Lucene search
+L

159 matches found

RedhatCVE
RedhatCVE
added 2 days ago5 views

CVE-2026-48808

A flaw was found in Twig, a template language for PHP. The column filter in Twig fails to properly forward the active sandbox state, specifically the current Source to the SandboxExtension::checkPropertyAllowed function. This oversight results in the loss of SourcePolicyInterface decisions,...

7.5CVSS6AI score0.0026EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:53 p.m.9 views

Malicious code in @contentprod-authoring/block-manager (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fa028931eef026447363bc2ef44ace207f4f3226de4289e354d26d730fa28186 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-289 Azure AI Language Authoring Elevation of Privilege Vulnerability can Lead to RCE

Deserialization of untrusted data in the Azure AI Language Conversations Authoring client library for Python allows an unauthorized attacker to execute code over a network...

9.8CVSS5.9AI score0.02344EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/13 8:33 a.m.13 views

CVE-2026-42535

A flaw was found in the moddavfs module of Apache HTTP Server. A WebDAV Web Distributed Authoring and Versioning content author could exploit a path handling issue to directly manipulate trusted DAV property databases. This manipulation could potentially lead to child process crashes, resulting i...

9.1CVSS5.2AI score0.00538EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.24 views

PT-2026-47319

Name of the Vulnerable Software and Affected Versions Apache versions prior to 2.4.68 Description A path handling issue in the mod dav fs module allows a WebDAV content author to directly manipulate trusted DAV property databases, which can potentially lead to child process crashes. Recommendatio...

9.8CVSS5.4AI score0.8377EPSS
Exploits6References134
Packet Storm News
Packet Storm News
added 2026/06/05 12:0 a.m.12 views

Demand-Driven Vulnerability Detection for Cloud Security Posture Management: Removing Human Rule Authoring from the Disclosure-To-Protection Critical Path

Cloud Security Posture Management CSPM systems detect known vulnerabilities by maintaining a rule set, distributing it to customers, and evaluating it against periodically-collected asset inventories. To our knowledge, in publicly documented architectures the rule set is environment-agnostic and...

5.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/02 9:52 p.m.12 views

CVE-2026-45283

A flaw was found in Nextcloud Server. An authenticated user could exploit this vulnerability to lock or unlock files belonging to other users by manipulating WebDAV Web Distributed Authoring and Versioning paths. This issue also led to the disclosure of lock tokens in error responses, potentially...

6.3CVSS5.6AI score0.00211EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/27 5:17 p.m.7 views

Missing Authorization

Overview pimcore/pimcore is a content & product management framework CMS/PIM/E-Commerce. Affected versions of this package are vulnerable to Missing Authorization via the Tree::move process. An attacker can delete or overwrite assets without proper authorization by sending a crafted WebDAV MOVE...

8.1CVSS5.8AI score0.00141EPSS
Exploits0References2
OSV
OSV
added 2026/05/21 12:36 p.m.9 views

CLSA-2026-1779366970 tomcat6: Fix of CVE-2026-41284

CVE-2026-41284: tomcat6: WebDAV LOCK/PROPFIND unbounded request body DoS...

7.5CVSS5.8AI score0.0078EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/25 11:34 p.m.6 views

UNIX Symbolic Link (Symlink) Following

Overview Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following via the WebDAV backend process. An attacker can access and modify files outside the intended directory by exploiting symbolic links that point outside the designated root. This is only exploitable if...

9.1CVSS5.8AI score0.0033EPSS
Exploits0References3
CVE
CVE
added 2026/04/17 10:45 a.m.9 views

CVE-2026-5131

GREENmod uses named pipes for communication between plugins, the web portal, and the system service, with ACLs configured incorrectly. This can allow an attacker to communicate with the stream and upload XML or JSON files, which are processed by the named pipe under the service user’s privileges,...

6.9CVSS5.7AI score0.00426EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/15 9:45 a.m.7 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring and Dashboard operands are vulnerable to denial of service (CVE-2026-0994)

Summary Python module protobuf is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring and Dashboard operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in...

8.2CVSS6.6AI score0.00613EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/13 10:6 a.m.7 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service (CVE-2026-34043)

Summary Node.js module serialize-javascript is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in...

7.5CVSS5.7AI score0.00472EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/02 10:55 p.m.8 views

CVE-2026-5311

A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function...

6.9CVSS5.8AI score0.00991EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/02 10:53 a.m.7 views

CVE-2026-0932

Blind server-side request forgery SSRF vulnerability in legacy connection methods of document co-authoring features in M-Files Server before 26.3 allow an unauthenticated attacker to cause the server to send HTTP GET requests to arbitrary URLs...

7.3CVSS6AI score0.00195EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/01 10:3 a.m.2 views

CVE-2026-0932

Blind server-side request forgery SSRF vulnerability in legacy connection methods of document co-authoring features in M-Files Server before 26.3 allow an unauthenticated attacker to cause the server to send HTTP GET requests to arbitrary URLs...

6.9CVSS6AI score0.00195EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/01 10:3 a.m.4 views

CVE-2026-0932

Blind server-side request forgery SSRF vulnerability in legacy connection methods of document co-authoring features in M-Files Server before 26.3 allow an unauthenticated attacker to cause the server to send HTTP GET requests to arbitrary URLs...

6.9CVSS6AI score0.00195EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.6 views

PT-2026-29509

Blind server-side request forgery SSRF vulnerability in legacy connection methods of document co-authoring features in M-Files Server before 26.3 allow an unauthenticated attacker to cause the server to send HTTP GET requests to arbitrary URLs...

6.9CVSS6AI score0.00195EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/31 3:5 p.m.5 views

Security Bulletin: IBM App Connect Enterprise Certified Container is vulnerable to loss of confidentiality (CVE-2025-68121)

Summary IBM App Connect Enterprise Certified Container operator and DesignerAuthoring, IntegrationRuntime and IntegrationServer operands are vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported vulnerability in Golang module crypto/tls...

10CVSS6.7AI score0.00765EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/18 4:9 p.m.5 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to arbitrary code execution (GHSA-5c6j-r48x-rmvq)

Summary Node.js module serialize-javascript is used by IBM App Connect Enterprise Certified Container DesignerAuthoring operands. DesignerAuthoring operands are vulnerable to arbitrary code execution. This bulletin provides patch information to address the reported vulnerability in Node.js module...

8.1CVSS7.6AI score0.03009EPSS
Exploits0Affected Software1
Rows per page
Query Builder