 2026/04/30 12:11 p.m.5 views

EUVD-2024-55563

Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobsterpro prior to version 4.12.6-GA. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services...

7.7CVSS5.5AI score0.0047EPSS
Exploits2References1
NVD
NVD
added 2026/04/30 7:16 a.m.8 views

CVE-2024-39847

Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services...

8.7CVSS0.00447EPSS
Exploits2References3
EUVD
EUVD
added 2026/04/30 7:10 a.m.8 views

EUVD-2024-55562

Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services...

8.7CVSS5.5AI score0.00447EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.4 views

PT-2026-35893

Name of the Vulnerable Software and Affected Versions libcurl affected versions not specified Description A logical error in the connection pooling mechanism may cause libcurl to reuse an incorrect connection for SMBS transfers. When reusing a connection, specific criteria must be met; however, a...

7.5CVSS5.2AI score0.00549EPSS
Exploits5References54
NVD
NVD
added 2026/04/28 10:16 p.m.11 views

CVE-2026-41649

Outline is a service that allows for collaborative documentation. The shares.create API endpoint starting in version 0.86.0 and prior to version 1.7.0 has an insecure direct object reference.. When both collectionId and documentId are provided in the request, the authorization logic only checks...

7.7CVSS0.00293EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/28 8:11 p.m.41 views

CVE-2026-41649 Outline has IDOR in document share creation that allows unauthorized access to private documents across workspaces

Outline is a service that allows for collaborative documentation. The shares.create API endpoint starting in version 0.86.0 and prior to version 1.7.0 has an insecure direct object reference.. When both collectionId and documentId are provided in the request, the authorization logic only checks...

7.7CVSS0.00293EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/28 8:11 p.m.3 views

CVE-2026-41649

Outline is a service that allows for collaborative documentation. The shares.create API endpoint starting in version 0.86.0 and prior to version 1.7.0 has an insecure direct object reference.. When both collectionId and documentId are provided in the request, the authorization logic only checks...

7.7CVSS5.3AI score0.00293EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/04/28 8:11 p.m.12 views

EUVD-2026-26144

Outline is a service that allows for collaborative documentation. The shares.create API endpoint starting in version 0.86.0 and prior to version 1.7.0 has an insecure direct object reference.. When both collectionId and documentId are provided in the request, the authorization logic only checks...

7.7CVSS5.3AI score0.00293EPSS
Exploits1References3
CVE
CVE
added 2026/04/28 8:11 p.m.24 views

CVE-2026-41649

Outline's shares.create in versions up to 1.7.0 has an insecure direct object reference when both collectionId and documentId are supplied; authorization checks only the collection, enabling authenticated users to generate a public share link for any document (even in other workspaces) and access...

7.7CVSS5.3AI score0.00293EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.7 views

PT-2026-35821

Name of the Vulnerable Software and Affected Versions Outline versions 0.86.0 through 1.6.9 Description An insecure direct object reference exists in the 'shares.create' API endpoint. When both collectionId and documentId are provided in a request, the authorization logic verifies access to the...

7.7CVSS5.8AI score0.00293EPSS
Exploits1References7
Fedora
Fedora
added 2026/04/25 1:55 a.m.11 views

[SECURITY] Fedora 44 Update: smb4k-4.0.6-1.fc44

Smb4K is an SMB/CIFS share browser for KDE. It uses the Samba software suite to access the SMB/CIFS shares of the local network neighborhood. Its purpose is to provide a program that's easy to use and has as many features as possible...

5.3AI score
Exploits0
Fedora
Fedora
added 2026/04/18 1:9 a.m.5 views

[SECURITY] Fedora 42 Update: smb4k-4.0.6-1.fc42

Smb4K is an SMB/CIFS share browser for KDE. It uses the Samba software suite to access the SMB/CIFS shares of the local network neighborhood. Its purpose is to provide a program that's easy to use and has as many features as possible...

7.3CVSS7.1AI score0.00144EPSS
Exploits0
Fedora
Fedora
added 2026/04/18 12:54 a.m.12 views

[SECURITY] Fedora 43 Update: smb4k-4.0.6-1.fc43

Smb4K is an SMB/CIFS share browser for KDE. It uses the Samba software suite to access the SMB/CIFS shares of the local network neighborhood. Its purpose is to provide a program that's easy to use and has as many features as possible...

7.3CVSS7.1AI score0.00144EPSS
Exploits0
HackRead
HackRead
added 2026/04/17 7:42 p.m.5 views

Founder Liquidity Without Compromising on Growth

Founders can access liquidity without exiting by selling shares via secondary deals, reducing financial pressure while staying focused on long-term growth...

5.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/04/16 9:9 p.m.6 views

zrok: Broken ownership check in DELETE /api/v2/unaccess allows non-admin to delete global frontend records

Summary The unaccess handler controller/unaccess.go contains a logical error in its ownership guard: when a frontend record has environmentid = NULL the marker for admin-created global frontends, the condition short-circuits to false and allows the deletion to proceed without any ownership...

5.3CVSS5.8AI score0.00286EPSS
Exploits0References4Affected Software2
Snyk
Snyk
added 2026/04/16 9:9 p.m.5 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper access control in the unaccess process. An attacker can cause disruption of all public shares routed through a global frontend by sending a DELETE request to the affected API endpoint with knowled...

6CVSS5.8AI score0.00286EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/16 9:9 p.m.5 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper access control in the unaccess process. An attacker can cause disruption of all public shares routed through a global frontend by sending a DELETE request to the affected API endpoint with knowled...

6CVSS5.8AI score0.00286EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/16 9:9 p.m.11 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper access control in the unaccess process. An attacker can cause disruption of all public shares routed through a global frontend by sending a DELETE request to the affected API endpoint with knowled...

6CVSS5.7AI score0.00286EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/16 9:9 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper access control in the unaccess process. An attacker can cause disruption of all public shares routed through a global frontend by sending a DELETE request to the affected API endpoint with knowled...

6CVSS5.7AI score0.00286EPSS
Exploits0References3
Rows per page
Query Builder