Lucene search
K

1082 matches found

Cvelist
Cvelist
added 2026/05/13 8:53 p.m.35 views

CVE-2026-44379 MISP: Improper UUID validation in MISP Collections

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, MISP Collections did not enforce RFC 4122 UUID validation on the uuid field. As a result, a user able to create or modify Collection records could submit malformed UUID values, potentially causing integrity issues o...

5.3CVSS0.00178EPSS
Exploits0References2
OSV
OSV
added 2026/05/12 9:17 p.m.3 views

CVE-2026-45226 Heym < 0.0.21 Authorization Bypass in Workflow Execution

Heym before 0.0.21 contains an authorization bypass vulnerability in workflow execution that allows authenticated users to execute arbitrary workflows by referencing victim workflow UUIDs without proper access validation. Attackers can create workflows with execute nodes or agent subWorkflowIds...

7.6CVSS6.3AI score0.00293EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/12 5:25 p.m.38 views

CVE-2026-42300 DevGuard: Unauthenticated identity assertion via `X-Admin-Token` header

DevGuard provides vulnerability management for the full software supply chain. Prior to 1.2.2, the SessionMiddleware accepts a client-supplied X-Admin-Token HTTP request header and uses its raw string value as the authenticated userID when no Kratos session cookie is present. An unauthenticated...

9.3CVSS0.00257EPSS
Exploits0References2
CVE
CVE
added 2026/05/12 5:25 p.m.36 views

CVE-2026-42300

CVE-2026-42300 affects DevGuard’s SessionMiddleware and related components prior to version 1.2.2. The vulnerability arises because a client-supplied header, X-Admin-Token , is accepted and its raw value is used as the authenticated userID when no Kratos session cookie is present. An attacker who...

9.3CVSS5.9AI score0.00257EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.14 views

PT-2026-40451

Name of the Vulnerable Software and Affected Versions Heym versions prior to 0.0.21 Description An authorization bypass exists in workflow execution allowing authenticated users to execute arbitrary workflows. By referencing victim workflow UUIDs without proper access validation, attackers can...

7.6CVSS6.2AI score0.00293EPSS
Exploits0References7
Snyk
Snyk
added 2026/05/08 7:51 p.m.18 views

Missing Authorization

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authorization in the getchannelmembersbyid process. An attacker can retrieve the list of users, including their IDs, names, emails, roles, and profile images, associated with a private channel by maki...

5.3CVSS5.8AI score0.00221EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/05/08 7:51 p.m.16 views

Open WebUI vulnerable to Global Knowledge Base Enumeration via knowledge-bases Meta-Collection

Global Knowledge Base Enumeration via knowledge-bases Meta-Collection Affected Component Retrieval collection access validation: - backend/openwebui/routers/retrieval.py lines 2330-2355, validatecollectionaccess - backend/openwebui/routers/retrieval.py query endpoints, e.g. POST /query/doc Affect...

4.3CVSS5.9AI score0.00221EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/05/08 3:57 a.m.17 views

CVE-2026-42279

Solidtime is an open-source time-tracking app. In version 0.12.0, the PUT /api/v1/organizations/{organization}/time-entries/{timeEntry} endpoint accepts a route-bound timeEntry UUID from another organization when the caller has time-entries:update:all in the URL organization, allowing a known for...

5.8CVSS5.7AI score0.00266EPSS
Exploits1References3Affected Software1
RedHat Linux
RedHat Linux
added 2026/05/06 9:19 p.m.16 views

kernel: nfsd: release svc_expkey/svc_export with rcu_work

In the Linux kernel, the following vulnerability has been resolved: nfsd: release svcexpkey/svcexport with rcuwork The last reference for cachehead can be reduced to zero in cshow and eshowusing rcureadlock and rcureadunlock. Consequently, svcexportput and expkeyput will be invoked, leading to tw...

7.8CVSS6.4AI score0.00218EPSS
Exploits0References5
NVD
NVD
added 2026/05/05 9:16 p.m.7 views

CVE-2026-41950

Dify before version 1.14.0 contains an authorization bypass vulnerability that allows authenticated users to read the full contents of files uploaded by other users within the same tenant by supplying an arbitrary file UUID in the files array of a chat-messages request. Attackers can exploit...

6.5CVSS0.00334EPSS
Exploits1References4
CVE
CVE
added 2026/05/05 8:35 p.m.65 views

CVE-2026-41950

CVE-2026-41950 affects Dify before version 1.14.0. An authorization bypass in the chat-messages flow allows an authenticated user to read full contents of files uploaded by other users within the same tenant by supplying an arbitrary file UUID in the files array of a chat-messages request. The ro...

6.5CVSS5.9AI score0.00334EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/05 8:35 p.m.8 views

CVE-2026-41950 Dify < 1.14.0 Authorization Bypass via File UUID

Dify before version 1.14.0 contains an authorization bypass vulnerability that allows authenticated users to read the full contents of files uploaded by other users within the same tenant by supplying an arbitrary file UUID in the files array of a chat-messages request. Attackers can exploit...

6.5CVSS5.9AI score0.00334EPSS
Exploits1References4
OSV
OSV
added 2026/05/05 8:35 p.m.4 views

CVE-2026-41950 Dify < 1.14.0 Authorization Bypass via File UUID

Dify before version 1.14.0 contains an authorization bypass vulnerability that allows authenticated users to read the full contents of files uploaded by other users within the same tenant by supplying an arbitrary file UUID in the files array of a chat-messages request. Attackers can exploit...

6CVSS6.2AI score0.00334EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.4 views

Fedora 42 : perl-CryptX (2026-bc5090f99b)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-bc5090f99b advisory. 0.088 2026-04-23 - Crypt::KeyDerivation - new functions: pbkdf1openssl, bcryptpbkdf, scryptpbkdf, argon2pbkdf - Crypt::Misc - new functions: randomv7uuid,...

7.5CVSS5.8AI score0.00447EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.3 views

Fedora 43 : perl-CryptX (2026-3e1f671a17)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3e1f671a17 advisory. 0.088 2026-04-23 - Crypt::KeyDerivation - new functions: pbkdf1openssl, bcryptpbkdf, scryptpbkdf, argon2pbkdf - Crypt::Misc - new functions: randomv7uuid,...

7.5CVSS5.8AI score0.00447EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/27 11:32 p.m.6 views

CVE-2026-40975

Values produced by $random.value are not suitable for use as secrets. $random.uuid is not affected. $random.int and $random.long should never be used for secrets as they are numeric values with a predictable range. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14, 3.4.0–3.4.15...

4.8CVSS5.2AI score0.00312EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/27 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-41907

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - uuid is for the creation of RFC9562 formerly RFC4122 UUIDs. Prior to 14.0.0, v3, v5, and v6 accept external output buffers but do not reject out-of-range writes...

9.3CVSS6AI score0.00337EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/04/25 11:29 a.m.6 views

CVE-2026-41988

A flaw was found in uuid. When external output buffers are used with UUID versions 3, 5, or 6, an attacker with local access may be able to cause unexpected data writes. This vulnerability could lead to low impact data integrity issues. UUID version 4 is not affected...

3.2CVSS5.2AI score0.00181EPSS
Exploits1References5
NVD
NVD
added 2026/04/24 7:17 p.m.11 views

CVE-2026-41907

uuid is for the creation of RFC9562 formerly RFC4122 UUIDs. Prior to 14.0.0, v3, v5, and v6 accept external output buffers but do not reject out-of-range writes small buf or large offset. This allows silent partial writes into caller-provided buffers. This vulnerability is fixed in 14.0.0...

9.3CVSS0.00337EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/04/24 7:17 p.m.4 views

CVE-2026-41907

uuid is for the creation of RFC9562 formerly RFC4122 UUIDs. Prior to 14.0.0, v3, v5, and v6 accept external output buffers but do not reject out-of-range writes small buf or large offset. This allows silent partial writes into caller-provided buffers. This vulnerability is fixed in 14.0.0...

9.3CVSS5.8AI score0.00337EPSS
Exploits1References2
Rows per page
Query Builder