Lucene search
K

2488 matches found

OSV
OSV
added 2026/04/17 2:40 p.m.4 views

SUSE-SU-2026:1443-1 Security update for NetworkManager

This update for NetworkManager fixes the following issue: Security fixes: - CVE-2025-9615: Fixed non-admin user using others' certificates bsc1257359. Other fixes: - Don't renew DHCP lease when software devices' MAC is empty bsc1225498...

3.3CVSS5.7AI score0.00162EPSS
Exploits0References4
OSV
OSV
added 2026/04/17 9:58 a.m.10 views

SUSE-SU-2026:1427-1 Security update for NetworkManager

This update for NetworkManager fixes the following issue: - CVE-2025-9615: Fixed non-admin user using others' certificates bsc1257359...

3.3CVSS5.7AI score0.00162EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/16 9:17 p.m.7 views

CVE-2026-34164

Valtimo is an open-source business process automation platform. In versions 13.0.0 through 13.21.0, the InboxHandlingService logs the full content of every incoming inbox message at INFO level. Inbox messages can contain highly sensitive information including personal data PII, citizen identifier...

4.9CVSS5.8AI score0.00366EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/04/16 9:17 p.m.11 views

CVE-2026-34164

CVE-2026-34164 concerns Valtimo, where the InboxHandlingService logged the full content of incoming inbox messages at INFO level across versions 13.0.0–13.21.0. This exposed sensitive data (PII, BSN, case details) to anyone with log access or admin UI users. The issue was fixed in 13.22.0: the lo...

4.9CVSS5.8AI score0.00366EPSS
Exploits0References5
Snyk
Snyk
added 2026/04/16 8:42 p.m.8 views

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the InboxHandlingService. An attacker can access sensitive information such as personal data, citizen identifiers, and case details by viewing application logs that contain full inbox...

7.1CVSS5.8AI score0.00366EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.4 views

PT-2026-33366

Name of the Vulnerable Software and Affected Versions Valtimo versions 13.0.0 through 13.21.0 Description The InboxHandlingService function handle in the inbox module logs the full content of every incoming inbox message at the INFO level. These messages may contain sensitive information, such as...

4.9CVSS5.8AI score0.00366EPSS
Exploits0References9
CVE
CVE
added 2026/04/14 3:19 p.m.14 views

CVE-2026-2405

CVE-2026-2405 is a CWE-400 Uncontrolled Resource Consumption vulnerability. According to the documents, a Web Admin flooding the system with POST /helpabout requests can cause excessive troubleshooting ZIP file creation, leading to denial of service. The CVSS 4.0 vector yields a base score of 5.3...

6.5CVSS5.8AI score0.00245EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/14 7:22 a.m.12 views

CVE-2026-6003

A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This issue affects some unknown processing of the file /admin/user.php. Such manipulation of the argument fname leads to cross site scripting. The attack may be performed from remote. The exploit has been...

4.8CVSS4.2AI score0.00202EPSS
Exploits0References1
OSV
OSV
added 2026/04/10 7:49 p.m.3 views

GHSA-HM2H-WWWH-G49X Ech0 Scope Bypass: profile:read Access Token Can Change Admin Password and Escalate to Unrestricted Session

Summary The PUT /user endpoint is protected by RequireScopes"profile:read", which is a read-only scope. However, the endpoint performs write operations including password changes. An attacker who obtains an admin's restricted profile:read access token can change the admin's password, then login t...

6.5CVSS5.8AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/10 2:15 a.m.2 views

CVE-2026-6003 code-projects Simple IT Discussion Forum user.php cross site scripting

A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This issue affects some unknown processing of the file /admin/user.php. Such manipulation of the argument fname leads to cross site scripting. The attack may be performed from remote. The exploit has been...

4.8CVSS4.2AI score0.00202EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/10 2:15 a.m.2 views

CVE-2026-6003

A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This issue affects some unknown processing of the file /admin/user.php. Such manipulation of the argument fname leads to cross site scripting. The attack may be performed from remote. The exploit has been...

4.8CVSS4.2AI score0.00202EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/04/10 2:15 a.m.5 views

EUVD-2026-21284

A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This issue affects some unknown processing of the file /admin/user.php. Such manipulation of the argument fname leads to cross site scripting. The attack may be performed from remote. The exploit has been...

4.8CVSS4.2AI score0.00202EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/10 2:15 a.m.29 views

CVE-2026-6003 code-projects Simple IT Discussion Forum user.php cross site scripting

A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This issue affects some unknown processing of the file /admin/user.php. Such manipulation of the argument fname leads to cross site scripting. The attack may be performed from remote. The exploit has been...

4.8CVSS0.00202EPSS
Exploits0References5
CNVD
CNVD
added 2026/04/10 12:0 a.m.10 views

IBM DataPower Gateway Information Disclosure Vulnerability (CNVD-2026-19179)

IBM DataPower Gateway is a suite of International Business Machines IBM security and integration platforms designed specifically for mobile, cloud, application programming interfaces APIs, web, service-oriented architecture SOA, B2B and cloud workloads. The platform protects, integrates and...

6.8CVSS5.8AI score0.00252EPSS
Exploits0
CNVD
CNVD
added 2026/04/10 12:0 a.m.4 views

OpenClaw elevation of privilege vulnerability (CNVD-2026-17893)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an elevation of privilege vulnerability that can be exploited by an attacker to cause an invoker with pairing privileges but no administrator privileges to approve pending device requests that request ...

9.9CVSS7.5AI score0.00624EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.3 views

PT-2026-31858

Name of the Vulnerable Software and Affected Versions code-projects Simple IT Discussion Forum version 1.0 Description A security issue exists in code-projects Simple IT Discussion Forum 1.0 related to the processing of the /admin/user.php file. Manipulation of the fname argument can lead to cros...

4.8CVSS4.4AI score0.00202EPSS
Exploits0References10
NVD
NVD
added 2026/04/09 5:16 p.m.16 views

CVE-2026-39957

Lychee is a free, open-source photo-management tool. Prior to 7.5.4, a SQL operator-precedence bug in SharingController::listAll causes the orWhereNotNull'usergroupid' clause to escape the ownership filter applied by the when block. Any authenticated non-admin user with upload permission who owns...

4.3CVSS0.00208EPSS
Exploits1References3
CVE
CVE
added 2026/04/09 4:14 p.m.17 views

CVE-2026-39957

Lychee (open-source photo manager) prior to version 7.5.4 is affected by a SQL operator-precedence bug in SharingController::listAll() that causes the orWhereNotNull('user_group_id') clause to bypass the ownership filter within the when() block. This allows any authenticated non-admin user with u...

4.3CVSS6AI score0.00208EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/04/08 7:15 p.m.4 views

GHSA-7CM9-V848-CFH2 CI4MS has stored XSS via Unescaped Blacklist Note in Admin User List

Summary The blacklist ban note parameter in UserController::ajaxblackListpost is stored in the database without sanitization and rendered into an HTML data-note attribute without escaping. An admin with blacklist privileges can inject arbitrary JavaScript that executes in the browser of any other...

4.8CVSS6AI score0.0023EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/04/08 7:15 p.m.6 views

CI4MS has stored XSS via Unescaped Blacklist Note in Admin User List

Summary The blacklist ban note parameter in UserController::ajaxblackListpost is stored in the database without sanitization and rendered into an HTML data-note attribute without escaping. An admin with blacklist privileges can inject arbitrary JavaScript that executes in the browser of any other...

4.8CVSS6.1AI score0.0023EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder