Lucene search
+L

2512 matches found

CVE
CVE
added 14 hours ago6 views

CVE-2026-62231

The Grav API plugin (getgrav/grav-plugin-api) prior to version 1.0.6 has an authorization bypass in ApiKeyAuthenticator: API keys with restricted scopes are ignored, and the API key resolves to the owning user’s full account, allowing a key with limited scopes (e.g., read-only) to perform any ope...

8.6CVSS6.1AI score
Exploits0References2
CVE
CVE
added 2 days ago10 views

CVE-2026-52892

Summary: CVE-2026-52892 affects Wekan, an open‑source Kanban app built on Meteor. Before version 9.32, REST handlers in server/models/customFields.js checked read‑level access (Authentication.checkBoardAccess) for mutating custom-field routes, instead of write‑level access (Authentication.checkBo...

6.5CVSS6.1AI score0.00259EPSS
Exploits0References3
NVD
NVD
added 2 days ago6 views

CVE-2026-60062

The NGINX Agent configdirs directive allows a low-privileged attacker to gain limited read and write access to files outside of the designated secure directory. The configdirs directive required for this issue can also be configured through NGINX Instance Manager. A successful exploit may allow a...

6.4CVSS0.00197EPSS
Exploits0References1
NVD
NVD
added 2 days ago6 views

CVE-2026-54563

Cloudreve is a self-hosted file management and sharing system. Prior to 4.16.1, a Cloudreve WebDAV account rooted at a configured folder can send paths such as /dav/%2e%2e/outside.txt because stripPrefix in pkg/webdav/webdav.go joins the decoded request suffix to the account root with...

7.1CVSS0.00186EPSS
Exploits0References1
NVD
NVD
added 2 days ago4 views

CVE-2026-52865

When NGINX Ingress Controller processes Ingress or TransportServer resources, an authenticated, remote attacker with permission to create or modify Ingress or TransportServer resources can cause the NGINX Ingress Controller process to terminate. Impact: The NGINX Ingress Controller control plane...

7.1CVSS0.0028EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago38 views

CVE-2026-60062 NGINX Agent Vulnerability

The NGINX Agent configdirs directive allows a low-privileged attacker to gain limited read and write access to files outside of the designated secure directory. The configdirs directive required for this issue can also be configured through NGINX Instance Manager. A successful exploit may allow a...

6.4CVSS0.00197EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago4 views

EUVD-2026-44681

When NGINX Ingress Controller processes Ingress or TransportServer resources, an authenticated, remote attacker with permission to create or modify Ingress or TransportServer resources can cause the NGINX Ingress Controller process to terminate. Impact: The NGINX Ingress Controller control plane...

7.1CVSS6.2AI score0.0028EPSS
Exploits0References1
CVE
CVE
added 2 days ago8 views

CVE-2026-60062

The CVE-2026-60062 affects the NGINX Agent via the config_dirs directive. A low-privileged, remotely authenticated attacker can gain limited read and write access to files outside the designated secure directory, potentially crossing a security boundary. The config_dirs requirement can also be co...

6.4CVSS5.8AI score0.00197EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-44682

The NGINX Agent configdirs directive allows a low-privileged attacker to gain limited read and write access to files outside of the designated secure directory. The configdirs directive required for this issue can also be configured through NGINX Instance Manager. A successful exploit may allow a...

6.4CVSS5.8AI score0.00197EPSS
Exploits0References1
NVD
NVD
added 2 days ago9 views

CVE-2026-43637

Cornac before 2.6.0 contains a path traversal Tar Slip vulnerability that allows attackers to write arbitrary files outside the intended cache directory by supplying a crafted TAR archive containing ../ sequences, absolute paths, or symlink/hardlink entries to the extractarchive function in...

9.1CVSS0.00425EPSS
Exploits0References4
F5 Networks
F5 Networks
added 2 days ago10 views

K000161800: NGINX Ingress Controller vulnerability CVE-2026-55723

Security Advisory Description When NGINX Ingress Controller is configured with Custom Resource Definitions CRDs or Ingress annotations, an injection vulnerability exists in the configuration generator of NGINX Ingress Controller. Multiple user-controllable fields are written into the generated...

8.7CVSS6.1AI score0.00286EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2 days ago4 views

EUVD-2026-44523

CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user...

6.8CVSS6.1AI score0.00163EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2 days ago6 views

PT-2026-60183

Name of the Vulnerable Software and Affected Versions NGINX Ingress Controller affected versions not specified Description An injection flaw exists in the configuration generator when the software is configured with Custom Resource Definitions CRDs or Ingress annotations. Multiple user-controllab...

8.7CVSS6.2AI score0.00286EPSS
Exploits0References4
NVD
NVD
added 3 days ago7 views

CVE-2026-48312

CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user...

6.8CVSS0.00163EPSS
Exploits0References1
CVE
CVE
added 3 days ago13 views

CVE-2026-48312

CVE-2026-48312 concerns CAI Content Credentials with improper input validation that enables a security feature bypass and unauthorized write access. The CVSS 3.1 vector indicates a local attack with low attack complexity and no user interaction, resulting in low confidentiality impact and high in...

6.8CVSS6.1AI score0.00163EPSS
Exploits0References1Affected Software3
ATTACKERKB
ATTACKERKB
added 3 days ago3 views

CVE-2026-48312

CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user...

6.8CVSS6.1AI score0.00163EPSS
Exploits0References2
NVD
NVD
added 3 days ago4 views

CVE-2026-48329

ColdFusion is affected by an Insufficient Session Expiration vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user...

2.7CVSS0.0033EPSS
Exploits0References1
NVD
NVD
added 3 days ago4 views

CVE-2026-48321

ColdFusion is affected by an Incorrect Authorization vulnerability that could result in privilege escalation. An attacker could leverage this vulnerability to gain unauthorized read and write access. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS0.00516EPSS
Exploits0References1
NVD
NVD
added 3 days ago4 views

CVE-2026-48308

Premiere Pro is affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploit depends on conditions beyond the attacker's control...

5.9CVSS0.00156EPSS
Exploits0References1
CVE
CVE
added 3 days ago21 views

CVE-2026-46639

Twig 3.24.0–3.26.0 contains a sandbox bypass in object-destructuring assignment: CoreExtension::getAttribute() is called with sandboxed flag set to false, bypassing security policy checks and allowing a sandboxed template to read public properties or call public getters on objects. The issue is f...

7.1CVSS6.1AI score0.00351EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder