Lucene search
K

500 matches found

Positive Technologies
Positive Technologies
added 5 days ago10 views

PT-2026-57268

Name of the Vulnerable Software and Affected Versions Snipe-IT versions prior to 8.6.0 Description An authenticated user can silently cancel pending asset requests of another user due to insufficient authorization. This occurs when the system processes the cancel by admin URL path segment in the...

5.3CVSS6.1AI score0.002EPSS
Exploits0References10
EUVD
EUVD
added 2026/07/07 3:19 a.m.5 views

EUVD-2026-41995

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, terminal websocket bootstrap routes only check authentication and do not enforce terminal authorization, allowing a low-privileged team member to connect to terminal routes...

9.9CVSS6AI score0.00405EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.9 views

PT-2026-56279

Name of the Vulnerable Software and Affected Versions Cap affected versions not specified Description The 'GET /api/video/ai' endpoint fails to validate user ownership or membership. This allows authenticated attackers to provide arbitrary video IDs to access private AI metadata, such as titles,...

7.1CVSS6AI score0.00216EPSS
Exploits0References8
The Hacker News
The Hacker News
added 2026/07/06 4:28 p.m.21 views

Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure

Threat actors have been observed attempting to exploit a recently patched critical security flaw in Gitea Docker images, according to Sysdig. The vulnerability in question is CVE-2026-20896 CVSS score: 9.8, a vulnerability that stems from the DevOps platform trusting the "X-WEBAUTH-USER" header...

9.8CVSS7.2AI score0.00783EPSS
Exploits4
OSV
OSV
added 2026/07/06 3:16 a.m.5 views

UBUNTU-CVE-2026-14790

A flaw has been found in GPAC 26.02.0. This affects the function nhmldumpsendframe of the file src/filters/writenhml.c of the component Media File Handler. Executing a manipulation can lead to null pointer dereference. The attack requires local access. The exploit has been published and may be...

4.8CVSS5.5AI score0.00115EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:15 a.m.10 views

CVE-2026-57352

Unauthenticated Broken Authentication in ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce = 2.2.0 versions...

4.8CVSS5.8AI score0.0021EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/01 9:11 p.m.6 views

CVE-2026-54262

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, a low-level user with the "Can submit translation" permission can create translations for any page, including those they do not have permissions for. This issue has been fixed in...

4.3CVSS5.8AI score0.00162EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/07/01 1:17 p.m.8 views

CVE-2026-53903

MCO is vulnerable to an Insecure Direct Object Reference IDOR vulnerability in the /customer/servlet/mco/webapi/trading-document/fetchPdfStatement endpoint. The application does not properly validate whether an authenticated user is authorized to access a requested document, allowing direct...

8.1CVSS0.00244EPSS
Exploits0References2
CVE
CVE
added 2026/06/26 4:9 p.m.25 views

CVE-2026-11779

Technical details about CVE-2026-11779 are not publicly available in the provided documents. Monitor for updates.

5.3CVSS5.8AI score0.00235EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.13 views

PT-2026-52205

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 13.6 through 18.11.5 GitLab CE/EE versions 19.0 through 19.0.2 GitLab CE/EE versions 19.1 through 19.1.0 Description Incorrect authorization checks in the group packages feature allow an authenticated user with...

4.3CVSS5.8AI score0.00193EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.7 views

Dell Wyse Management Suite < 2605 Multiple Vulnerabilities (DSA-2026-247)

The version of Dell Wyse Management Suite installed on the remote host is prior to 2605. It is, therefore, affected by multiple vulnerabilities, including: - Dell Wyse Management Suite WMS, versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command...

8.8CVSS5.9AI score0.00249EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.18 views

RHEL 9 : redis (RHSA-2026:28139)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28139 advisory. Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and...

8.8CVSS6.6AI score0.02995EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.23 views

PT-2026-51208

Name of the Vulnerable Software and Affected Versions BerriAI litellm versions prior to 1.82.3 Description An authentication bypass exists in the SSO Debug Flow component. A remote attacker can manipulate the json.dumps function within the file litellm/proxy/management endpoints/ui sso.py, which...

7.5CVSS7.1AI score0.00508EPSS
Exploits1References13
RedHat Linux
RedHat Linux
added 2026/06/17 12:19 p.m.9 views

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: out-of-bounds heap write in DRI2 DRIGetBuffers/DRIGetBuffersWithFormat

An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft can trigger an out-of-bounds heap write. This may be used to crash the server, or for...

7.8CVSS5.4AI score0.00148EPSS
Exploits0References7
NVD
NVD
added 2026/06/15 9:16 p.m.8 views

CVE-2026-39518

Subscriber Insecure Direct Object References IDOR in EventPrime = 4.3.0.0 versions...

7.1CVSS0.00278EPSS
Exploits0References1
Redos
Redos
added 2026/06/15 12:0 a.m.10 views

ROS-20260615-73-0021

The vulnerability of the xfAppUpdateWindowFromSurface function in the RDP client FreeRDP relates to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

9.8CVSS8.3AI score0.00587EPSS
Exploits1
EUVD
EUVD
added 2026/06/09 7:24 p.m.13 views

EUVD-2026-35804

Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issu...

8.2CVSS5.6AI score0.00168EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 11:16 a.m.12 views

CVE-2026-47352

Authenticated backend users were able to retrieve file metadata via several Backend API routes without proper permission checks, allowing access to files outside their permitted file mounts or storages. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.50, 12.0.0-12.4.45,...

5.3CVSS0.00238EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.16 views

Dell Inventory Collector Client 安全漏洞

Dell Inventory Collector Client is a terminal asset inventory tool developed by the American company Dell. Versions of Dell Inventory Collector Client prior to version 13.8.0 contained security vulnerabilities. These vulnerabilities were caused by improper link resolution before file access, whic...

6.3CVSS5.5AI score0.00085EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/07 5:8 a.m.10 views

CVE-2026-11191

An out of bounds memory access flaw was found in the ANGLE component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=503392431...

8.8CVSS5.4AI score0.00272EPSS
Exploits0References5
Rows per page
Query Builder