Lucene search
+L

73 matches found

osv
osv
added last week5 views

CVE-2026-55659 Grist: XSS through unsafe value interpolation in server-rendered pages

Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, several server-rendered Grist pages embedded user-controlled values into the page and into inline scripts without fully escaping them, allowing cross-site scripting. On the main application page, a document's nam...

7.7CVSS5.8AI score0.00275EPSS
Exploits0References5
euvd
euvd
added last week6 views

EUVD-2026-42890

Vikunja before 2.2.1 contains an authorization flaw where the LinkSharing.ReadAll endpoint exposes share hashes to users with read access, enabling permission escalation to admin-level shares. The GetTaskAttachment endpoint performs permission checks against user-supplied task IDs but fetches...

9.8CVSS6.1AI score0.00351EPSS
Exploits0References2
osv
osv
added 2026/07/03 4:16 p.m.4 views

UBUNTU-CVE-2026-14614

A flaw was found in the ClientResource component of Keycloak's admin services when Fine-Grained Admin Permissions FGAP v2 is enabled. This issue allows a delegated administrator, who should only have limited control over specific clients, to attach or remove hidden client scopes that they are not...

5.4CVSS5.9AI score0.00146EPSS
Exploits0References4
euvd
euvd
added 2026/05/21 8:34 p.m.10 views

EUVD-2026-31345

LiteLLM prior to 1.83.10 allows a user to modify their own userrole via the /user/update endpoint. While the endpoint correctly restricts users to updating only their own account, it does not restrict which fields may be changed. A user who can reach this endpoint can set their role to proxyadmin...

8.8CVSS5.8AI score0.00653EPSS
Exploits2References7
vulnrichment
vulnrichment
added 2026/05/14 4:8 p.m.8 views

CVE-2026-20209 Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to elevate their privileges from low to high and perform actions as a high-privileged user. This vulnerability exists because sensitive...

5.4CVSS5.8AI score0.00194EPSS
Exploits0References2
osv
osv
added 2026/03/26 11:38 p.m.4 views

CVE-2026-28788 Open WebUI's process_files_batch() endpoint missing ownership check, allows unauthorized file overwrite

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can overwrite any file's content by ID through the POST /api/v1/retrieval/process/files/batch endpoint. The endpoint performs no ownership check, so a...

7.1CVSS5.9AI score0.02858EPSS
Exploits1References3
attackerkb
attackerkb
added 2026/03/11 9:25 p.m.3 views

CVE-2026-27591

Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Prior to 1.0.477, 1.1.12, and 1.2.12, Winter CMS allowed authenticated backend users to escalate their accounts level of access to the system by modifying the roles / permissions assigned to their...

9.9CVSS5.8AI score0.00486EPSS
Exploits0References5Affected Software1
cnnvd
cnnvd
added 2026/03/10 12:0 a.m.8 views

Microsoft Azure Entra ID 安全漏洞

Microsoft Azure Entra ID is a cloud-based identity and access management service provided by Microsoft Corporation in the United States. There are security vulnerabilities associated with Microsoft Azure Entra ID. Attackers can exploit these vulnerabilities to gain higher levels of access...

8.1CVSS5.8AI score0.00359EPSS
Exploits0References1
nessus
nessus
added 2026/02/13 12:0 a.m.6 views

SAP NetWeaver AS ABAP Missing Authorization Check (3674774)

The version of SAP NetWeaver Application Server ABAP detected on the remote host is affected by a missing authorization check vulnerability as disclosed in the SAP Security Patch Day February 2026: - SAP NetWeaver Application Server ABAP and ABAP Platform is affected by a missing authorization...

9.6CVSS6AI score0.00337EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/01/09 8:56 a.m.8 views

CVE-2023-40176

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can exploit a stored XSS through their user profile by setting the payload as the value of the time zone user preference. Even though the time zone is selected from a drop...

9CVSS5.8AI score0.78879EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/07 9:29 a.m.15 views

CVE-2019-12617

In SilverStripe through 4.3.3, there is access escalation for CMS users with limited access through permission cache pollution...

4CVSS7.1AI score0.00855EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/01/01 6:37 p.m.6 views

CVE-2025-69203 Signal K Server Vulnerable to Access Request Spoofing

Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 of the access request system have two related features that when combined by themselves and with an information disclosure vulnerability enable convincing social engineering attacks against...

6.3CVSS5.8AI score0.00272EPSS
Exploits1References2
redhatcve
redhatcve
added 2025/12/12 1:6 a.m.10 views

CVE-2025-66429

An issue was discovered in cPanel 110 through 132. A directory traversal vulnerability within the Team Manager API allows for overwrite of an arbitrary file. This can allow for privilege escalation to the root user...

8.8CVSS7.3AI score0.00721EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/12/04 6:17 p.m.16 views

CVE-2025-66223

OpenObserve is a cloud-native observability platform. Prior to version 0.16.0, organization invitation tokens do not expire once issued, remain valid even after the invited user is removed from the organization, and allow multiple invitations to the same email with different roles where all issue...

8.4CVSS7AI score0.00238EPSS
Exploits0References1
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-9695

Malware in sbrugna...

9.3CVSS8.5AI score0.00318EPSS
Exploits0References3
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-0967

Malware in sbrugna...

9.8CVSS8.5AI score0.01338EPSS
Exploits0References7
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-2734

Malware in sbrugna...

10CVSS9.3AI score0.00965EPSS
Exploits0References2
euvd
euvd
added 2025/10/07 12:30 a.m.8 views

EUVD-2021-18868

Malware in sbrugna...

7.8CVSS7.6AI score0.00339EPSS
Exploits0References3
euvd
euvd
added 2025/10/07 12:30 a.m.8 views

EUVD-2019-0733

Malware in sbrugna...

4CVSS3.6AI score0.00855EPSS
Exploits0References8
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-14826

Malicious code in bioql PyPI...

6.7CVSS6.5AI score0.00364EPSS
Exploits1References2
Rows per page
Query Builder