Lucene search
K

71103 matches found

Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.12 views

PT-2026-49234

Improper Access Control, Missing Authorization vulnerability in MIA Technology Inc. Pizzy Library allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250...

7.1CVSS5.2AI score0.00174EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.13 views

PT-2026-49226

Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects MasterStudy LMS Pro: from n/a before 4.7.16...

6.5CVSS5.2AI score0.00196EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.11 views

PT-2026-49532

Name of the Vulnerable Software and Affected Versions elixir-grpc versions 0.8.0 through 0.9.x Description Authenticated attackers can access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. This occurs in...

7.6CVSS5.3AI score0.00273EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.8 views

PT-2026-49150

A security vulnerability has been detected in Ritlabs TinyWeb Server up to 1.94 on Win32. This impacts an unknown function in the library libeay32.dll.html of the component Header Handler. The manipulation of the argument Authorization leads to stack-based buffer overflow. The attack can be...

7.5CVSS6AI score0.00324EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.9 views

PT-2026-49165

Name of the Vulnerable Software and Affected Versions ShopXO versions prior to 6.7.2 Description An authorization bypass exists in the Scheduled Task Endpoint within the app/api/controller/Crontab.php file. This issue allows a remote attacker to bypass authorization by manipulating the OrderClose...

7.5CVSS7.3AI score0.00292EPSS
Exploits0References9
CVE
CVE
added 2026/06/15 12:0 a.m.13 views

CVE-2026-36537

ThingsBoard 4.3.0.1 is vulnerable to an authentication bypass during the OAuth authorization code exchange. The vulnerability arises because the application trusts user-supplied identity data in the user parameter of the /login/oauth2/code/ endpoint; by manipulating the email field in that JSON, ...

9.8CVSS5.5AI score0.00511EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 12:0 a.m.19 views

CVE-2026-38329

Bludit CMS is affected pre-3.18.4. The API Plugin's POST /api/files/{key} endpoint in bl-plugins/api/plugin.php fails authorization checks and lacks file extension validation, enabling an attacker with a valid API token to upload a PHP script and execute arbitrary code on the server (Remote Code ...

9.8CVSS6.3AI score0.00627EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 12:0 a.m.54 views

CVE-2026-38329

Bludit CMS before version 3.18.4 allows Remote Code Execution RCE via the API Plugin. The POST /api/files/key endpoint in bl-plugins/api/plugin.php fails to perform authorization checks and lacks file extension validation. An attacker with a valid API token can upload a malicious PHP script and...

0.00627EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.12 views

PT-2026-49526

Name of the Vulnerable Software and Affected Versions Dancer2::Plugin::Auth::OAuth versions prior to 0.22 Description The software defaults to a predictable nonce. This occurs because the default nonce is generated using an MD5 hash of the epoch time, which is a value representing the total numbe...

9.1CVSS5.9AI score0.00327EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.8 views

PT-2026-49553

Name of the Vulnerable Software and Affected Versions Starlette versions 1.0.1 and earlier Description In the HTTPEndpoint component, the handler is selected by lowercasing the HTTP method and looking it up as an attribute using getattr without restricting the lookup to a known set of HTTP verbs...

5.3CVSS5.2AI score0.00213EPSS
Exploits0References21
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.16 views

PT-2026-49580

Name of the Vulnerable Software and Affected Versions Angular versions prior to 22.0.1 Angular versions prior to 21.2.17 Angular versions prior to 20.3.25 Description An information disclosure issue exists in the @angular/service-worker package. When the Service Worker fetches assets, it preserve...

8.3CVSS5.9AI score0.00226EPSS
Exploits0References6
NVD
NVD
added 2026/06/14 11:16 p.m.9 views

CVE-2026-12190

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the component ai.mainfunc.genspark. The manipulation leads to improper authorization in handler for custom url scheme. The attack can only be performed from a local environment...

5.3CVSS0.00105EPSS
Exploits0References5
NVD
NVD
added 2026/06/14 11:16 p.m.7 views

CVE-2026-12189

A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzmate. Executing a manipulation can lead to improper authorization in handler for custom url scheme. The attack can only be executed locally. The exploit has been...

5.3CVSS0.00105EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/14 10:45 p.m.28 views

CVE-2026-12190 Genspark AI Workspace App ai.mainfunc.genspark improper authorization in handler for custom url scheme

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the component ai.mainfunc.genspark. The manipulation leads to improper authorization in handler for custom url scheme. The attack can only be performed from a local environment...

5.3CVSS0.00105EPSS
Exploits0References5
CVE
CVE
added 2026/06/14 10:45 p.m.22 views

CVE-2026-12190

The CVE-2026-12190 entry concerns Genspark AI Workspace App version 2.8.4 on Android, affecting the ai.mainfunc.genspark component. The issue is described as improper authorization in the handler for a custom URL scheme, with exploitation limited to a local environment. The provided documents do ...

5.3CVSS5.5AI score0.00105EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/14 10:45 p.m.7 views

CVE-2026-12190 Genspark AI Workspace App ai.mainfunc.genspark improper authorization in handler for custom url scheme

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the component ai.mainfunc.genspark. The manipulation leads to improper authorization in handler for custom url scheme. The attack can only be performed from a local environment...

5.3CVSS5.3AI score0.00105EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/14 10:30 p.m.22 views

CVE-2026-12189 Moovit Bus & Public Transit App com.tranzmate improper authorization in handler for custom url scheme

A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzmate. Executing a manipulation can lead to improper authorization in handler for custom url scheme. The attack can only be executed locally. The exploit has been...

5.3CVSS0.00105EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/14 10:30 p.m.7 views

CVE-2026-12189 Moovit Bus & Public Transit App com.tranzmate improper authorization in handler for custom url scheme

A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzmate. Executing a manipulation can lead to improper authorization in handler for custom url scheme. The attack can only be executed locally. The exploit has been...

5.3CVSS5.3AI score0.00105EPSS
Exploits0References6
CVE
CVE
added 2026/06/14 10:30 p.m.22 views

CVE-2026-12189

The CVE-2026-12189 entry concerns Moovit Bus & Public Transit App 1.18 on Android, affecting the com.tranzmate component. The flaw is described as improper authorization in the handler for a custom URL scheme, enabling a local attacker to manipulate the app. Exploitability is local with low attac...

5.3CVSS5.4AI score0.00105EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/14 12:0 a.m.11 views

PT-2026-49147

Name of the Vulnerable Software and Affected Versions Genspark AI Workspace App version 2.8.4 Description An issue exists in the ai.mainfunc.genspark component of the Android application. Improper authorization occurs within the handler for custom URL schemes, which can be exploited by an attacke...

5.3CVSS5.6AI score0.00105EPSS
Exploits0References7
Rows per page
Query Builder