Lucene search
K

574 matches found

NVD
NVD
added 8 hours ago4 views

CVE-2026-8147

In MLflow versions prior to 3.14.0, when running with authentication enabled, the trace API endpoints lack proper authorization validators. This allows any authenticated user to bypass experiment-level authorization controls on all trace operations, including reading, deleting, and modifying trac...

8.1CVSS
Exploits0References2
RedHat Linux
RedHat Linux
added yesterday4 views

Important: Red Hat Security Advisory: Logging for Red Hat OpenShift - 6.4.6

Logging for Red Hat OpenShift - 6.4.6 Red Hat OpenShift Logging 6.4.6 is a cluster-wide logging solution for OpenShift that collects and manages applications, infrastructure, and audit logs...

9.6CVSS6.7AI score0.01557EPSS
Exploits2References11
NVD
NVD
added 2026/06/23 5:17 p.m.6 views

CVE-2026-44960

A stored XSS can be exploited by leveraging the usernames as an attack vector. When an admin user viewed the audit log details for affected entries, any malicious JavaScript payload embedded in the username would be executed due to missing output sanitisation. Proper escaping has been added to th...

0.00339EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 1:16 p.m.12 views

CVE-2026-56248

Cap-go capgo capgo-backend before 12.128.12 contains an unauthenticated denial-of-service vulnerability arising from the auditlogs table's Row-Level Security RLS policy when accessed via the Supabase PostgREST API. Because the PostgreSQL query planner executes costly logic before RLS rejection,...

8.7CVSS0.00359EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 12:12 p.m.7 views

EUVD-2026-38431

Cap-go capgo capgo-backend before 12.128.12 contains an unauthenticated denial-of-service vulnerability arising from the auditlogs table's Row-Level Security RLS policy when accessed via the Supabase PostgREST API. Because the PostgreSQL query planner executes costly logic before RLS rejection,...

8.7CVSS5.9AI score0.00359EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/23 12:12 p.m.33 views

CVE-2026-56248 Capgo - Unauthenticated Denial-of-Service via audit_logs RLS Policy

Cap-go capgo capgo-backend before 12.128.12 contains an unauthenticated denial-of-service vulnerability arising from the auditlogs table's Row-Level Security RLS policy when accessed via the Supabase PostgREST API. Because the PostgreSQL query planner executes costly logic before RLS rejection,...

8.7CVSS0.00359EPSS
Exploits0References2
CVE
CVE
added 2026/06/23 12:12 p.m.8 views

CVE-2026-56248

Cap-go capgo (capgo-backend) before 12.128.12 is affected. An unauthenticated DoS arises from the audit_logs table RLS policy when accessed via the Supabase PostgREST API; the query planner performs costly work before RLS rejection, so unfiltered public.audit_logs queries with the public anon key...

8.7CVSS5.9AI score0.00359EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/17 1:40 p.m.8 views

Important: Red Hat Security Advisory: Logging for Red Hat OpenShift - 6.0.15

Logging for Red Hat OpenShift - 6.0.15 Red Hat OpenShift Logging 6.0.15 is a cluster-wide logging solution for OpenShift that collects and manages applications, infrastructure, and audit logs...

8.8CVSS7.1AI score0.00728EPSS
Exploits0References8
NVD
NVD
added 2026/06/12 9:16 p.m.12 views

CVE-2026-44779

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, bot debug endpoints disclose whisper translation audit logs. This issue has been patched in versions 2026.1.4, 2026.3.1,...

4.3CVSS0.00235EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 8:22 p.m.25 views

CVE-2026-44779 Discourse: Bot debug endpoints disclose whisper translation audit logs

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, bot debug endpoints disclose whisper translation audit logs. This issue has been patched in versions 2026.1.4, 2026.3.1,...

4.3CVSS0.00235EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 8:22 p.m.19 views

CVE-2026-44779 Discourse: Bot debug endpoints disclose whisper translation audit logs

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, bot debug endpoints disclose whisper translation audit logs. This issue has been patched in versions 2026.1.4, 2026.3.1,...

4.3CVSS5.2AI score0.00235EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 8:22 p.m.8 views

EUVD-2026-36583

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, bot debug endpoints disclose whisper translation audit logs. This issue has been patched in versions 2026.1.4, 2026.3.1,...

4.3CVSS5.2AI score0.00235EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 8:22 p.m.26 views

CVE-2026-44779

CVE-2026-44779 affects Discourse. From versions 2026.1.0-latest up to before 2026.1.4, 2026.3.0-latest up to before 2026.3.1, and 2026.4.0-latest up to before 2026.4.1, bot debug endpoints disclose whisper translation audit logs. The issue has been patched in 2026.1.4, 2026.3.1, 2026.4.1, and 202...

4.3CVSS5.2AI score0.00235EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.12 views

PT-2026-48977

Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0-latest through 2026.1.3 Discourse versions 2026.3.0-latest through 2026.3.0 Discourse versions 2026.4.0-latest through 2026.4.0 Description Bot debug endpoints disclose whisper translation audit logs. Recommendation...

4.3CVSS5.2AI score0.00235EPSS
Exploits0References5
NVD
NVD
added 2026/06/11 12:16 p.m.12 views

CVE-2026-53912

Cerebrate before version 1.37 exposed credential material from self-registration requests. The self-registration workflow stored the registrant’s hashed password in the inbox message data payload. This payload was returned unredacted through inbox index and view responses, including HTML, JSON, a...

5.1CVSS0.00242EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/11 10:3 a.m.25 views

CVE-2026-53912 Cerebrate self-registration password hash exposure via inbox and audit log views

Cerebrate before version 1.37 exposed credential material from self-registration requests. The self-registration workflow stored the registrant’s hashed password in the inbox message data payload. This payload was returned unredacted through inbox index and view responses, including HTML, JSON, a...

5.1CVSS0.00242EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/11 10:3 a.m.8 views

EUVD-2026-36220

Cerebrate before version 1.37 exposed credential material from self-registration requests. The self-registration workflow stored the registrant’s hashed password in the inbox message data payload. This payload was returned unredacted through inbox index and view responses, including HTML, JSON, a...

5.1CVSS5.4AI score0.00242EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/11 10:3 a.m.9 views

CVE-2026-53912 Cerebrate self-registration password hash exposure via inbox and audit log views

Cerebrate before version 1.37 exposed credential material from self-registration requests. The self-registration workflow stored the registrant’s hashed password in the inbox message data payload. This payload was returned unredacted through inbox index and view responses, including HTML, JSON, a...

5.1CVSS5.4AI score0.00242EPSS
Exploits0References1
CVE
CVE
added 2026/06/11 10:3 a.m.19 views

CVE-2026-53912

Cerebrate before version 1.37 exposed credential material from self-registration requests. The self-registration workflow stored registrant password hashes in the inbox message payload, which were returned unredacted through inbox index/view responses (HTML/JSON/CSV) and could be written unredact...

5.1CVSS5.4AI score0.00242EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.16 views

PT-2026-48649

Cerebrate before version 1.37 exposed credential material from self-registration requests. The self-registration workflow stored the registrant’s hashed password in the inbox message data payload. This payload was returned unredacted through inbox index and view responses, including HTML, JSON, a...

5.1CVSS5.4AI score0.00242EPSS
Exploits0References2
Rows per page
Query Builder