Lucene search
K

3179 matches found

Positive Technologies
Positive Technologies
added 5 days ago10 views

PT-2026-53164

Name of the Vulnerable Software and Affected Versions khoj-ai khoj versions prior to 2.0.0-beta.29 Description A flaw in the Conversation Sharing Handler component within the file src/khoj/routers/api chat.py allows for incorrect authorization. This occurs through the manipulation of the...

6.5CVSS6AI score0.00165EPSS
Exploits0References11
NVD
NVD
added last week8 views

CVE-2026-55189

RustFS is a distributed object storage system built in Rust. From 1.0.0-alpha.1 until 1.0.0-beta.9, when the FTP frontend is enabled, the FTP read and probe handlers dispatch directly to the storage backend without ever calling the IAM authorization function that the FTP write/list handlers and t...

7.7CVSS0.00201EPSS
Exploits0References1
NVD
NVD
added last week7 views

CVE-2026-55188

RustFS is a distributed object storage system built in Rust. From 1.0.0-alpha.1 until 1.0.0-beta.9, RustFS contains an authorization bypass in the bucket replication admin API. The ListRemoteTargetHandler handler for listing remote replication targets only checks whether request credentials exist...

8.2CVSS0.00181EPSS
Exploits0References1
Cvelist
Cvelist
added last week24 views

CVE-2026-55188 RustFS: ListRemoteTargetHandler authorization bypass leaks replication target credentials

RustFS is a distributed object storage system built in Rust. From 1.0.0-alpha.1 until 1.0.0-beta.9, RustFS contains an authorization bypass in the bucket replication admin API. The ListRemoteTargetHandler handler for listing remote replication targets only checks whether request credentials exist...

8.2CVSS0.00181EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added last week7 views

CVE-2026-55189

RustFS is a distributed object storage system built in Rust. From 1.0.0-alpha.1 until 1.0.0-beta.9, when the FTP frontend is enabled, the FTP read and probe handlers dispatch directly to the storage backend without ever calling the IAM authorization function that the FTP write/list handlers and t...

7.7CVSS5.8AI score0.00201EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added last week7 views

EUVD-2026-39831

Nx is a monorepo solution for TypeScript and polyglot codebases. From 17.0.4 until 22.7.2 and 23.0.0-beta.2, the local HTTP server started by nx graph sent Access-Control-Allow-Origin: on every response, letting any website a developer visited read the server's responses cross-origin — including...

5.9CVSS5.9AI score0.00812EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.9 views

PT-2026-52964

Name of the Vulnerable Software and Affected Versions RustFS versions 1.0.0-alpha.1 through 1.0.0-beta.8 Description An authorization bypass exists in the bucket replication admin API. The ListRemoteTargetHandler handler for listing remote replication targets verifies the existence of request...

8.2CVSS5.8AI score0.00181EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52965

Name of the Vulnerable Software and Affected Versions RustFS versions 1.0.0-alpha.1 through 1.0.0-beta.8 Description When the FTP frontend is enabled, the FTP read and probe handlers dispatch directly to the storage backend without calling the IAM authorization function used by the FTP write/list...

7.7CVSS5.8AI score0.00201EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.12 views

Astra Linux – Vulnerability in openexr

There is a flaw in OpenEXR’s scanline input file functionality in versions before 3.0.0-beta. An attacker who can submit a crafted file for processing by OpenEXR could consume excessive system memory. The most significant impact of this flaw is on system availability...

5.5CVSS6.8AI score0.0096EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in openexr

A flaw was discovered in OpenEXR’s B44 uncompression functionality in versions prior to 3.0.0-beta. An attacker who can submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting the availability of the application...

5.3CVSS6.8AI score0.01848EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. This issue only affects clients. An integer underflow can lead to a Denial of Service DOS vulnerability, for example, an abort due to WINPRASSERT with default compilation flags. When an...

7.5CVSS6.8AI score0.01385EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/16 6:40 p.m.33 views

CVE-2026-48777 FileBrowser Quantum: Path Traversal in public share PATCH allows file ops outside shared directory

FileBrowser Quantum is a free, self-hosted, web-based file manager. Versions prior to 1.3.2-stable, 1.4.0-beta and 1.4.1-beta are vulnerable to Path Traversal through the publicPatchHandler in backend/http/public.go which joins user-controlled fromPath and toPath body fields with the trusted...

9.3CVSS0.00446EPSS
Exploits0References3
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.165 views

strapi CMS <3.0.0-beta.17.5 - Admin Password Reset

strapi CMS before 3.0.0-beta.17.5 allows admin password resets because it mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js. id: CVE-2019-18818 info: name: strapi CMS 3.0.0-beta.17.5 - Admin Password Reset...

9.8CVSS8.2AI score0.97639EPSS
Exploits13References5
NVD
NVD
added 2026/06/15 6:16 p.m.12 views

CVE-2026-47777

Mastodon is a free, open-source social network server based on ActivityPub. In versions there is a missing condition in the check if remote accounts consented to be featured in a remote Collection could lead to attackers bypassing the check and faking consent. An attacker could forge the...

7.5CVSS0.00167EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 4:54 p.m.7 views

EUVD-2026-36742

Mastodon is a free, open-source social network server based on ActivityPub. In versions there is a missing condition in the check if remote accounts consented to be featured in a remote Collection could lead to attackers bypassing the check and faking consent. An attacker could forge the...

7.5CVSS5.4AI score0.00167EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/15 4:54 p.m.12 views

CVE-2026-47777 Mastodon has a consent-check bypass in its remote Collections

Mastodon is a free, open-source social network server based on ActivityPub. In versions there is a missing condition in the check if remote accounts consented to be featured in a remote Collection could lead to attackers bypassing the check and faking consent. An attacker could forge the...

7.5CVSS5.4AI score0.00167EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.11 views

PT-2026-49260

Name of the Vulnerable Software and Affected Versions Mastodon versions prior to 4.6.0 Description A missing condition in the verification process for remote accounts consenting to be featured in a remote Collection allows attackers to bypass checks and fake consent. An attacker can forge the...

7.5CVSS5.4AI score0.00167EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/12 11:6 p.m.4 views

User Impersonation

Overview @openclaw/qqbot is an OpenClaw QQ Bot channel plugin for group and direct-message workflows. Affected versions of this package are vulnerable to User Impersonation in the QQBot streaming command. An attacker can alter configuration settings by accessing the command without meeting explic...

7.7CVSS5.9AI score0.00172EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 8:36 p.m.28 views

CVE-2026-54395 MISP UiBeta event index reflected XSS in advanced filter popup

MISP contains a reflected cross-site scripting vulnerability in the UiBeta event index view. The urlparams value is inserted into an inline JavaScript handler using HTML escaping inside a single-quoted JavaScript string. Because browsers HTML-decode attribute values before JavaScript parsing, a...

5.3CVSS0.00256EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 8:36 p.m.18 views

CVE-2026-54395

CVE-2026-54395 affects MISP (UiBeta event index view) with a reflected XSS in the advanced filter popup. The urlparams value is inserted into an inline JavaScript handler inside a single-quoted string; browsers HTML-decode attribute values before JS parsing, enabling an attacker to craft a URL th...

5.3CVSS5.2AI score0.00256EPSS
Exploits0References1
Rows per page
Query Builder