Lucene search
+L

150 matches found

CVE
CVE
added 2 days ago49 views

CVE-2026-55518

Avo (Ruby on Rails) suffers a server-side authorization gap in the association attach endpoint. Prior to 3.32.1 and 4.0.0.beta.51, the UI checks attach_? and GET /resources/:resource/:id/:related/new, but POST /resources/:resource/:id/:related (Avo::AssociationsController#create) does not enforce...

9.6CVSS5.3AI score0.00331EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 4 days ago29 views

Security Bulletin: IBM QRadar SIEM is vulnerable to information diclosures and cross-site scripting

Summary Several potential Cross-Site Scripting and Information Disclosure issues addressed in IBM QRadar SIEM 7.5.0 UP15 Vulnerability Details CVEID:CVE-2025-13995 DESCRIPTION: IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 could allow an attacker with access to one tenant to access hostna...

6.2CVSS6.1AI score0.0018EPSS
Exploits0Affected Software1
NVD
NVD
added 4 days ago8 views

CVE-2026-61684

FastGPT is a knowledge-based AI application platform. In 4.15.0-beta4, FastGPT plugin invoke reverse-call endpoints under /api/invoke/ authenticate only by verifying a JWT signed with INVOKETOKENSECRET, which defaults to the constant string token and was not set in official deployment templates. ...

8.8CVSS0.00295EPSS
Exploits0References4
NVD
NVD
added 4 days ago5 views

CVE-2026-61644

FastGPT is a knowledge-based AI application platform. From 4.14.17 until 4.15.0-beta5, the POST /api/core/chat/record/getCollectionQuote endpoint authenticates the caller's chat and collection context, but the initialId center-node lookup is not bound to that authorized context. A low-privileged...

7.7CVSS0.00243EPSS
Exploits0References4
OSV
OSV
added 4 days ago4 views

CVE-2026-61644 FastGPT: /api/core/chat/record/getCollectionQuote can disclose cross-tenant dataset text due to an unbound initialId lookup

FastGPT is a knowledge-based AI application platform. From 4.14.17 until 4.15.0-beta5, the POST /api/core/chat/record/getCollectionQuote endpoint authenticates the caller's chat and collection context, but the initialId center-node lookup is not bound to that authorized context. A low-privileged...

7.7CVSS6.1AI score0.00243EPSS
Exploits0References6
CVE
CVE
added 4 days ago9 views

CVE-2026-61644

FastGPT contains a cross-tenant data disclosure in POST /api/core/chat/record/getCollectionQuote. From 4.14.17 through 4.15.0-beta5, the initialId center-node lookup is not bound to the caller’s authenticated chat/collection context, allowing a low-privileged tenant to supply attacker-owned appId...

7.7CVSS6.1AI score0.00243EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/08 2:32 p.m.5 views

EUVD-2026-42282

SQL injection vulnerabilities in the Snowflake Snowpark Python SDK snowpark-python versions prior to 1.53.0 could allow authenticated low-privilege users to execute SQL beyond their authorization scope. An attacker could exploit these vulnerabilities by embedding SQL payloads in source database...

9.6CVSS6.2AI score0.00279EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/07 9:16 p.m.7 views

CVE-2026-54601

FastGPT is an open source AI knowledge base platform. From 4.14.17 to before 4.15.0-beta4, FastGPT allows an authenticated tenant user to call POST /api/core/dataset/collection/create/reTrainingCollection in a way that persists a server-owned datasetId value from another tenant. This creates mixe...

6.3CVSS6AI score0.00246EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/02 12:34 p.m.9 views

CVE-2026-58653

PraisonAI before 0.1.7 fails to validate that projectid in issue create and update request bodies belongs to the URL workspace. An attacker can create issues referencing projects from other workspaces, causing cross-tenant data pollution in project statistics aggregation without workspace...

5.3CVSS5.8AI score0.00158EPSS
Exploits0References3
NVD
NVD
added 2026/07/01 11:16 p.m.8 views

CVE-2026-14439

A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequence of post-clone file-manipulation operations that use user-supplied paths without validation, allowing an authenticated user with basic git access to...

9.4CVSS0.00601EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/01 11:5 p.m.7 views

CVE-2026-14439

A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequence of post-clone file-manipulation operations that use user-supplied paths without validation, allowing an authenticated user with basic git access to...

9.4CVSS6.5AI score0.00601EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/01 2:8 p.m.33 views

CVE-2026-5138 Foreman: foreman: information disclosure via improper validation of nested request parameters

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...

4.3CVSS0.00231EPSS
Exploits0References6
NVD
NVD
added 2026/06/25 7:16 p.m.14 views

CVE-2026-55667

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.16, a scoped, non-admin File Browser user holding only the Create permission can delete arbitrary files outside their scope other tenants' data, a...

8.2CVSS0.00359EPSS
Exploits0References1
OSV
OSV
added 2026/06/23 6:8 p.m.4 views

CVE-2026-54319 Daytona: Path traversal in sandbox volume id mounts arbitrary host paths into the sandbox — cross-tenant data access and host escape

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.186, a sandbox volume reference volumeId, which may also be a volume name was forwarded to the runner and used to build the host bind-mount source path without confinement. A...

4.2CVSS6.4AI score0.00171EPSS
Exploits0References3
CVE
CVE
added 2026/06/23 6:7 p.m.25 views

CVE-2026-54324

CVE-2026-54324 affects Daytona API service (NestJS) used in Daytona’s notification WebSocket gateway. The cross-tenant flaw allowed any authenticated user to join another organization’s realtime channel by binding a client-supplied organization ID to the corresponding room without verifying membe...

6.5CVSS6.3AI score0.00275EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 11:16 p.m.11 views

CVE-2026-53923

vLLM is an inference and serving engine for large language models LLMs. From 0.5.5 until 0.23.1rc0, integer truncation of tensor dimensions in vLLM's GGUF dequantize kernels csrc/quantization/gguf/ggufkernel.cu causes partial tensor processing. The output tensor is allocated at full size via...

7.5CVSS0.00281EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/20 3:21 p.m.6 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the POST /resources/:resource/:id/:related endpoint. An attacker can gain unauthorized access to sensitive relationships and escalate privileges by sending crafted POST requests to manipulate associations,...

9.6CVSS5.9AI score0.00331EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/18 5:19 p.m.16 views

Daytona: Path traversal in sandbox volume id mounts arbitrary host paths into the sandbox — cross-tenant data access and host escape

Summary A sandbox volume reference volumeId, which may also be a volume name was forwarded to the runner and used to build the host bind-mount source path without confinement. A reference containing path-traversal sequences could in principle resolve the mount source outside the intended per-volu...

4.2CVSS5.4AI score0.00171EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/18 5:19 p.m.5 views

GHSA-FJV8-J4P5-CR9M Daytona: Path traversal in sandbox volume id mounts arbitrary host paths into the sandbox — cross-tenant data access and host escape

Summary A sandbox volume reference volumeId, which may also be a volume name was forwarded to the runner and used to build the host bind-mount source path without confinement. A reference containing path-traversal sequences could in principle resolve the mount source outside the intended per-volu...

4.2CVSS5.4AI score0.00171EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/16 9:32 p.m.13 views

OpenStack Nova: Nova scheduler hint injection bypasses Placement resource claims and scheduling constraints

Affects - Nova: =18.0.0 =32.0.0 =33.0.0 33.0.2 Description Erichen from the Institute of Computing Technology, Chinese Academy of Sciences reported that Nova's server create API does not strip internal scheduler hints. An authenticated user can bypass Placement resource claims and scheduling...

8.5CVSS5.2AI score0.00272EPSS
Exploits1References9Affected Software1
Rows per page
Query Builder