Lucene search
K

3191 matches found

ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-50179

Actual is a local-first personal finance tool. Prior to 26.6.0, exportToCSV and exportQueryToCSV in packages/loot-core/src/server/transactions/export/export-to-csv.ts pass user-controlled Payee, Notes, Account, and Category strings to csv-stringify with no cast callback and no formula-prefix...

4.2CVSS6AI score0.00029EPSS
Exploits0References4Affected Software1
CVE
CVE
added yesterday14 views

CVE-2026-46672

The CVE-2026-46672 entry describes a local CSV formula-injection flaw in the @actual-app/cli before version 26.6.0. The CLI uses a hand-rolled CSV serializer in packages/cli/src/output.ts with an escapeCsv that only neutralizes RFC 4180 delimiters (comma, quote, newline) and does not neutralize c...

4.6CVSS6.1AI score0.00017EPSS
Exploits0References4
OSV
OSV
added yesterday4 views

GO-2026-5909 Coder's workspace app upsert allows cross-workspace agent rebinding via user-controlled app ID in github.com/coder/coder

Coder's workspace app upsert allows cross-workspace agent rebinding via user-controlled app ID in github.com/coder/coder...

8.7CVSS5.9AI score
Exploits0References2
NVD
NVD
added yesterday7 views

CVE-2026-5799

Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers. This issue affects Ontime: through 04052026...

7.5CVSS0.00246EPSS
Exploits0References1
NVD
NVD
added yesterday6 views

CVE-2026-5730

Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers. This issue affects Ontime: through 04052026...

7.5CVSS0.00246EPSS
Exploits0References1
CVE
CVE
added yesterday11 views

CVE-2026-5799

CVE-2026-5799 is an IDOR in Idvlabs’ Ontime affecting versions up to 04052026, caused by a user-controlled key that enables an authorization bypass. The vulnerability allows exploitation of trusted identifiers and is rated CVSSv3.1 = 7.5 (HIGH) with network attack vector, low attack complexity, n...

7.5CVSS5.9AI score0.00246EPSS
Exploits0References1
EUVD
EUVD
added yesterday8 views

EUVD-2026-42015

Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers. This issue affects Ontime: through 04052026...

7.5CVSS5.9AI score0.00246EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday15 views

CVE-2026-5799 IDOR in Idvlabs' Ontime

Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers. This issue affects Ontime: through 04052026...

7.5CVSS0.00246EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday6 views

CVE-2026-5799

Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers. This issue affects Ontime: through 04052026...

7.5CVSS5.9AI score0.00246EPSS
Exploits0References2
Cvelist
Cvelist
added yesterday12 views

CVE-2026-5730 IDOR in Idvlabs' Ontime

Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers. This issue affects Ontime: through 04052026...

7.5CVSS0.00246EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-5730

Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers. This issue affects Ontime: through 04052026...

7.5CVSS5.9AI score0.00246EPSS
Exploits0References2
CISA KEV Catalog
CISA KEV Catalog
added yesterday3 views

Langflow Authorization Bypass Through User-Controlled Key Vulnerability

Langflow contains an authorization bypass through user-controlled key vulnerability which allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request...

9.9CVSS6AI score0.00233EPSS
In wildExploits2
Snyk
Snyk
added 3 days ago4 views

Authorization Bypass Through User-Controlled Key

Overview langgraph is a Building stateful, multi-actor applications with LLMs Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to a key collision in the defaultcachekey and freeze functions of langgraph/internal/cache.py, where freeze reduce...

4.2CVSS6AI score0.0016EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago5 views

CVE-2026-54424

An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Privilege. This issue affects Parsec through v2026-05-04.0. The patched version is Parsec for Windows version 150-104a. A user can generate a situation where there is an instance o...

8.4CVSS6AI score0.00245EPSS
Exploits1References5
Snyk
Snyk
added 5 days ago3 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the tracked-time deletion process. An attacker can remove time tracking entries associated with issues they do not have permission to modify by specifying the time entry ID from anothe...

7.1CVSS6AI score0.00159EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago3 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the tracked-time deletion process. An attacker can remove time tracking entries associated with issues they do not have permission to modify by specifying the time entry ID from anothe...

7.1CVSS6AI score0.00159EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago4 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the tracked-time deletion process. An attacker can remove time tracking entries associated with issues they do not have permission to modify by specifying the time entry ID from anothe...

7.1CVSS6AI score0.00159EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago4 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the email settings process. An attacker can modify another user's primary email address by sending crafted requests to the relevant endpoint. Remediation Upgrade...

7.5CVSS6AI score0.00167EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago3 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the email settings process. An attacker can modify another user's primary email address by sending crafted requests to the relevant endpoint. Remediation Upgrade...

7.5CVSS6AI score0.00167EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago5 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the LFS object reuse process. An attacker can gain unauthorized access to private source objects by leveraging repository access without having the required Code-unit permissions...

7.1CVSS7.2AI score0.00323EPSS
Exploits0References2
Rows per page
Query Builder