Lucene search
K

4 matches found

ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-58426

Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write...

9.6CVSS5.9AI score
Exploits0References5Affected Software1
NVD
NVD
added 2026/05/05 9:16 p.m.7 views

CVE-2026-41950

Dify before version 1.14.0 contains an authorization bypass vulnerability that allows authenticated users to read the full contents of files uploaded by other users within the same tenant by supplying an arbitrary file UUID in the files array of a chat-messages request. Attackers can exploit...

6.5CVSS0.00334EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/05/05 8:35 p.m.8 views

CVE-2026-41950 Dify < 1.14.0 Authorization Bypass via File UUID

Dify before version 1.14.0 contains an authorization bypass vulnerability that allows authenticated users to read the full contents of files uploaded by other users within the same tenant by supplying an arbitrary file UUID in the files array of a chat-messages request. Attackers can exploit...

6.5CVSS5.9AI score0.00334EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2020/11/18 12:0 a.m.5 views

PT-2020-13500 · Gitlab +1 · Gitlab Ce/Ee +2

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 12.10 through 13.3.8 GitLab CE/EE versions 13.4 through 13.4.4 GitLab CE/EE versions 13.5 through 13.5.1 Description: The Terraform API in GitLab CE/EE exposed the object storage signed URL on the delete operation,...

7.6CVSS7.1AI score0.00756EPSS
Exploits0References7
Rows per page
Query Builder