Lucene search
K

52 matches found

CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

Roxy-WI 安全漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Roxy-WI versions 8.2.6.4 and earlier contain security vulnerabilities. These vulnerabilities stem from the lack of role and group checks in the installation process for Blueprint endpoints. Any...

9.9CVSS5.3AI score0.00267EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.9 views

CVE-2026-40214

In OpenStack Cyborg before 16.0.1, the Accelerator Request ARQ API does not enforce project ownership at any layer. The projectid column in the database is never populated NULL for every ARQ, database queries have no project filtering, and policy checks are self-referential the authorizewsgi...

6.3CVSS5.5AI score0.00206EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/13 2:21 p.m.10 views

CVE-2026-28873

This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.4 and iPadOS 26.4. An app may be able to circumvent App Privacy Report logging...

7.5CVSS5.8AI score0.00308EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/08 1:26 p.m.9 views

CVE-2026-44335 SSRF bypass in PraisonAI

PraisonAI is a multi-agent teams system. Prior to version 1.6.32, the URL checking logic in PraisonAI has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. This issue has been patched in version 1.6.32...

8.7CVSS5.7AI score0.00378EPSS
Exploits1References1
Snyk
Snyk
added 2026/05/06 9:59 p.m.9 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the GET /api/v1/stable/dags/tasks endpoint via improper tenant checks in the listTasksByDAGIds function. An attacker can access sensitive task metadata belonging to other tenants by...

6.5CVSS5.8AI score0.00181EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.6 views

Vikunja 安全漏洞

Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja prior to 2.3.0 contained security vulnerabilities. These vulnerabilities stemmed from the permission checking logic when changing the parent project ID, which was inconsistent with the recursive...

8.3CVSS5.8AI score0.0029EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.8 views

Rack 信息泄露漏洞

Rack is a modular Ruby web server interface developed by Rack authors. Versions of Rack prior to 2.2.23, 3.1.21, and 3.2.6 contained an information leakage vulnerability. This vulnerability stemmed from Rack::Static’s use of simple string prefix checks to determine whether a request should be...

7.5CVSS5.8AI score0.00387EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/09 9:17 p.m.2 views

CVE-2026-28431

Misskey is an open source, federated social media platform. All Misskey servers running versions 8.45.0 and later, but prior to 2026.3.1, contain a vulnerability that allows bad actors access to data that they ordinarily wouldn't be able to access due to insufficient permission checks and proper...

9.2CVSS5.8AI score0.00249EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.10 views

FreeRDP 安全漏洞

FreeRDP is an open-source RDP protocol implementation developed by the FreeRDP team. Versions of FreeRDP prior to 3.23.0 contained a security vulnerability, which was caused by the lack of boundary checks in smartcardunpackreadsizealign, potentially leading to client crashes...

6.5CVSS6.6AI score0.00256EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/02/15 7:10 a.m.15 views

CVE-2025-14067

The Easy Form Builder plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple AJAX actions in all versions up to, and including, 3.9.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve...

5.3CVSS5.5AI score0.00231EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.3 views

Unity Linux 20.1070e Security Update: rpm (UTSA-2025-680608)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-680608 advisory. It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A...

7.8CVSS6.5AI score0.00481EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/22 5:35 a.m.3 views

CVE-2015-7229

The Twitter module 6.x-5.x before 6.x-5.2, 7.x-5.x before 7.x-5.9, and 7.x-6.x before 7.x-6.0 for Drupal does not properly check access permissions, which allows remote authenticated users to post tweets to arbitrary accounts by leveraging the 1 "post to twitter" permission or change the options...

3.5CVSS6.8AI score0.00981EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/05/19 6:29 p.m.5 views

webkitgtk: A malicious website may exfiltrate data cross-origin

A flaw was found in WebKitGTK. A malicious website may steal data cross-origin due to improper security checks within the web browser or rendering engine, leading to unauthorized disclosure of information...

6.5CVSS5.7AI score0.00383EPSS
Exploits0References5
OSV
OSV
added 2025/02/19 4:15 p.m.3 views

CVE-2024-45081

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 could allow an authenticated user to modify restricted content due to incorrect authorization checks...

6.5CVSS5.8AI score0.00252EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/01 12:0 a.m.3 views

PT-2024-6711

Name of the Vulnerable Software and Affected Versions: Google Chrome affected versions not specified Microsoft Edge affected versions not specified Description: The issue is related to incorrect security checks for standard elements in the V8 JavaScript engine handler. This could allow a remote...

9.6CVSS9AI score0.00592EPSS
Exploits1References54
BDU FSTEC
BDU FSTEC
added 2024/07/23 12:0 a.m.7 views

The vulnerability of the WorkBench64 module in the GENESIS64 SCADA system allows a intruder to disclose protected information.

The vulnerability of the WorkBench64 module in the GENESIS64 SCADA system is related to improper security checks for standard elements. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose protected information...

5.3CVSS5.5AI score
Exploits0Affected Software1
CNNVD
CNNVD
added 2024/07/10 12:0 a.m.4 views

Palo Alto Networks Cortex XDR Security Vulnerability

Palo Alto Networks Cortex XDR is an extended detection and response platform that natively integrates network, endpoint, cloud, and third-party data from U.S.-based Palo Alto Networks. A security vulnerability exists in Palo Alto Networks Cortex XDR that stems from improper file signature checkin...

6.8CVSS6.8AI score0.00128EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/03/25 12:0 a.m.3 views

PT-2024-2446 · Microsoft +1 · Azure-C-Shared-Utility +1

Name of the Vulnerable Software and Affected Versions: azure-c-shared-utility affected versions not specified Description: The azure-c-shared-utility library has a vulnerability related to the parameter checking mechanism, which can cause an integer wraparound, under-allocation, or heap buffer...

6.4CVSS7.8AI score0.04967EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2024/01/09 12:0 a.m.6 views

PT-2024-1557 · Lenovo · Lenovo Vantage

Name of the Vulnerable Software and Affected Versions: Lenovo Vantage affected versions not specified Description: The issue is related to errors in the certificate authentication procedure of the Lenovo Vantage Service utility for optimizing BIOS driver automatic update procedures. It allows a...

7.8CVSS7.8AI score0.00171EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/09/04 12:0 a.m.5 views

UNISOC Chipsets Buffer Error Vulnerability

UNISOC Chipsets is a chipset from China's Unisplendour UNISOC. A security vulnerability exists in UNISOC Chipsets due to a lack of boundary checking in the camera driver, which may result in out-of-bounds reads...

4.4CVSS6.8AI score0.00088EPSS
Exploits0References2
Rows per page
Query Builder