Lucene search
+L

107 matches found

RedhatCVE
RedhatCVE
added 2026/07/10 12:24 p.m.8 views

CVE-2026-59262

A flaw was found in AFFiNE. This vulnerability allows an authenticated workspace member to bypass document read permissions by supplying arbitrary document Globally Unique Identifiers GUIDs to the histories GraphQL field. This can lead to information disclosure, enabling attackers to retrieve ful...

7.1CVSS6.1AI score0.00238EPSS
Exploits0References7
NVD
NVD
added 2026/07/08 4:16 p.m.10 views

CVE-2026-59262

AFFiNE's histories GraphQL field fails to validate Doc.Read permission before exposing document edit history, allowing authenticated workspace members to retrieve restricted content timelines. Attackers can supply arbitrary document GUIDs to access full edit histories including user names, emails...

7.1CVSS0.00238EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/08 3:44 p.m.31 views

CVE-2026-59262 AFFiNE - Unauthorized Document Edit History Access via GraphQL histories Field

AFFiNE's histories GraphQL field fails to validate Doc.Read permission before exposing document edit history, allowing authenticated workspace members to retrieve restricted content timelines. Attackers can supply arbitrary document GUIDs to access full edit histories including user names, emails...

7.1CVSS0.00238EPSS
Exploits0References4
OSV
OSV
added 2026/07/08 3:44 p.m.3 views

CVE-2026-59262 AFFiNE - Unauthorized Document Edit History Access via GraphQL histories Field

AFFiNE's histories GraphQL field fails to validate Doc.Read permission before exposing document edit history, allowing authenticated workspace members to retrieve restricted content timelines. Attackers can supply arbitrary document GUIDs to access full edit histories including user names, emails...

7.1CVSS6.2AI score0.00238EPSS
Exploits0References6
Fedora
Fedora
added 2026/07/04 12:51 a.m.8 views

[SECURITY] Fedora 44 Update: leptonica-1.87.0-4.fc44

The library supports many operations that are useful on Document images Natural images Fundamental image processing and image analysis operations Rasterop aka bitblt Affine transforms scaling, translation, rotation, shear on images of arbitrary pixel depth Projective and bi-linear transforms Bina...

9.8CVSS6.8AI score0.01735EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.16 views

Astra Linux – Vulnerability in mbedtls

A vulnerability was discovered in Arm Mbed TLS before versions 2.16.6 and 2.7.x, prior to 2.7.15. An attacker who can obtain precise side-channel measurements can recover the long-term ECDSA private key by 1 reconstructing the projective coordinates of the result of scalar multiplication by...

4.7CVSS5.1AI score0.00247EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in nss

When converting coordinates from projective to affine, the modular inversion was not performed in constant time, allowing for a timing-based side channel attack. This vulnerability affects Firefox versions less than 80, as well as Firefox for Android versions less than 80...

4.7CVSS6.7AI score0.00268EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.7 views

CVE-2026-7702

A vulnerability was detected in toeverything AFFiNE up to 0.26.3. This issue affects the function allowDocPreview of the file /workspace/:workspaceId/:docId of the component Public Markdown Preview Endpoint. The manipulation results in authorization bypass. It is possible to launch the attack...

6.9CVSS5.8AI score0.00314EPSS
Exploits0References1
NVD
NVD
added 2026/05/03 4:15 p.m.30 views

CVE-2026-7702

A vulnerability was detected in toeverything AFFiNE up to 0.26.3. This issue affects the function allowDocPreview of the file /workspace/:workspaceId/:docId of the component Public Markdown Preview Endpoint. The manipulation results in authorization bypass. It is possible to launch the attack...

6.9CVSS0.00314EPSS
Exploits0References4
CVE
CVE
added 2026/05/03 3:45 p.m.27 views

CVE-2026-7702

Summary: CVE-2026-7702 affects toeverything AFFiNE up to version 0.26.3, specifically the Public Markdown Preview Endpoint’s function allowDocPreview in /workspace/:workspaceId/:docId. The issue yields an authorization bypass and can be exploited remotely. The exploit is publicly available per th...

6.9CVSS5.8AI score0.00314EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/03 3:45 p.m.14 views

CVE-2026-7702

A vulnerability was detected in toeverything AFFiNE up to 0.26.3. This issue affects the function allowDocPreview of the file /workspace/:workspaceId/:docId of the component Public Markdown Preview Endpoint. The manipulation results in authorization bypass. It is possible to launch the attack...

6.9CVSS5.5AI score0.00314EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/05/03 3:45 p.m.24 views

EUVD-2026-26840

A vulnerability was detected in toeverything AFFiNE up to 0.26.3. This issue affects the function allowDocPreview of the file /workspace/:workspaceId/:docId of the component Public Markdown Preview Endpoint. The manipulation results in authorization bypass. It is possible to launch the attack...

6.9CVSS5.8AI score0.00314EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/03 3:45 p.m.58 views

CVE-2026-7702 toeverything AFFiNE Public Markdown Preview Endpoint :docId allowDocPreview authorization

A vulnerability was detected in toeverything AFFiNE up to 0.26.3. This issue affects the function allowDocPreview of the file /workspace/:workspaceId/:docId of the component Public Markdown Preview Endpoint. The manipulation results in authorization bypass. It is possible to launch the attack...

6.9CVSS0.00314EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/03 3:45 p.m.6 views

CVE-2026-7702 toeverything AFFiNE Public Markdown Preview Endpoint :docId allowDocPreview authorization

A vulnerability was detected in toeverything AFFiNE up to 0.26.3. This issue affects the function allowDocPreview of the file /workspace/:workspaceId/:docId of the component Public Markdown Preview Endpoint. The manipulation results in authorization bypass. It is possible to launch the attack...

6.9CVSS5.8AI score0.00314EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/03 12:0 a.m.11 views

Toeverything AFFiNE 授权问题漏洞

Toeverything AFFiNE is an open-source knowledge management software developed by Toeverything. Versions of Toeverything AFFiNE prior to 0.26.3 had an authorization vulnerability. This vulnerability stemmed from the allowDocPreview function in the component Public Markdown Preview Endpoint, which...

6.9CVSS6AI score0.00314EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/04 1:56 a.m.5 views

CVE-2026-25477

AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.26.0, there is an Open Redirect vulnerability located at the /redirect-proxy endpoint. The flaw exists in the domain validation logic, where an improperly anchored Regular Expression allows an attacker to...

6.9CVSS5.8AI score0.00164EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/04 1:56 a.m.10 views

CVE-2026-21853

AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.25.4, there is a one-click remote code execution vulnerability. This vulnerability can be exploited by embedding a specially crafted affine: URL on a website. An attacker can trigger the vulnerability in tw...

8.8CVSS6.6AI score0.00606EPSS
Exploits1References1
NVD
NVD
added 2026/03/02 8:16 p.m.6 views

CVE-2026-25477

AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.26.0, there is an Open Redirect vulnerability located at the /redirect-proxy endpoint. The flaw exists in the domain validation logic, where an improperly anchored Regular Expression allows an attacker to...

6.9CVSS0.00164EPSS
Exploits0References1
NVD
NVD
added 2026/03/02 7:16 p.m.5 views

CVE-2026-21853

AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.25.4, there is a one-click remote code execution vulnerability. This vulnerability can be exploited by embedding a specially crafted affine: URL on a website. An attacker can trigger the vulnerability in tw...

8.8CVSS0.00606EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/02 7:14 p.m.27 views

CVE-2026-25477 AFFiNE: Open Redirect via Regex Bypass in redirect-proxy

AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.26.0, there is an Open Redirect vulnerability located at the /redirect-proxy endpoint. The flaw exists in the domain validation logic, where an improperly anchored Regular Expression allows an attacker to...

6.9CVSS0.00164EPSS
Exploits0References1
Rows per page
Query Builder