Lucene search
K

54 matches found

NVD
NVD
added 2026/06/25 7:16 p.m.10 views

CVE-2026-56767

Maxun before 0.0.42 contains a cross-tenant insecure direct object reference vulnerability in storage and webhook API handlers that allows authenticated users to access other users' robots and OAuth tokens. Attackers can read plaintext Google and Airtable access tokens, modify, delete, or execute...

8.8CVSS0.0033EPSS
Exploits0References4
CVE
CVE
added 2026/06/25 6:3 p.m.10 views

CVE-2026-56767

Maxun before version 0.0.42 is affected by a cross-tenant insecure direct object reference in storage and webhook API handlers. Authenticated users can bypass ownership checks to read other users’ robots and OAuth tokens, including plaintext Google and Airtable tokens, and can modify, delete, or ...

8.8CVSS5.9AI score0.0033EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/25 6:3 p.m.18 views

CVE-2026-56767 Maxun < 0.0.42 - Cross-Tenant IDOR in Storage and Webhook API Handlers

Maxun before 0.0.42 contains a cross-tenant insecure direct object reference vulnerability in storage and webhook API handlers that allows authenticated users to access other users' robots and OAuth tokens. Attackers can read plaintext Google and Airtable access tokens, modify, delete, or execute...

8.8CVSS0.0033EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/07 4:40 a.m.12 views

SUSE CVE-2026-11255

Insufficient validation of untrusted input in Storage Access API in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

7.5CVSS5.5AI score0.00264EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 6:30 p.m.10 views

EUVD-2026-29500

The nexent v1.7.5.2 backend service contains an unauthorized arbitrary storage file deletion vulnerability in its file management API. The DELETE /storage/objectname:path endpoint lacks authentication, authorization, and input validation mechanisms. Unauthenticated remote attackers can send craft...

6AI score0.00401EPSS
Exploits0References3
NVD
NVD
added 2026/05/12 4:16 p.m.12 views

CVE-2026-31216

The nexent v1.7.5.2 backend service contains an unauthorized arbitrary storage file deletion vulnerability in its file management API. The DELETE /storage/objectname:path endpoint lacks authentication, authorization, and input validation mechanisms. Unauthenticated remote attackers can send craft...

9.1CVSS0.00401EPSS
Exploits0References2
CVE
CVE
added 2026/05/12 12:0 a.m.17 views

CVE-2026-31216

The CVE concerns the Nexent v1.7.5.2 backend service. The vulnerability lies in the file management API: DELETE /storage/{object_name:path} accepts a user-controlled object_name and is missing authentication, authorization, and input validation. This allows unauthenticated remote attackers to del...

9.1CVSS6AI score0.00401EPSS
Exploits0References2Affected Software1
Veeam
Veeam
added 2025/12/10 12:0 a.m.15 views

Release Information for Dell SC Series Plug-In for Veeam Backup & Replication

This plug-in leverages the Veeam Universal Storage API, which enables storage OEMs to allow Veeam Backup & Replication integration to the arrays for backup and replication jobs. Requirements Before installing Dell SC Series Plug-In v1.0.211, ensure that you are running Veeam Backup & Replication...

6.8AI score
Exploits0Affected Software1
EUVD
EUVD
added 2025/11/11 9:30 a.m.5 views

EUVD-2025-74036

The VAPIX Edge storage API that allowed a privilege escalation, enabling a VAPIX administrator-privileged user to gain Linux Root privileges. This flaw can only be exploited after authenticating with an administrator-privileged service account...

6.4CVSS6.5AI score0.00103EPSS
Exploits0References2
NVD
NVD
added 2025/11/11 8:15 a.m.3 views

CVE-2025-9055

The VAPIX Edge storage API that allowed a privilege escalation, enabling a VAPIX administrator-privileged user to gain Linux Root privileges. This flaw can only be exploited after authenticating with an administrator-privileged service account...

6.4CVSS0.00103EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/11 12:0 a.m.7 views

PT-2025-46313

Name of the Vulnerable Software and Affected Versions VAPIX Edge affected versions not specified Description The VAPIX Edge storage API contains a flaw that allows privilege escalation. An authenticated VAPIX administrator-privileged user can gain Linux Root privileges. Exploitation requires...

6.4CVSS6.6AI score0.00103EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2015-9062

Malware in sbrugna...

10CVSS9.5AI score0.01187EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2015-5457

Malware in sbrugna...

7.5CVSS6.4AI score0.01476EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-6384

Malware in sbrugna...

10CVSS9.5AI score0.01116EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2014-5068

Malware in sbrugna...

9.8CVSS9.5AI score0.0402EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-27469

Malicious code in bioql PyPI...

9.1CVSS6.6AI score0.00348EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-20017

Malicious code in bioql PyPI...

7.9CVSS6.3AI score0.0014EPSS
Exploits0References2
OSV
OSV
added 2025/08/28 7:16 a.m.2 views

MAL-2025-41496 Malicious code in @twork-data-services/customer-storage-api-v5-customer (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2025/08/28 7:16 a.m.2 views

MAL-2025-41495 Malicious code in @twork-data-services/customer-storage-api-v3-customer-timezone (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2025/08/28 7:16 a.m.2 views

MAL-2025-41494 Malicious code in @twork-data-services/customer-storage-api-v3-customer-attribute (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
Rows per page
Query Builder