Lucene search
+L

1468 matches found

NVD
NVD
added 2026/04/13 5:16 a.m.3 views

CVE-2026-40446

Access of resource using incompatible type 'type confusion' vulnerability in Samsung Open Source Escargot allows Pointer Manipulation.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335...

9.8CVSS0.00231EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/08 6:0 p.m.5 views

EUVD-2026-20556

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, customers in shared organizations means they can see each other's tickets could see fields which are not intended for customers - including fields not intended for them at all e.g. priority, custom ticket attribut...

2.1CVSS5.9AI score0.00193EPSS
Exploits0References1
NVD
NVD
added 2026/04/03 2:16 p.m.5 views

CVE-2026-28736

UNSUPPORTED WHEN ASSIGNED Focalboard version 8.0 fails to validate file ownership when serving uploaded files. This allows an authenticated attacker who knows a victim's fileID to read the content of the file. NOTE: Focalboard as a standalone product is not maintained and no fix will be issued...

4.3CVSS0.00221EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/01 12:30 a.m.3 views

CVE-2025-71281

XenForo before 2.3.7 does not properly restrict methods callable from within templates. A loose prefix match was used instead of a stricter first-word match for methods accessible through callbacks and variable method calls in templates, potentially allowing unauthorized method invocations...

8.8CVSS5.8AI score0.00333EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/27 7:10 a.m.5 views

BIT-DISCOURSE-2026-33291 Discourse user can create Zendesk tickets even when it does not have access to topic

Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, moderators can create Zendesk tickets for topics they do not have access to view. This affects all forums that use the Zendesk plugin. Versions 2026.3.0, 2026.2.1, and 2026.1.2 contain a patch. No...

5.4CVSS5.9AI score0.00196EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:16 p.m.6 views

CVE-2026-28844

A file access issue was addressed with improved input validation. This issue is fixed in macOS Tahoe 26.4. An attacker may gain access to protected parts of the file system...

6.5CVSS5.8AI score0.00336EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.6 views

CVE-2026-32267

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.6 and from version 5.0.0-RC1 to before version 5.9.12, a low-privilege user or an unauthenticated user who has been sent a shared URL can escalate their privileges to admin by abusing...

9.8CVSS5.7AI score0.0773EPSS
Exploits1References1
NVD
NVD
added 2026/03/25 1:17 a.m.6 views

CVE-2026-28844

A file access issue was addressed with improved input validation. This issue is fixed in macOS Tahoe 26.4. An attacker may gain access to protected parts of the file system...

6.5CVSS0.00336EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/25 12:35 a.m.2 views

CVE-2026-20701

An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to connect to a network share without user consent...

5.8AI score0.0042EPSS
Exploits0References4
CVE
CVE
added 2026/03/25 12:35 a.m.15 views

CVE-2026-20701

CVE-2026-20701 is an access issue in macOS where an app may connect to a network share without user consent. The vulnerability is addressed by applying additional sandbox restrictions and is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, and macOS Tahoe 26.4. The published description notes ...

7.5CVSS5.8AI score0.0042EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/25 12:32 a.m.22 views

CVE-2026-28844

A file access issue was addressed with improved input validation. This issue is fixed in macOS Tahoe 26.4. An attacker may gain access to protected parts of the file system...

0.00336EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/25 12:32 a.m.1 views

CVE-2026-28844

A file access issue was addressed with improved input validation. This issue is fixed in macOS Tahoe 26.4. An attacker may gain access to protected parts of the file system...

5.8AI score0.00336EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/19 9:33 p.m.3 views

CVE-2026-27935 Discourse leaks private topic metadata to non-authorized users

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a vulnerability in an API endpoint that discloses private topic metadata of admin users to moderator users even if the moderators do not have access to the private topics. Versions...

6.9CVSS5.8AI score0.0027EPSS
Exploits0References4
CVE
CVE
added 2026/03/19 9:33 p.m.27 views

CVE-2026-27935

Product and vulnerability : Discourse (open-source discussion platform) is affected. Affected versions : prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2. Root cause : an API endpoint vulnerability that discloses private topic metadata of admin users to moderator users who do not have access to...

6.9CVSS5.8AI score0.0027EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/11 4:5 p.m.1 views

CVE-2025-12704 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to access Virtual Registry data in groups where they are not members due to improper authorization under certain...

3.5CVSS5.8AI score0.00215EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/04 6:56 p.m.11 views

Incorrect Authorization

Overview @openclaw/zalo is an OpenClaw Zalo channel plugin Affected versions of this package are vulnerable to Incorrect Authorization through improper access control in the pairing store process. An attacker can gain unauthorized access to another account's direct message pairing by leveraging...

8.1CVSS5.8AI score0.00165EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/03 12:0 a.m.6 views

EUVD-2021-22126

Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpoint /ui/rest-proxy/campaign/statistic for the View Campaign page via the sortColumn HTTP GET parameter. This allows an attacker to access sensitive...

6AI score0.00235EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/12 12:0 a.m.11 views

PT-2026-7858

An issue in the "My Details" user profile functionality of Ideagen Q-Pulse 7.1.0.32 allows an authenticated user to view other users' profile information by modifying the objectKey HTTP parameter in the My Details page URL...

5.5AI score0.00162EPSS
Exploits0References4
OSV
OSV
added 2026/02/06 6:52 p.m.11 views

GHSA-VF6J-C56P-CQ58 MCP-Salesforce's arbitrary attribute access leads to disclosure of Salesforce auth token

Impact Disclosure of Salesforce OAuth bearer tokens used by the MCP. Patches fix applied in 0.1.10 Workarounds Rotate any Salesforce tokens/credentials used by MCP-Salesforce...

8.7CVSS5.3AI score0.00409EPSS
Exploits0References5
NVD
NVD
added 2026/01/30 10:15 p.m.14 views

CVE-2025-36407

IBM® Db2® is vulnerable to a denial of service with a specially crafted query that uses ALTER TABLE operations...

6.5CVSS0.00275EPSS
Exploits0References1
Rows per page
Query Builder