Lucene search
K

20989 matches found

CVE
CVE
added 2026/07/08 12:0 a.m.7 views

CVE-2026-39178

The CVE-2026-39178 issue affects SOGo up to version 5.12.6, where the contact search component exposes a SQL injection via the allContactSearch endpoint’s search parameter. The root cause is insufficient protection of the SQL query structure, enabling authenticated users to execute arbitrary SQL ...

6.3CVSS7.5AI score0.00157EPSS
Exploits0References2
CVE
CVE
added 2026/07/08 12:0 a.m.7 views

CVE-2026-35552

The CVE covers CAXperts UPVWebServices (versions 2.4.2212.603–2.7.6) and UDiTH Portal (2026.0.0–2026.2.0). An authenticated remote user can call an administrative API endpoint intended for privileged users because authorization checks are missing, enabling the attacker to deactivate the applicati...

8.1CVSS6AI score0.00276EPSS
Exploits0References2
CVE
CVE
added 2026/07/08 12:0 a.m.6 views

CVE-2026-39179

SOGo

6.3CVSS7.5AI score0.00157EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.6 views

PT-2026-56588

Name of the Vulnerable Software and Affected Versions GitLab EE versions 16.10 through 18.11.6 GitLab EE versions 19.0 through 19.0.3 GitLab EE versions 19.1 through 19.1.1 Description Improper authorization controls could allow an authenticated user to modify group-level settings beyond their...

4.3CVSS6.1AI score0.00161EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.6 views

PT-2026-56589

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 15.7 through 18.11.6 GitLab CE/EE versions 19.0 through 19.0.3 GitLab CE/EE versions 19.1 through 19.1.1 Description An issue exists where improper sanitization of user-supplied input could allow an authenticated user to...

7.3CVSS6.3AI score0.00243EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.7 views

PT-2026-56585

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 16.5 through 18.11.6 GitLab CE/EE versions 19.0 through 19.0.3 GitLab CE/EE versions 19.1 through 19.1.1 Description An issue exists where an authenticated user can create a repository where the content displayed in the w...

4.3CVSS6.1AI score0.00187EPSS
Exploits0References6
OSV
OSV
added 2026/07/08 12:0 a.m.3 views

CVE-2026-39178

A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute arbitrary SQL statements via the search parameter of the allContactSearch endpoint...

6.3CVSS7.2AI score0.00157EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/07 8:35 p.m.33 views

CVE-2026-55635 DataEase: Authenticated SQL Injection in Chart Quota Filters

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, chart quota and Y-axis filters embed attacker-controlled filter values directly into generated SQL in Quota2SQLObj.getYWheres without applying the SQL literal validation and escaping used by other filter paths,...

8.7CVSS0.00266EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/07 8:35 p.m.6 views

CVE-2026-55635

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, chart quota and Y-axis filters embed attacker-controlled filter values directly into generated SQL in Quota2SQLObj.getYWheres without applying the SQL literal validation and escaping used by other filter paths,...

8.7CVSS6AI score0.00266EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/07/07 8:35 p.m.12 views

CVE-2026-55635

DataEase contains an authenticated SQL injection in chart quota filters prior to version 2.10.24. The vulnerability arises when quota and Y-axis filters embed attacker-controlled values directly into generated SQL within Quota2SQLObj.getYWheres(), without applying the SQL literal validation and e...

8.7CVSS6AI score0.00266EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/07 4:37 p.m.52 views

CVE-2026-14904 RES Auth.GetUserPrivateKey Arbitrary File Read

AWS Research and Engineering Studio RES is an open-source solution that enables researchers and engineers to create and manage secure virtual desktops and computing resources on AWS. Improper link resolution before file access issue CWE-59 in the Auth.GetUserPrivateKey API. An authenticated remot...

7.1CVSS0.00381EPSS
Exploits0References2
OSV
OSV
added 2026/07/07 4:3 p.m.6 views

PYSEC-2026-1526 Langflow Vulnerable to Privilege Escalation via CLI Superuser Creation (Post-RCE)

This vulnerability was discovered by researchers at Check Point. We are sharing this report as part of a responsible disclosure process and are happy to assist in validation and remediation if needed. Summary A privilege escalation vulnerability exists in Langflow containers where an authenticate...

8.8CVSS6.4AI score0.00433EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/07/07 1:6 p.m.7 views

389-ds-base: 389-ds-base: Heap buffer overflow in sasl_io_recv() via padded SASL UNBIND

A heap buffer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. After a successful SASL bind with integrity protection SSF 0, an authenticated attacker can send a specially crafted oversized LDAP UNBIND packet that is copied into a 512-byte heap receive buffer...

8.8CVSS6.1AI score0.00627EPSS
Exploits0References4
OSV
OSV
added 2026/07/07 11:45 a.m.4 views

PYSEC-2026-1142 Airflow Sqoop Provider RCE Vulnerability

Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a vulnerability that allows an attacker pass parameters with the connections, which makes it possible to implement RCE attacks via ‘sqoop import --connect’, obtain airflow server permissions, etc. The attacker needs to be logged...

8.8CVSS7.1AI score0.01206EPSS
Exploits0References6
OSV
OSV
added 2026/07/07 11:45 a.m.6 views

PYSEC-2026-1465 Authenticated Local Privilege Escalation vulnerability in Intel Optimization for Tensorflow

Improper buffer restrictions in the IntelR Optimization for Tensorflow software before version 2.12 may allow an authenticated user to potentially enable escalation of privilege via local access...

5.5CVSS7.2AI score0.00152EPSS
Exploits0References4
CVE
CVE
added 2026/07/07 9:17 a.m.15 views

CVE-2026-48891

A vulnerability in Apache Airflow affects the UI at /ui/dependencies where the scheduling graph endpoint applies the caller’s readable-Dag filter to the top-level Dag key but still exposes Dag IDs in dep.source and dep.target for trigger/sensor entries. An authenticated UI user with read access t...

4.3CVSS6AI score0.00636EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/07/07 4:17 a.m.13 views

CVE-2026-42200

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, PostgreSQL initialization script generateinitscripts method in app/Actions/Database/StartPostgresql.php filename handling did not sufficiently restrict paths, allowing an...

8.8CVSS0.00542EPSS
Exploits0References4
NVD
NVD
added 2026/07/07 4:17 a.m.10 views

CVE-2026-42143

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, user-controlled persistent volume names are interpolated into shell commands executed on managed servers without escaping or validation, allowing an authenticated member to...

8.8CVSS0.00435EPSS
Exploits0References3
NVD
NVD
added 2026/07/07 4:17 a.m.11 views

CVE-2026-42145

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, the file upload endpoint app/Http/Controllers/UploadController.php for database backup restore uploads did not enforce file type or size validation, allowing an authenticat...

3.1CVSS0.0025EPSS
Exploits0References4
NVD
NVD
added 2026/07/07 4:17 a.m.13 views

CVE-2026-34168

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the LocalPersistentVolume.name field is interpolated directly into docker volume shell commands without shell argument escaping, allowing an authenticated user to set a...

8.8CVSS0.00403EPSS
Exploits0References3
Rows per page
Query Builder