Lucene search
+L

26882 matches found

cve
cve
added 4 hours ago6 views

CVE-2026-46513

Summary: Frogman prior to version 1.6.2 stored API tokens in plaintext as raw hex strings in the oc_api_tokens table and validated the X-Frogman-Token header by directly comparing it to the stored value, enabling database read access to reusable tokens at their permission level (including admin)....

7.4CVSS6.1AI score
Exploits0References4
nuclei
nuclei
added 13 hours ago289 views

Zabbix - SAML SSO Authentication Bypass

When SAML SSO authentication is enabled non-default, session data can be modified by a malicious actor because a user login stored in the session was not verified. id: CVE-2022-23131 info: name: Zabbix - SAML SSO Authentication Bypass author: For3stCo1d,spac3wh1te severity: critical description:...

9.8CVSS7.1AI score0.95683EPSS
Exploits9References5
nuclei
nuclei
added 13 hours ago65 views

Progress ShareFile Storage Zones Controller - Authentication Bypass

Customer Managed ShareFile Storage Zones Controller SZC contains an authentication bypass Execution After Redirect that allows unauthenticated attackers to access restricted configuration pages. This leads to changing system configuration and potential remote code execution. id: CVE-2026-2699 inf...

9.8CVSS7.2AI score0.49424EPSS
Exploits1References3
nuclei
nuclei
added 13 hours ago133 views

Vendure - Arbitrary File Read

Vendure is an open-source headless commerce platform. Prior to versions 3.0.5 and 2.3.3, a vulnerability in Vendure's asset server plugin allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of arbitrary files, including sensitive data...

9.1CVSS7.1AI score0.59798EPSS
Exploits1References5
nuclei
nuclei
added 13 hours ago71 views

QSAN Storage Manager <3.3.3 - Cross-Site Scripting

QSAN Storage Manager before 3.3.3 contains a reflected cross-site scripting vulnerability. Header page parameters do not filter special characters. Remote attackers can inject JavaScript to access and modify specific data. id: CVE-2021-37216 info: name: QSAN Storage Manager 3.3.3 - Cross-Site...

6.1CVSS6.4AI score0.03186EPSS
Exploits0References4
euvd
euvd
added 22 hours ago4 views

EUVD-2026-44823

PlaywrightCapture stored capture-specific configuration and runtime data as mutable class-level variables rather than instance-level variables. Consequently, multiple Capture objects running within the same Python process could share state, including HTTP headers, cookies, browser storage, HTTP...

7.1CVSS6.1AI score
Exploits0References2
nvd
nvd
added yesterday5 views

CVE-2026-63175

PlaywrightCapture stored capture-specific configuration and runtime data as mutable class-level variables rather than instance-level variables. Consequently, multiple Capture objects running within the same Python process could share state, including HTTP headers, cookies, browser storage, HTTP...

7.1CVSS
Exploits0References1
cve
cve
added yesterday12 views

CVE-2026-63175

PlaywrightCapture has a vulnerability where capture-specific configuration and runtime data are stored as mutable class-level variables instead of instance-level vars on the Catchure object. This can allow multiple Capture objects in the same Python process to share state such as HTTP headers, co...

7.1CVSS6.1AI score
Exploits0References1
cvelist
cvelist
added yesterday39 views

CVE-2026-63175 Cross-Capture Session Data Leakage Due to Shared Mutable State in Looklyloo - PlaywrightCapture

PlaywrightCapture stored capture-specific configuration and runtime data as mutable class-level variables rather than instance-level variables. Consequently, multiple Capture objects running within the same Python process could share state, including HTTP headers, cookies, browser storage, HTTP...

7.1CVSS
Exploits0References1
cvelist
cvelist
added yesterday31 views

CVE-2026-52890 Wekan: Arbitrary file read and server DoS via attachment versions.original.path

Wekan is open source kanban built with Meteor. Prior to 9.31, Wekan allows a logged-in board member to insert an attachment document through the /attachments/insert DDP method with attacker-controlled versions.original.path and versions.original.storage fields. The server/permissions/attachments....

7.1CVSS0.00074EPSS
Exploits0References3
cvelist
cvelist
added yesterday31 views

CVE-2026-62348 TDengine: KILL SSMIGRATE missing authorization lets low-privilege users interrupt shared-storage migrations

TDengine is a time-series database optimized for Internet of Things devices. Prior to 3.4.1.15, TDengine Enterprise allowed an authenticated low-privilege SQL user to run KILL SSMIGRATE against an active shared-storage migration because mndProcessKillSsMigrateReq called mndKillSsMigrate while the...

5.4CVSS
Exploits0References1
nvd
nvd
added yesterday5 views

CVE-2026-20298

In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.3.2512.15, 10.2.2510.18, and 10.1.2507.24, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could view stored credential hashes...

5.3CVSS
Exploits0References1
cvelist
cvelist
added yesterday34 views

CVE-2026-20298 Sensitive Information Disclosure through the storage/passwords REST Endpoint in Splunk Enterprise

In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.3.2512.15, 10.2.2510.18, and 10.1.2507.24, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could view stored credential hashes...

5.3CVSS
Exploits0References1
cve
cve
added yesterday6 views

CVE-2026-20298

CVE-2026-20298 affects Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.3.2512.15, 10.2.2510.18, and 10.1.2507.24. A low-privileged user without admin/power roles could view stored credential hashes by query...

5.3CVSS6.1AI score
Exploits0References1
euvd
euvd
added yesterday4 views

EUVD-2026-44738

In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.3.2512.15, 10.2.2510.18, and 10.1.2507.24, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could view stored credential hashes...

5.3CVSS6.1AI score
Exploits0References1
attackerkb
attackerkb
added yesterday4 views

CVE-2026-20298

In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.3.2512.15, 10.2.2510.18, and 10.1.2507.24, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could view stored credential hashes...

5.3CVSS6.1AI score
Exploits0References2Affected Software2
ibm
ibm
added yesterday10 views

Security Bulletin: IBM Storage Protect Client is vulnerable to Heap-Based Buffer Overflow (CVE-2026-13473)

Summary IBM Storage Protect Client is vulnerable to Heap-Based Buffer Overflow due to unchecked string copy operations. Vulnerability Details CVEID:CVE-2026-13473 DESCRIPTION: IBM Storage Protect is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker...

6.5AI score
Exploits0Affected Software1
rocky
rocky
added yesterday3 views

git-lfs security update

An update is available for git-lfs. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Git Large File Storage LFS replaces large files such as audio samples, video...

7.5CVSS7AI score0.00813EPSS
Exploits0
osv
osv
added yesterday4 views

RLSA-2026:39272 Important: git-lfs security update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME...

7.5CVSS7AI score0.00813EPSS
Exploits0References2
rocky
rocky
added yesterday4 views

qemu-kvm security update

An update is available for qemu-kvm. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Kernel-based Virtual Machine KVM is a full virtualization solution for Linux...

6.7CVSS6.2AI score0.00122EPSS
Exploits0
Rows per page
Query Builder