Lucene search
K

399 matches found

NVD
NVD
β€’added 5 days agoβ€’5 views

CVE-2026-40009

Improper Privilege Management, Improper Access Control vulnerability in Apache IoTDB. Authenticated users can escalate to full tree-path access by renaming themselves to internalauditor. This issue affects Apache IoTDB: from 2.0.8 before 2.0.10. Users are recommended to upgrade to version 2.0.10,...

6.5CVSS0.00209EPSS
Exploits0References2
CVE
CVE
β€’added 5 days agoβ€’8 views

CVE-2026-40009

CVE-2026-40009 describes an Authenticated user privilege escalation issue in Apache IoTDB (versions 2.0.8–before 2.0.10). The vulnerability arises from improper privilege management and access control, allowing an authenticated user to escalate to full tree-path access by renaming themselves to _...

6.5CVSS6.1AI score0.00209EPSS
Exploits0References2
EUVD
EUVD
β€’added 5 days agoβ€’6 views

EUVD-2026-42837

Improper Privilege Management, Improper Access Control vulnerability in Apache IoTDB. Authenticated users can escalate to full tree-path access by renaming themselves to internalauditor. This issue affects Apache IoTDB: from 2.0.8 before 2.0.10. Users are recommended to upgrade to version 2.0.10,...

6.5CVSS6.1AI score0.00209EPSS
Exploits0References1
Cvelist
Cvelist
β€’added 5 days agoβ€’30 views

CVE-2026-40009 Apache IoTDB: Authenticated users can escalate to full tree-path access by renaming themselves to __internal_auditor

Improper Privilege Management, Improper Access Control vulnerability in Apache IoTDB. Authenticated users can escalate to full tree-path access by renaming themselves to internalauditor. This issue affects Apache IoTDB: from 2.0.8 before 2.0.10. Users are recommended to upgrade to version 2.0.10,...

0.00209EPSS
Exploits0References1
RedhatCVE
RedhatCVE
β€’added 6 days agoβ€’5 views

CVE-2026-6352

A flaw was found in GitLab Enterprise Edition EE. An authenticated user with auditor-level access could modify compliance violation records. This was possible due to improper authorization on certain GraphQL operations, allowing them to bypass intended access controls...

2.7CVSS5.9AI score0.00264EPSS
Exploits0References6
NVD
NVD
β€’added last weekβ€’10 views

CVE-2026-6352

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with auditor-level access to modify compliance violation records due to improper...

2.7CVSS0.00264EPSS
Exploits0References3
EUVD
EUVD
β€’added last weekβ€’7 views

EUVD-2026-42408

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with auditor-level access to modify compliance violation records due to improper...

2.7CVSS6AI score0.00264EPSS
Exploits0References3
Cvelist
Cvelist
β€’added last weekβ€’34 views

CVE-2026-6352 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with auditor-level access to modify compliance violation records due to improper...

2.7CVSS0.00264EPSS
Exploits0References3
CVE
CVE
β€’added last weekβ€’84 views

CVE-2026-6352

GitLab EE contains an authorization flaw in GraphQL operations that could allow an authenticated user with auditor-level access to modify compliance violation records. Affected versions include all 18.2-era releases before 18.11.7, all 19.0-era releases before 19.0.4, and all 19.1-era releases be...

2.7CVSS6AI score0.00264EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
β€’added 2026/06/19 7:21 p.m.β€’6 views

CVE-2026-49344

Mercator is an open source web application that enables mapping of the information system. Prior to version 2025.05.19, Mercator's Query Engine /admin/queries/execute accepts a JSON DSL from / select / filters / traverse / output, translates it into an Eloquent query, and returns results as JSON...

7.1CVSS5.8AI score0.00281EPSS
Exploits0References2Affected Software1
Packet Storm
Packet Storm
β€’added 2026/06/09 12:0 a.m.β€’72 views

πŸ“„ Python-Multipart Path Traversal

This code bundle contains two separate components related to the path traversal vulnerability affecting Python-Multipart versions prior to 0.0.22. ================================================================================================================================== | Title :...

8.6CVSS6.5AI score0.02228EPSS
Exploits5
Packet Storm News
Packet Storm News
β€’added 2026/06/08 12:0 a.m.β€’12 views

Semantic Multi-Agent Intrusion Detection for IoT:Zero-Day and Adversarial Threats with Risk-Aware Reasoning

The rapid proliferation of Internet of Things IoT devices has enabled unprecedented automation and connectivity, but it has also substantially increased the attack surface, exposing networks to sophisticated cyber threats, including zero-day and adversarial intrusions. Traditional Intrusion...

5.5AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
β€’added 2026/05/22 8:31 p.m.β€’11 views

Malicious code in defi-risk-scanner (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a8385c44127ab4250664e1324009461ae329e3684948d692cc679962d59f818 On first import defiriskscanner, the package's top-level init.py unconditionally runs curl -sL...

6AI score
Exploits0References6
Snyk
Snyk
β€’added 2026/05/22 2:43 a.m.β€’11 views

Malicious Package

Overview deployment-key-auditor is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
β€’added 2026/05/22 2:43 a.m.β€’17 views

Malicious Package

Overview python-env-auditor is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
β€’added 2026/05/22 2:42 a.m.β€’13 views

Malicious Package

Overview defi-env-auditor is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
OSV
OSV
β€’added 2026/05/22 1:53 a.m.β€’8 views

MAL-2026-4246 Malicious code in python-env-auditor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32ffd6ffbc7ab684cc6bd3dbbd29d4bb608f07ea2b9d2ffd460e95a279824699 Package fetches and executes a mutable, unpinned third-party npm package env-security-scanner@latest on every install and on every Python import. The...

6.2AI score
Exploits0References2
OSV
OSV
β€’added 2026/05/20 10:36 p.m.β€’7 views

MAL-2026-4206 Malicious code in deployment-key-auditor (npm)

A coordinated supply-chain attack comprising 10 npm packages published by maintainer ddjidd5640 [email protected] within a 48-hour window 2026-05-19T03:55Z – 2026-05-21T04:31Z. All packages masquerade as legitimate Web3/DeFi developer security tools MCP servers while silently exfiltrating...

5.8AI score
Exploits0References17
OSSF Malicious Packages
OSSF Malicious Packages
β€’added 2026/05/20 10:36 p.m.β€’15 views

Malicious code in deployment-key-auditor (npm)

A coordinated supply-chain attack comprising 10 npm packages published by maintainer ddjidd5640 [email protected] within a 48-hour window 2026-05-19T03:55Z – 2026-05-21T04:31Z. All packages masquerade as legitimate Web3/DeFi developer security tools MCP servers while silently exfiltrating...

5.8AI score
Exploits0References17
OSSF Malicious Packages
OSSF Malicious Packages
β€’added 2026/05/20 10:34 p.m.β€’18 views

Malicious code in defi-env-auditor (npm)

A coordinated supply-chain attack comprising 10 npm packages published by maintainer ddjidd5640 [email protected] within a 48-hour window 2026-05-19T03:55Z – 2026-05-21T04:31Z. All packages masquerade as legitimate Web3/DeFi developer security tools MCP servers while silently exfiltrating...

5.9AI score
Exploits0References16
Rows per page
Query Builder