Lucene search
+L

8 matches found

NVD
NVD
added yesterday9 views

CVE-2026-15783

A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with write access to any repository to read metadata from private repositories they did not have access to, including private repository owners and names, branch names, commit SHAs,...

5.3CVSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2026/05/27 12:28 p.m.19 views

CVE-2026-1933

A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-onl...

7.1CVSS5.7AI score0.00862EPSS
Exploits0
Snyk
Snyk
added 2026/05/21 5:56 p.m.9 views

Improper Validation of Integrity Check Value

Overview sagemaker is an Open source library for training and deploying models on Amazon SageMaker. Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value in the Triton inference handler. An attacker can execute arbitrary code with the SageMaker execution...

9.1CVSS6.3AI score0.0039EPSS
Exploits0References2
OSV
OSV
added 2026/04/01 7:48 p.m.4 views

CVE-2026-34748 @payloadcms/next has Stored XSS in Admin Panel

Payload is a free and open source headless content management system. Prior to version 3.78.0 in @payloadcms/next, a stored Cross-Site Scripting XSS vulnerability existed in the admin panel. An authenticated user with write access to a collection could save content that, when viewed by another...

8.7CVSS5.9AI score0.00286EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/09 7:50 p.m.32 views

CVE-2026-25497 Craft has a GraphQL Asset Mutation Privilege Escalation

Craft is a platform for creating digital experiences. In Craft versions from 4.0.0-RC1 to before 4.17.0-beta.1 and 5.9.0-beta.1, there is a Privilege Escalation vulnerability in Craft CMS’s GraphQL API that allows an authenticated user with write access to one asset volume to escalate their...

8.6CVSS0.00426EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/06 5:47 p.m.34 views

CVE-2026-24135 Gogs vulnerable to arbitrary file deletion via path traversal in wiki page update

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, a path traversal vulnerability exists in the updateWikiPage function of Gogs. The vulnerability allows an authenticated user with write access to a repository's wiki to delete arbitrary files on the server by manipulatin...

7.2CVSS0.00654EPSS
Exploits1References1
EUVD
EUVD
added 2026/02/06 5:47 p.m.8 views

EUVD-2026-5642

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, a path traversal vulnerability exists in the updateWikiPage function of Gogs. The vulnerability allows an authenticated user with write access to a repository's wiki to delete arbitrary files on the server by manipulatin...

7.2CVSS5.5AI score0.00654EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2018/08/02 7:0 a.m.14 views

CVE-2018-14847

MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface...

9.1AI score0.96087EPSS
Exploits23References8
Rows per page
Query Builder