Lucene search
+L

21099 matches found

Cvelist
Cvelist
added 2 days ago33 views

CVE-2026-9588 Authenticated Stored Cross-Site Scripting (XSS) in Switchvox SMB Web Portal

A stored cross-site scripting XSS vulnerability exists in Sangoma Switchvox SMB Edition 8.3 104997 within the voicemail notification template functionality. The submitmodifyvoicemailtemplate endpoint fails to properly sanitize HTML content supplied by authenticated users, allowing malicious...

7CVSS0.00239EPSS
Exploits0References2
CVE
CVE
added 2 days ago10 views

CVE-2026-15783

CVE-2026-15783 (GitHub Enterprise Server) describes a missing authorization flaw where an authenticated user with write access to any repository could read metadata from private repositories they should not access. The attack path involves a delegated bypass endpoint that resolves a rule suite fr...

5.3CVSS5.5AI score0.00273EPSS
Exploits0References5
EUVD
EUVD
added 2 days ago9 views

EUVD-2026-45188

A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to cause service disruption by supplying a repository release notes configuration file containing deeply nested YAML. When release notes were generated, the configuration file was parse...

8.3CVSS5.4AI score0.00268EPSS
Exploits0References5
Cvelist
Cvelist
added 2 days ago36 views

CVE-2026-15007 Denial of service vulnerability in GitHub Enterprise Server allowed service disruption via deeply nested YAML in release notes configuration

A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to cause service disruption by supplying a repository release notes configuration file containing deeply nested YAML. When release notes were generated, the configuration file was parse...

8.3CVSS0.00268EPSS
Exploits0References5
CVE
CVE
added 2 days ago12 views

CVE-2026-15007

The CVE describes a Denial of Service in GitHub Enterprise Server caused by parsing a repository release notes configuration file with deeply nested YAML, without a nesting depth limit. When release notes are generated, this can consume excessive resources and render the instance unresponsive. Af...

8.3CVSS5.4AI score0.00268EPSS
Exploits0References5
CVE
CVE
added 2 days ago15 views

CVE-2026-62764

CVE-2026-62764 affects Apache Accumulo 2.1.4 and 2.1.5. An authenticated, low-privilege user without system permissions can remotely issue a command to gracefully shutdown several components (e.g., compaction-coordinator, compactor, gc, manager, monitor, tserver, or sserver), causing a denial of ...

5.7CVSS5.4AI score0.00295EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2 days ago11 views

CVE-2026-47084

A flaw was found in Cyrus IMAP cyrus-imapd. An authenticated user, without administrative privileges, could bypass Access Control List ACL checks by using the LOCALDELETE command. This allowed them to delete mailboxes for which they did not have the necessary permissions, leading to unauthorized...

6.5CVSS6.1AI score0.00203EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2 days ago13 views

CVE-2026-47083

A flaw was found in Cyrus IMAP. An authenticated user can exploit the ESEARCH command to discover the existence of folder names belonging to other user accounts. This vulnerability leads to information disclosure, allowing an attacker to gain unauthorized knowledge about the structure of other...

4.3CVSS6AI score0.00183EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2 days ago9 views

CVE-2026-47088

A flaw was found in Cyrus IMAP Internet Message Access Protocol daemon, cyrus-imapd. An authenticated IMAP user could exploit a heap exposure vulnerability during nested Multipurpose Internet Mail Extensions MIME comment parsing. By crafting an email message with a specially formed RFC 822 commen...

3.1CVSS6AI score0.00168EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2 days ago9 views

CVE-2026-47081

A flaw was found in Cyrus IMAP cyrus-imapd. An authenticated user could exploit this vulnerability by using the XAPPLEPUSHSERVICE command to determine if specific mailboxes exist on other users' accounts. This could allow the attacker to create Apple Push Notification Service APNS notifications f...

3.1CVSS6AI score0.00154EPSS
Exploits0References5
CVE
CVE
added 2 days ago16 views

CVE-2026-62236

grav-plugin-login before 3.8.11 contains a CSRF in the login.regenerate2FASecret frontend task, which regenerates and persists a new TOTP secret for the authenticated user without anti-CSRF nonce or Origin/Referer checks. Grav core dispatches the task via a top-level GET using the task: URI param...

5.4CVSS6.1AI score0.00099EPSS
Exploits0References2
CVE
CVE
added 2 days ago9 views

CVE-2026-62234

Grav 2.x prior to 2.0.4 contains an SSRF vulnerability in webhook dispatch where authenticated users with api.webhooks.write can create webhooks using file://, dict://, or gopher:// protocols. This unrestricted protocol handling can be leveraged to read local files, access process information, or...

8.4CVSS6.1AI score0.00297EPSS
Exploits0References2
NVD
NVD
added 3 days ago6 views

CVE-2026-44176

Kirby is an open-source content management system. Versions prior to 4.9.1 and 5.4.1 do not check the pages.access permission during page draft rendering. Permissions are defined for each user role in the user blueprint site/blueprints/users/.... It is also possible to customize the permissions f...

6CVSS0.00215EPSS
Exploits0References2
CVE
CVE
added 3 days ago17 views

CVE-2026-45334

Kirby CMS (versions < 4.9.1 and

5.3CVSS6AI score0.00365EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago10 views

EUVD-2026-45011

An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. There is heap exposure in nested MIME comment parsing. An authenticated IMAP user could craft an email message containing an RFC 822 comment ending with a backslash. When parsing the message, the server would read past the...

3.1CVSS6.1AI score0.00168EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago8 views

EUVD-2026-45006

An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. There is an ESEARCH cross-user content oracle. By using the ESEARCH command, an authenticated IMAP user could enumerate folder names under any account they could name. Search would return UIDs of messages matching the search,...

4.3CVSS6.2AI score0.00183EPSS
Exploits0References3
OSV
OSV
added 3 days ago4 views

CVE-2026-44176 Kirby: `pages.access` permission is not checked during rendering of page drafts

Kirby is an open-source content management system. Versions prior to 4.9.1 and 5.4.1 do not check the pages.access permission during page draft rendering. Permissions are defined for each user role in the user blueprint site/blueprints/users/.... It is also possible to customize the permissions f...

6CVSS5.4AI score0.00215EPSS
Exploits0References4
NVD
NVD
added 3 days ago11 views

CVE-2026-53409

Improper Privilege Management in Zoom Rooms for Windows before version 7.1.0 may allow an authenticated user to conduct an escalation of privilege via local access...

7.8CVSS0.00151EPSS
Exploits0References1
CVE
CVE
added 3 days ago43 views

CVE-2026-53410

CVE-2026-53410 describes a TOCTOU race condition in the installation and uninstallation flow of certain Zoom Clients for Windows that could allow an authenticated local user to escalate privileges. Affected components include Zoom Workplace for Windows, Zoom Workplace VDI Client, Zoom Workplace V...

7CVSS6.2AI score0.00093EPSS
Exploits0References1
CVE
CVE
added 3 days ago15 views

CVE-2026-53409

CVE-2026-53409 affects Zoom Rooms for Windows prior to 7.1.0. Root cause: improper privilege management that may allow an authenticated user to escalate privileges via local access. CVSS v3.1 base score 7.8 (HIGH) with LOCAL attack vector, low attack complexity, requiring LOW privileges and no us...

7.8CVSS6.2AI score0.00151EPSS
Exploits0References1
Rows per page
Query Builder