Lucene search
K

2269 matches found

Nuclei
Nuclei
added 15 hours ago24 views

Lightdash v0.1024.6 - Server-Side Request Forgery

Server-Side Request Forgery “SSRF” in the export dashboard functionality of Lightdash version 0.1024.6 allows remote authenticated threat actors to obtain the session cookie of any user who exports a crafted dashboard. When they are exported, dashboards containing HTML elements can trigger HTTP...

7.3CVSS6.1AI score0.01786EPSS
Exploits0References2
NVD
NVD
added yesterday7 views

CVE-2026-50657

Exposure of private personal information to an unauthorized actor in Microsoft Defender allows an authorized attacker to disclose information locally...

4.7CVSS
Exploits1References1
NVD
NVD
added yesterday9 views

CVE-2026-33842

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally...

5.5CVSS
Exploits0References1
CVE
CVE
added yesterday11 views

CVE-2026-34349

CVE-2026-34349 describes a local information disclosure in Windows Media where sensitive data is exposed to an unauthorized actor, potentially enabling a local attacker with low privileges and no user interaction to disclose information. The report notes a CVSSv3.1 base score of 5.5 (Medium), wit...

5.5CVSS6AI score
Exploits0References1
Microsoft CVE
Microsoft CVE
added yesterday10 views

Windows Push Notification Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally...

5.5CVSS6.1AI score
Exploits0
NVD
NVD
added last week8 views

CVE-2026-35210

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 7.260326.0, an authorization bypass vulnerability in OpenCTI allows any authenticated user with KNOWLEDGEKNUPDATE permission to bypass Confidence Level validation and Object Marking...

7.1CVSS0.00252EPSS
Exploits0References4
Cvelist
Cvelist
added last week33 views

CVE-2026-35210 OpenCTI: Authorization Bypass via `synchronized-upsert` HTTP Header Injection

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 7.260326.0, an authorization bypass vulnerability in OpenCTI allows any authenticated user with KNOWLEDGEKNUPDATE permission to bypass Confidence Level validation and Object Marking...

7.1CVSS0.00252EPSS
Exploits0References4
CVE
CVE
added last week13 views

CVE-2026-35210

Summary: OpenCTI prior to version 7.260326.0 contains an authorization bypass via the synchronized-upsert: true HTTP header, exploitable by any authenticated user with KNOWLEDGE_KNUPDATE permission. This allows bypassing Confidence Level validation and Object Marking restrictions, enabling attack...

7.1CVSS5.9AI score0.00252EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.12 views

PT-2026-56601

Name of the Vulnerable Software and Affected Versions OpenCTI versions prior to 7.260326.0 Description An authorization bypass allows authenticated users with KNOWLEDGE KNUPDATE permission to circumvent Confidence Level validation and Object Marking restrictions. This is achieved by injecting the...

7.1CVSS6.1AI score0.00252EPSS
Exploits0References8
Snyk
Snyk
added 2026/07/04 9:0 p.m.6 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code and was identified as part of the PolinRider supply chain campaign, linked to North Korean threat actors associated with the Contagious Interview/Famous Chollima activity...

9.8CVSS6AI score
Exploits0References2
NVD
NVD
added 2026/07/03 9:17 p.m.7 views

CVE-2026-58297

Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attacker to disclose information over a network...

7.1CVSS0.00309EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/07/03 2:0 p.m.7 views

Microsoft Edge for Android Information Disclosure Vulnerability

Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attacker to disclose information over a network...

7.1CVSS5.9AI score0.00309EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/07/03 2:0 p.m.8 views

Microsoft Edge for Android Information Disclosure Vulnerability

Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attacker to disclose information over a network...

7.1CVSS5.9AI score0.00303EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/07/01 2:54 p.m.7 views

CVE-2026-58033

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Actions/InfoAction.Php. This issue affects MediaWiki: from before 1.46.0, 1.45.4, 1.44.6, 1.43.9...

5.3CVSS5.8AI score0.00413EPSS
Exploits0References2
NVD
NVD
added 2026/06/18 10:16 p.m.16 views

CVE-2026-47633

Exposure of sensitive information to an unauthorized actor in Cost Management Interactive Experiences allows an unauthorized attacker to disclose information over a network...

7.5CVSS0.0057EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:2 p.m.13 views

CVE-2026-42907

Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally...

6.5CVSS5.4AI score0.00816EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 5:17 p.m.10 views

CVE-2026-42907

Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information over a network...

6.5CVSS0.00816EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 5:6 p.m.31 views

CVE-2026-42907

Technical details (affected software, component, root cause, impact and remediation) are not publicly available in the provided documents. Monitor for updates.

6.5CVSS6.5AI score0.00816EPSS
Exploits0References1Affected Software10
Microsoft CVE
Microsoft CVE
added 2026/06/09 2:0 p.m.11 views

Visual Studio Code Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Visual Studio Code allows an unauthorized attacker to disclose information over a network...

6.5CVSS5.4AI score0.00763EPSS
Exploits0
Redos
Redos
added 2026/06/09 12:0 a.m.7 views

ROS-20260609-73-0030

The vulnerability in Thunderbird is related to insufficient checking of unusual or exceptional states. Exploiting this vulnerability can allow a malicious actor to cause service failures...

7.5CVSS5.4AI score0.00577EPSS
Exploits0
Rows per page
Query Builder