Lucene search
K

730 matches found

NVD
NVD
added 2026/06/12 5:16 p.m.10 views

CVE-2026-53981

Cap-go prior to 12.128.2 contains an account takeover vulnerability in its email change mechanism that allows an attacker with temporary authenticated session access to change the registered email address without re-authentication such as password or MFA verification. Attackers can redirect...

7.6CVSS0.00267EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/12 3:42 p.m.10 views

CVE-2026-53981 Cap-go < v12.128.2 Account Takeover via Unauthenticated Email Change Mechanism

Cap-go prior to 12.128.2 contains an account takeover vulnerability in its email change mechanism that allows an attacker with temporary authenticated session access to change the registered email address without re-authentication such as password or MFA verification. Attackers can redirect...

7.6CVSS5.3AI score0.00267EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/12 3:42 p.m.10 views

EUVD-2026-36496

Cap-go prior to 12.128.2 contains an account takeover vulnerability in its email change mechanism that allows an attacker with temporary authenticated session access to change the registered email address without re-authentication such as password or MFA verification. Attackers can redirect...

7.6CVSS5.3AI score0.00267EPSS
Exploits0References3
CVE
CVE
added 2026/06/12 3:42 p.m.19 views

CVE-2026-53981

Cap-go prior to 12.128.2 contains an account-takeover vulnerability in its email-change mechanism. An attacker with a temporary authenticated session can change the registered email address without re-authentication (no password or MFA verification), redirect verification to an attacker-controlle...

7.6CVSS5.3AI score0.00267EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/12 3:42 p.m.31 views

CVE-2026-53981 Cap-go < v12.128.2 Account Takeover via Unauthenticated Email Change Mechanism

Cap-go prior to 12.128.2 contains an account takeover vulnerability in its email change mechanism that allows an attacker with temporary authenticated session access to change the registered email address without re-authentication such as password or MFA verification. Attackers can redirect...

7.6CVSS0.00267EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.27 views

PT-2026-48934

Name of the Vulnerable Software and Affected Versions Cap-go versions prior to 12.128.2 Description An account takeover issue exists in the email change mechanism. An attacker with temporary authenticated session access can change the registered email address without requiring re-authentication,...

7.6CVSS5.3AI score0.00267EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/10 8:59 a.m.9 views

CVE-2026-46748

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 6. The affected system includes a binary that is configured with the capdacoverride capability. This capability allows the process to bypass file system permission checks, resulting in unrestricted file system access...

8.8CVSS5.5AI score0.00206EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.8 views

EulerOS 2.0 SP13 : libcap (EulerOS-SA-2026-2295)

According to the versions of the libcap packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use TOCTOU race condition in the capsetfile function...

7CVSS5.5AI score0.00188EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.9 views

EulerOS 2.0 SP11 : libcap (EulerOS-SA-2026-2211)

According to the versions of the libcap packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use TOCTOU race condition in the capsetfile function...

7CVSS5.5AI score0.00188EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/06/08 2:9 a.m.17 views

Important: Red Hat Security Advisory: libcap security update

An update for libcap is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...

7CVSS5.5AI score0.00188EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.13 views

AlmaLinux 10 : kernel (ALSA-2026:18134)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:18134 advisory. kernel: tcpbpf: Fix the skmemuncharge logic in tcpbpfsendmsg CVE-2024-56633 kernel: KVM: x86: Load DR6 with guest value only before entering .vcpurun lo...

7.8CVSS8.1AI score0.00344EPSS
Exploits8References27
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.9 views

RHEL 8 : libcap (RHSA-2026:24346)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:24346 advisory. Libcap is a library for getting and setting POSIX.1e formerly POSIX 6 draft 15 capabilities. Security Fixes: libcap: libcap: Privilege escalation vi...

7CVSS5.6AI score0.00188EPSS
Exploits1References4
OSV
OSV
added 2026/06/05 9:45 p.m.8 views

GHSA-5X67-J5XG-C5GJ Bugsink: DOS using large numbers of event tags

Summary In affected versions, Bugsink stores every tag supplied with an incoming event. An event with an unusually large number of custom i.e. supplied by an attacker tags can therefore make ingestion spend more time than intended writing tag rows. Bugsink uses a single-writer database...

4.3CVSS5.5AI score0.00056EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/05 9:45 p.m.14 views

Bugsink: DOS using large numbers of event tags

Summary In affected versions, Bugsink stores every tag supplied with an incoming event. An event with an unusually large number of custom i.e. supplied by an attacker tags can therefore make ingestion spend more time than intended writing tag rows. Bugsink uses a single-writer database...

5.5AI score0.00056EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.10 views

CVE-2026-45254

In the case of the capnet service, when a key present in the old limit was omitted from the new limit, the missing key was treated as "allow any" instead of being rejected. In certain scenarios, an application that had previously restricted a subset of network operations could ask for a new limit...

6.5CVSS5.5AI score0.00194EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.9 views

PT-2026-49061

Summary In affected versions, Bugsink stores every tag supplied with an incoming event. An event with an unusually large number of custom i.e. supplied by an attacker tags can therefore make ingestion spend more time than intended writing tag rows. Bugsink uses a single-writer database...

4.3CVSS5.5AI score0.00056EPSS
Exploits0References4
OSV
OSV
added 2026/06/04 7:37 p.m.10 views

GHSA-JPVJ-WPMJ-H7RV Supply chain compromise via malicious @cap-js/openapi

Impact On May 19, 2026, a compromised version of @cap-js/[email protected] was published. The malicious packages harvested credentials and attempted self-propagation. If a compromised version was installed, all credentials accessible on that machine npm tokens, cloud provider credentials, SSH keys,...

9.6CVSS5.8AI score
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/03 8:24 p.m.14 views

Important: Red Hat Security Advisory: libcap security update

An update for libcap is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring Syst...

7CVSS5.8AI score0.00188EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/02 2:15 p.m.39 views

CVE-2026-48862 Unbounded conn.streams growth in Mint HTTP/2 client via unenforced PUSH_PROMISE concurrency

Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client via PUSHPROMISE flooding. In lib/mint/http2.ex, Mint.HTTP2.decodepushpromiseheadersandaddresponse/5 inserts a :reservedremote entry...

8.2CVSS0.00384EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/02 2:15 p.m.11 views

CVE-2026-48862 Unbounded conn.streams growth in Mint HTTP/2 client via unenforced PUSH_PROMISE concurrency

Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client via PUSHPROMISE flooding. In lib/mint/http2.ex, Mint.HTTP2.decodepushpromiseheadersandaddresponse/5 inserts a :reservedremote entry...

8.2CVSS5.8AI score0.00384EPSS
Exploits0References4
Rows per page
Query Builder