Lucene search
K

133 matches found

Cvelist
Cvelist
added yesterday29 views

CVE-2026-59262 AFFiNE - Unauthorized Document Edit History Access via GraphQL histories Field

AFFiNE's histories GraphQL field fails to validate Doc.Read permission before exposing document edit history, allowing authenticated workspace members to retrieve restricted content timelines. Attackers can supply arbitrary document GUIDs to access full edit histories including user names, emails...

7.1CVSS
Exploits0References4
The Hacker News
The Hacker News
added 2026/06/17 2:58 p.m.15 views

Adversarial Exposure Validation Turns Security Visibility into Confident Prioritization

For security teams, the findings never stop, but confidence in knowing which ones matter is becoming harder to maintain. The problem is no longer visibility. It's validation. Security teams must decide which findings warrant action while operating under constant pressure and incomplete informatio...

5.4AI score
Exploits0
HackRead
HackRead
added 2026/06/09 6:7 p.m.16 views

Network Log Analysis: Why Collecting Logs is Not Enough

Network Log Analysis helps teams turn raw logs into useful alerts, timelines, audit records, and incident evidence instead of storing data without action...

5.5AI score
Exploits0
Circl
Circl
added 2026/05/27 6:0 p.m.11 views

CVE-2026-48027

creationtimestamp| type| source ---|---|--- 2026-05-27 18:00:02+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/23d94b6e-e10b-4ed3-9304-fbf1858a9ac5 2026-05-27 18:10:41+00:00| seen| https://bsky.app/profile/cvesentinel.bsky.social/post/3mmu45p54pa2c...

9.8CVSS5.9AI score0.0185EPSS
Exploits1References14
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Firefox and Thunderbird

An attacker was able to execute code in the content process by exploiting a use-after-free in Animation timelines. There have been reports of this vulnerability being exploited in real-world scenarios. This vulnerability affects Firefox 131.0.2, Firefox ESR 128.3.1, Firefox ESR 115.16.1,...

9.8CVSS7.6AI score0.32568EPSS
Exploits1References2
hivepro
hivepro
added 2026/05/07 4:45 a.m.9 views

Cyber Insurance Requirements for Cybersecurity

Cyber Insurance Requirements for Cybersecurity Cyber insurance requirements cybersecurity teams face today are stricter than they were even a few years ago. Underwriters no longer accept a simple security questionnaire and a list of tools. They want evidence that your organization can identify...

5.9AI score
Exploits0
HackRead
HackRead
added 2026/02/25 11:57 a.m.11 views

Autonomous Endpoint Management Isn’t Just Efficiency, It’s a Security Imperative

Autonomous Endpoint Management cuts exposure time by matching patch speed to attacker breakout timelines, reducing risk, workload delays, and breach costs...

5.5AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/02/06 2:23 a.m.6 views

CVE-2026-1228 Timeline Block <= 1.3.3 - Insecure Direct Object Reference to Authenticated (Author+) Private Timeline Exposure via Shortcode Attribute

The Timeline Block – Beautiful Timeline Builder for WordPress Vertical & Horizontal Timelines plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.3 via the tlgbshortcode function due to missing validation on a user controlled key. This...

4.3CVSS5.4AI score0.00178EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/02/06 12:23 a.m.7 views

WordPress Timeline Block plugin <= 1.3.3 - Insecure Direct Object Reference to Authenticated (Author+) Private Timeline Exposure via Shortcode Attribute vulnerability

Insecure Direct Object Reference to Authenticated Author+ Private Timeline Exposure via Shortcode Attribute vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin Timeline Block versions = 1.3.3...

4.3CVSS5.4AI score0.00178EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.10 views

PT-2026-6339

Mastodon is a free, open-source social network server based on ActivityPub. Mastodon allows server administrators to suspend remote users to prevent interactions. However, some logic errors allow already-known posts from such suspended users to appear in timelines if boosted. Furthermore, under...

5.3CVSS5.6AI score0.00402EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/23 6:19 a.m.7 views

CVE-2026-23961

Mastodon is a free, open-source social network server based on ActivityPub. Mastodon allows server administrators to suspend remote users to prevent interactions. However, some logic errors allow already-known posts from such suspended users to appear in timelines if boosted. Furthermore, under...

5.3CVSS5.6AI score0.00402EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/22 1:47 a.m.32 views

CVE-2026-23961 Mastodon may allow a remote suspension bypass

Mastodon is a free, open-source social network server based on ActivityPub. Mastodon allows server administrators to suspend remote users to prevent interactions. However, some logic errors allow already-known posts from such suspended users to appear in timelines if boosted. Furthermore, under...

5.3CVSS0.00402EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.9 views

Mastodon security vulnerabilities

Mastodon is an open-source social networking server based on ActivityPub. Mastodon has a security vulnerability, which stems from a logical error that allows old posts of suspended users to appear on the timeline. In certain versions, this suspension mechanism may be partially bypassed...

5.3CVSS5.8AI score0.00402EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.9 views

PT-2026-3898

Name of the Vulnerable Software and Affected Versions Mastodon versions 4.2.26 through 4.2.29 Mastodon versions 4.3.13 through 4.3.17 Mastodon versions 4.4.5 through 4.4.11 Mastodon versions 4.5.0 through 4.5.4 Description Mastodon is a social network server that allows administrators to suspend...

5.3CVSS5.4AI score0.00402EPSS
Exploits0References12
Packet Storm News
Packet Storm News
added 2025/12/01 12:0 a.m.5 views

CVE Breadcrumbs: Tracking Vulnerabilities through Versioned Apache Libraries

The Apache Software Foundation ASF ecosystem underpins a vast portion of modern software infrastructure, powering widely used components such as Log4j, Tomcat, and Struts. However, the ubiquity of these libraries has made them prime targets for high-impact security vulnerabilities, as illustrated...

6.7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/10/23 12:0 a.m.9 views

PT-2025-43503

Name of the Vulnerable Software and Affected Versions SkiaRenderEngine affected versions not specified Description A flaw exists in the drawLayersInternal function within SkiaRenderEngine.cpp that may allow access to the GPU cache, potentially revealing side channel information. This could lead t...

7.4CVSS5.9AI score0.00091EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/10/14 9:50 p.m.7 views

CVE-2025-62176

Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon before 4.4.6, 4.3.14, and 4.2.27, the streaming server accepts serving events for public timelines to clients using any valid authentication token, even if those tokens lack the read:statuses scope. This allow...

4.3CVSS6.9AI score0.00254EPSS
Exploits0References1
NVD
NVD
added 2025/10/13 9:15 p.m.5 views

CVE-2025-62176

Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon before 4.4.6, 4.3.14, and 4.2.27, the streaming server accepts serving events for public timelines to clients using any valid authentication token, even if those tokens lack the read:statuses scope. This allow...

4.3CVSS0.00254EPSS
Exploits0References2
OSV
OSV
added 2025/10/13 9:4 p.m.5 views

CVE-2025-62176 Mastadon streaming server allows OAuth clients without the `read` scope to subscribe to public channels

Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon before 4.4.6, 4.3.14, and 4.2.27, the streaming server accepts serving events for public timelines to clients using any valid authentication token, even if those tokens lack the read:statuses scope. This allow...

4.3CVSS6.9AI score0.00254EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/10/13 9:4 p.m.2 views

CVE-2025-62176 Mastadon streaming server allows OAuth clients without the `read` scope to subscribe to public channels

Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon before 4.4.6, 4.3.14, and 4.2.27, the streaming server accepts serving events for public timelines to clients using any valid authentication token, even if those tokens lack the read:statuses scope. This allow...

4.3CVSS6.6AI score0.00254EPSS
Exploits0References2
Rows per page
Query Builder