Lucene search
+L

6722 matches found

CVE
CVE
added 2026/06/17 9:5 p.m.29 views

CVE-2026-8049

The CVE-2026-8049 issue affects SignalRGB’s Windows kernel driver, SignalIo.sys, in versions prior to 1.3.7.0. The device object (.SignalIo) is created without an explicit SDDL security descriptor and without FILE_DEVICE_SECURE_OPEN, resulting in overly permissive default access. This permits any...

5.3CVSS5.3AI score0.00087EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/17 2:15 p.m.22 views

Open WebUI: Forged model meta.knowledge allows cross-user file read and deletion

Summary Open WebUI lets a user who can create, update, or import workspace models store arbitrary meta.knowledge entries on their model without checking whether they own or can read the referenced files. Open WebUI then treats meta.knowledge entries of type file as an authorization source in two...

7.1CVSS5.6AI score0.00198EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/17 2:11 p.m.18 views

Open WebUI: Cross-user file disclosure via /api/chat/completions image_url field

summary POST /api/chat/completions accepts an imageurl.url value that, when it does NOT start with http://, https://, or data:image/, is interpreted as a file id and resolved against the global file table with no ownership check. An authenticated user can therefore set imageurl.url to another...

6.5CVSS5.3AI score0.00366EPSS
Exploits2References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.23 views

PT-2026-50481

Name of the Vulnerable Software and Affected Versions Open-webui affected versions not specified Description An authenticated user can access files belonging to other users by exploiting a lack of ownership verification in the image processing path. When the POST endpoint "/api/chat/completions"...

6.5CVSS5.9AI score0.00225EPSS
Exploits1References12
OSV
OSV
added 2026/06/15 8:54 p.m.4 views

CVE-2026-48017 DbGate: Remote Code Execution via functionName injection in loadReader endpoint

DbGate is cross-platform database manager. In versions 7.1.8 and prior, the POST /runners/load-reader endpoint in DbGate accepts a functionName parameter that is directly interpolated into a JavaScript code template without any sanitization or validation. An authenticated user with basic access, ...

8.8CVSS6.3AI score0.0051EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2026/06/15 2:59 p.m.13 views

samba: vfs_worm does not block directory modification

A flaw was found in Samba’s vfsworm module. The module is intended to provide write-once, read-many WORM protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share...

6.5CVSS5.2AI score0.00939EPSS
Exploits0References5
CVE
CVE
added 2026/06/13 2:34 a.m.35 views

CVE-2026-54228

Vulnerability context (CVE-2026-54228) : A TOCTOU race in the abrt-dbus D-Bus service’s SetElement method allows a local user to write arbitrary text files into the root-owned dump directory between dump directory creation and post-create, bypassing package validation and causing crashes of unpac...

7.8CVSS5.4AI score0.00103EPSS
Exploits0References3
NVD
NVD
added 2026/06/10 10:16 p.m.12 views

CVE-2026-0267

An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions even if the...

6.9CVSS0.00104EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/10 9:0 p.m.13 views

CVE-2026-0411

An information disclosure vulnerability in the NETGEAR Orbi satellites RBR/RBE/RBS Series could allow a user connected to your network to gain administrator access to the Orbi router. The listed NETGEAR models are affected by this vulnerability. Orbi WiFi Systems without satellite devices are not...

8CVSS5.5AI score0.00278EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 2:1 p.m.18 views

EUVD-2026-36039

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the HAProxy section-save endpoints POST /api/service/haproxy//section/ and the PUT / global / defaults variants accept a JSON option field that is not validated, not escaped, and ...

9.9CVSS6.5AI score0.00439EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 1:55 p.m.26 views

CVE-2026-53470

CVE-2026-53470 affects migration-planner. An authenticated attacker can exploit an improper access control on /api/v1/sources/{id}/image-url to bypass ownership checks and obtain presigned S3 URLs for other users’ Open Virtual Appliance (OVA) images, potentially downloading images containing long...

9.6CVSS5.5AI score0.0028EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/10 3:8 a.m.10 views

CVE-2026-24720 File Station 5

An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We ha...

5.3CVSS5.5AI score0.0028EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 6:30 p.m.24 views

EUVD-2026-35465

An information disclosure vulnerability in the NETGEAR Orbi satellites could allow a user connected to your network to gain administrator access to the Orbi router. The listed NETGEAR models are affected by this vulnerability. Orbi WiFi Systems without satellite devices are not impacted by this...

7.2CVSS5.4AI score0.00278EPSS
Exploits0References6
CVE
CVE
added 2026/06/09 5:33 p.m.21 views

CVE-2026-0466

CVE-2026-0466 involves AMD uProf with improper access control. A local user may write to the kernel-shared memory section, potentially causing a crash or denial of service. Documents reference AMD’s security bulletin AMD-SB-9025, but provide no version-specific details or remediation steps. No ex...

6.8CVSS5.5AI score0.001EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/09 3:50 p.m.37 views

CVE-2026-0411

CVE-2026-0411 describes a vulnerability in NETGEAR Orbi satellites where a user connected to the network could gain administrator access to the Orbi router. Affected are certain Orbi satellite models; Orbi WiFi Systems without satellite devices are not impacted. The CVSS-like data indicates adjac...

8CVSS5.4AI score0.00278EPSS
Exploits0References6Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/08 3:17 p.m.9 views

CVE-2026-44119

Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. This issue affects Apache HTTP Server: from through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the...

5.5CVSS5.4AI score0.00171EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:58 p.m.12 views

CVE-2023-30059

An insecure direct object reference in MK-Auth 23.01K4.9 allows attackers to access and send support calls for other users via manipulation of the chamado parameter through a crafted GET request...

5.4CVSS5.5AI score0.00168EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.11 views

CVE-2025-66171

The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is enabled and have access to specific APIs can create new VMs using backups of any other user of the...

6.5CVSS5.5AI score0.0053EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.20 views

CVE-2026-1272

IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to Security Misconfiguration vulnerability in the user access control panel...

4.3CVSS5.5AI score0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.15 views

CVE-2025-13755

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes DB2 Connect Server stores potentially sensitive information in log files that could be read by a local user...

5.5CVSS5.4AI score0.00108EPSS
Exploits0References1
Rows per page
Query Builder